A cross-origin script load is nothing like XSS; but explaining this on Twitter is a fool's errand so I won't try
-
-
Are you trying to get me to explain XSS to a leading researcher of XSS? ;-) I'm too old to be trolled like that!
1 reply 0 retweets 1 like -
"XSS enables attackers to inject client-side scripts into web pages viewed by other users." Meh, boring topic.
1 reply 1 retweet 1 like -
In this definition the web is built on "XSS" and the term becomes useless. Let's stick to industry definition :)
2 replies 0 retweets 2 likes -
Replying to @arturjanc @johnwilander
I think that the problem is that the industry definition is wrong, no? No real fix for that.
2 replies 0 retweets 0 likes -
Replying to @TheDaveCA @johnwilander
Industry definition of XSS is status quo for a decade and never meant "app loads script from a CDN".
3 replies 0 retweets 0 likes
The two have very different threat models; conflating them is confusing & actively bad for security.
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.