I hope calling every strict-dynamic/nonce bypass a 'CSP Bypass' doesn't make people under-estimate the effectiveness of 'default-src: self'
-
-
Replying to @albinowax
"CSP bypass" covers everything from great, legitimate bugs to "I thought you shouldn't be able to do that if the app has CSP"
1 reply 0 retweets 2 likes
Replying to @arturjanc @albinowax
I wish we had more precise way to express this because it both helps spread FUD and desensitizes people to actually severe issues
2:48 PM - 28 Jan 2017
0 replies
0 retweets
2 likes
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.