FWIW I also think we fix DOM APIs & quirk first, instead of bloating the CSP. It had its chance.
Ranting against a defense-in-depth mechanism because it doesn't solve *all* problems... Really? ;-)
-
-
Cost/benefit ratio is currently negative and no one is able to argue against this.
-
show me that this is wrong and I am happy to reconsider.
-
Easy, completed adoption in products where all other anti-XSS measures failed + ~70% mitigation rate
- 1 more reply
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.