CSP will only be used by a few, big companies. All devs I talk to do not understand it and thus cannot use it securely.
-
-
Replying to @slekies
Today. But when it's simpler? What if there's more education? What if there are more tools? Framework integration? It's not static.
1 reply 0 retweets 0 likes -
Replying to @randomdross
CSP had +5 years for that. We do not need more complex security mechanisms, but fool-prove ones.
1 reply 0 retweets 2 likes -
Replying to @slekies @randomdross
Not every site uses postMessage, or video, but as part of the platform it lets interesting & valuable things be built.
2 replies 0 retweets 0 likes -
Replying to @hillbrad @randomdross
I am happy to be convinced of the benefits of CSP, but no one is able to show me any real XSSes where it helped.
5 replies 0 retweets 0 likes -
Replying to @slekies
: … perhaps we can start looking at CSP as a (complicated, low-level) compilation target.
@hillbrad@randomdross3 replies 2 retweets 2 likes -
Replying to @mikewest
Mike West Retweeted Mike West
https://mikewest.github.io/artur-yes/ is a strawman for the direction I’m starting to think in. Subsetting CSP is really appealing.https://twitter.com/mikewest/status/783755021645217792 …
Mike West added,
2 replies 1 retweet 4 likes -
Replying to @mikewest
please keep this name, it's a unique token!pic.twitter.com/sVY5QdZqgw
1 reply 0 retweets 1 like -
-
I mean, I'm, like, totally flattered, but...
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.