@rauschma I was just reading your article on `import()` and it got me thinking… Have you heard anything about dynamically creating ES modules?
What do you mean? This is an `eval`/`Function` bypass, but it requires explicit opt-in, i.e. `blob:` must be allowed in the policy. +@mikewest
-
-
Meant that blob: feels ok security wise to me compared to adding unsafe-inline/eval when you can’t get rid of those dynamic scripts in legacy code!
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.
JavaScript, HTML, CSS, HTTP, performance, security, Bash, Unicode, i18n, macOS.