1. Give Mike free time. 2. Ponder whether sanitization is really the solution, or if inert injection would be better. 3. Build both.
-
-
1 and 3.
2 replies 0 retweets 0 likes -
Inert API: forward thinking at the expense of practical adoption. Sanitization: practical at the expense of forward thinking. Both!
1 reply 0 retweets 0 likes -
Yes. I’d be happy if we could build both. So, back to the question of free time.
1 reply 0 retweets 1 like -
Or prioritization.
1 reply 0 retweets 0 likes -
New things are great, but it's worth keeping in mind how XSS usually happens. Hint: it's not for lack of sanitizers: https://lists.w3.org/Archives/Public/public-webappsec/2016Feb/0035.html …
1 reply 0 retweets 0 likes -
Sanitizers are important. But apps have decent solutions for sanitization already so a native one isn't a clear improvement over status quo.
1 reply 0 retweets 1 like
Especially given the extremely long process of getting adoption by browser vendors & a need for polyfills in the meantime.
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.