Also, problems with any given mechanism don't negate the value of mitigations.
-
-
Replying to @arturjanc @sirdarckcat and
<3 that. Mitigations get a free pass, regardless of design quality & efficacy.
1 reply 0 retweets 0 likes -
I think CSP is very effective at stopping blind XSS at least
1 reply 0 retweets 2 likes -
Replying to @albinowax @arturjanc and
and that's after like 5 yrs of its development. ROI sucks I'd say
1 reply 0 retweets 0 likes -
Replying to @kkotowicz @albinowax and
UAs already built it so it's sunk costs. Why not get the value now?
2 replies 0 retweets 0 likes -
Replying to @arturjanc @albinowax and
edge just started thinking about CSP. FWs don't support it yet
1 reply 0 retweets 0 likes -
Replying to @kkotowicz @arturjanc and
because unsafe-dynamic seems like a better investment than CSP1&2
1 reply 0 retweets 0 likes
Replying to @sirdarckcat @kkotowicz and
Yes, effort to add 's-d' is tiny once UA has nonces; benefits huge
1:54 AM - 7 Sep 2016
1 reply
0 retweets
1 like
-
-
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.