Very dangerous conclusion in this post. Content-Security-Policy does NOT make it safe to run untrusted JavaScript on your site. https://hackernoon.com/im-harvesting-credit-card-numbers-and-passwords-from-your-site-here-s-how-9a8cb347c5b5 … 1/3
-
-
CSP is already over-hyped as XSS protection (it's a mitigation; real solution is injection-proof templates). It's irresponsible to say it also lets you run untrusted JavaScript safely. You can't. You HAVE to scrutinize your dependencies. 3/3
Show this thread -
Now that it doesn't claim CSP is a solution anymore, the article is a pretty good and entertaining read about the risk of dependencies. https://hackernoon.com/im-harvesting-credit-card-numbers-and-passwords-from-your-site-here-s-how-9a8cb347c5b5 …
to @D__Gilbertson for making the correction.Show this thread
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.