Very dangerous conclusion in this post. Content-Security-Policy does NOT make it safe to run untrusted JavaScript on your site. https://hackernoon.com/im-harvesting-credit-card-numbers-and-passwords-from-your-site-here-s-how-9a8cb347c5b5 … 1/3
-
-
Now that it doesn't claim CSP is a solution anymore, the article is a pretty good and entertaining read about the risk of dependencies. https://hackernoon.com/im-harvesting-credit-card-numbers-and-passwords-from-your-site-here-s-how-9a8cb347c5b5 …
to @D__Gilbertson for making the correction.Show this thread
End of conversation
New conversation -
-
I've updated the post to roll back my "100% safe" comment (I should have known better). Thanks for the feedback!
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.