Or prioritization.
-
-
New things are great, but it's worth keeping in mind how XSS usually happens. Hint: it's not for lack of sanitizers: https://lists.w3.org/Archives/Public/public-webappsec/2016Feb/0035.html …
1 reply 0 retweets 0 likes -
The thread compared exactly the two features mentioned here (HTML sanitizers vs SafeNode). The platform needs to prioritize based on impact.
1 reply 0 retweets 1 like -
Replying to @arturjanc @LeaVerou and
It's not to say native sanitizers are a bad idea but the question is how they'd help avoid bugs given XSS happens in places w/o sanitization
1 reply 0 retweets 1 like -
Just saying that, based on a lot of data, most XSS happens due to developer mistakes handling data that would never go through a sanitizer.
1 reply 0 retweets 2 likes
Yes, but can you explain it with a car analogy?
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.