1 and 3.
-
-
Inert API: forward thinking at the expense of practical adoption. Sanitization: practical at the expense of forward thinking. Both!
1 reply 0 retweets 0 likes -
Yes. I’d be happy if we could build both. So, back to the question of free time.
1 reply 0 retweets 1 like -
Or prioritization.
1 reply 0 retweets 0 likes -
New things are great, but it's worth keeping in mind how XSS usually happens. Hint: it's not for lack of sanitizers: https://lists.w3.org/Archives/Public/public-webappsec/2016Feb/0035.html …
1 reply 0 retweets 0 likes -
The thread compared exactly the two features mentioned here (HTML sanitizers vs SafeNode). The platform needs to prioritize based on impact.
1 reply 0 retweets 1 like -
Replying to @arturjanc @LeaVerou and
It's not to say native sanitizers are a bad idea but the question is how they'd help avoid bugs given XSS happens in places w/o sanitization
1 reply 0 retweets 1 like
Just saying that, based on a lot of data, most XSS happens due to developer mistakes handling data that would never go through a sanitizer.
-
-
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.