※ Hiding JSON-formatted data in the DOM with CSP enabled: http://mathiasbynens.be/notes/json-dom-csp …
@avlidienbrunn That’s why I have that disclaimer link at the bottom. This doesn’t absolve you from having to escape user-supplied content :)
-
-
@mathias Ah, but perhaps you could randomize the id of the div, like a csrf token! -
@avlidienbrunn …or just escape user input correctly - 1 more reply
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.
JavaScript, HTML, CSS, HTTP, performance, security, Bash, Unicode, i18n, macOS.