And if they do they will be wrong, and detrimental to user security. Luckily it's a fixable problem.
It's just an example of how the approach of "let's make it work despite security restrictions" is harmful.
-
-
Which brings us back to the point that bypassing security for "convenience" is an anti-pattern and must die.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
The Angular team's intentions were to help developers adopt CSP. It wasn't to bypass CSP, but to work with it.
-
Hell is paved with good intentions ;-)
-
Just to be clear, they *were not* thinking of this as bypassing security features, but as helping them use CSP
-
Of course, per Hanlon's razor. But in hindsight, this wasn't a good idea; at least we know better now.
-
OK, the point was that developers will (inadvertently) bypass security features to make their code work.
-
At least that's how I interpreted
@slekies comment. And I still think it's a valid point.
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.