https://github.com/mikewest/csp-next … is a thought experiment: what if we broke CSP in half, removed some esoteric options, and built policy primitives that specifically targeted XSS on the one hand, and resource confinement on the other?
This has been in the back of several people's heads for years. I don't think the direction would be a surprise to anyone who's been paying attention to various conversations in WebAppSec. :)
-
-
Well played. You know I was only referring to
@ARTURjanc ;) -
Indeed. :) At the time, I was trying to fit the confinement proposal into some
@hillbrad-related backronym. "Blocking Resource Architecture Definition" is both terrible, and the best I came up with at the time... - Još 2 druga odgovora
Novi razgovor -
Čini se da učitavanje traje već neko vrijeme.
Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.