Just curious: do you have the same view of ASLR and low-level mitigations?
For whitelist-based CSP, the problem (XSS) is big, usefulness ~low, pain ~big
-
-
But w/ nonces + 's-d' CSP gets more useful: harder to bypass, easier to adopt.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.