Our (@mikispag @slekies @arturjanc) #CSP research paper (ACM CSS) is public now. It's time to drop whitelists!https://research.google.com/pubs/pub45542.html …
Which is what CSP3 is doing with #strictdynamic and which is a better solution than fixing whitelists.
-
-
Similarly with Angular, the change has to be at the CSP level; other solutions break too many things :(
-
Thanks for the responses. Great paper by the way! Looking forward to the tool release.
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.