An entertaining article about the dangers of untrusted JS dependencies. But it gets one crucial thing wrong: CSP is absolutely not capable of preventing data exfiltration once the attacker's script runs in the context of your app https://lists.w3.org/Archives/Public/public-webappsec/2016Sep/0012.html … http://www.cse.chalmers.se/~andrei/asiaccs16.pdf …https://twitter.com/D__Gilbertson/status/949563399272361984 …
-
Show this thread
-
Replying to @arturjanc
Awesome, thanks for the feedback and links. I've updated the post to reflect that we're all screwed no matter what we do :)
1 reply 0 retweets 5 likes
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.