Has anyone detected xss where csp reports were what first made you notice the bug? Not me. One missed opportunity, but the tweet went viral
With reporting (and script-sample) you will see offending markup and can filter common pentesting payloads. Detection is iffy b/c noise
-
-
But sometimes it's helpful to see when a bug was first found.
-
I agree though that it's a totally incidental behavior and almost all the utility is in reporting during deployment.
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.