Blink: Intent to Implement and Ship: 'unsafe-hashed-attributes' in CSP3https://groups.google.com/a/chromium.org/d/msg/blink-dev/bUAhkdsrmqE/nimnFDG3BAAJ …
-
-
I think once you achieve DOM injection you can do the same thing in an attribute anyway. E.g. <img src='bad' onfail='transferAllMyMoney()'>
-
That is true, but the names of the feature I specifically says it's about "attributes," which is misleading.
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.