It sanitizes more. @0x6D6172696F might be able to point to specific docs; I also couldn't find something clear to point you to.
New things are great, but it's worth keeping in mind how XSS usually happens. Hint: it's not for lack of sanitizers: https://lists.w3.org/Archives/Public/public-webappsec/2016Feb/0035.html …
-
-
The thread compared exactly the two features mentioned here (HTML sanitizers vs SafeNode). The platform needs to prioritize based on impact.
-
It's not to say native sanitizers are a bad idea but the question is how they'd help avoid bugs given XSS happens in places w/o sanitization
-
Tweet unavailable
-
Just saying that, based on a lot of data, most XSS happens due to developer mistakes handling data that would never go through a sanitizer.
-
Tweet unavailable
-
Prioritization.
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.