Even worse, it will completely break on any site that serves a decent Content-Security-Policy and will cause its developers pain.
-
-
-
As long as extension APIs empower extensions to do it, it's that API that is bad. And if APIs have feelings, it should feel bad.
-
If APIs have feelings, they must be always happy. (I swear it's funny if you read it with a French accent.)
- 2 more replies
New conversation -
-
-
@sshekyan but wouldn't that be a bug in UAs? The priority is clear, exts should trump page's CSP, inline handlers or not -
Yes, a UA could allow it by tracking each script/event handler which was added by an extension. But no UA does this ;)
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.