I think it's too late for unsafe-dynamic. Frameworks already workaround that.
-
-
Replying to @kkotowicz @sirdarckcat and
It gives little in ng- and Polymer apps (eg https://github.com/Polymer/core-shared-lib/blob/master/core-shared-lib.html … bypass)
1 reply 0 retweets 1 like -
Replying to @kkotowicz @sirdarckcat and
unsafe-dynamic would make sense pre-Angular. Now it's just CSPs dying breath.
4 replies 0 retweets 0 likes -
Replying to @kkotowicz @homakov and
the issue with CSP wasn't that it couldn't fix stuff,it was that it wasn't usable
1 reply 0 retweets 0 likes -
Replying to @sirdarckcat @homakov and
Why making usable something that almost never actually delivers security?
2 replies 0 retweets 0 likes -
Replying to @kkotowicz @homakov and
if a developer spends 30 mins to mitigate 10% of bugs for 40% of his users,
#win1 reply 0 retweets 1 like -
Replying to @sirdarckcat @homakov and
the problem is, he gets an A on Mozilla Observatory and never fixes the XSS.
2 replies 0 retweets 0 likes -
-
Replying to @sirdarckcat @homakov and
it shifts the industry to promoting a bad solution, and away from fixing bugs.
2 replies 0 retweets 1 like -
Replying to @kkotowicz @sirdarckcat and
In other words, it will be like Angular sandbox and used without understanding.
2 replies 0 retweets 1 like
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.