unsafe-dynamic would make sense pre-Angular. Now it's just CSPs dying breath.
-
-
Also, problems with any given mechanism don't negate the value of mitigations.
-
<3 that. Mitigations get a free pass, regardless of design quality & efficacy.
-
Tweet unavailable
-
I think CSP is very effective at stopping blind XSS at least
-
and that's after like 5 yrs of its development. ROI sucks I'd say
-
UAs already built it so it's sunk costs. Why not get the value now?
- 4 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.