@bz_moz regarding CSP disabling `javascript:` links…do bookmarklets *have* to be disabled? no way to distinguish and trust only them?
@DavidBruant @getify In theory, sure. In practice, Gecko doesn't know that at the point where CSP is enforced.
-
-
@bz_moz@davidbruant FF was "going to try to get them working again" back in 2009. never happened, i surmise. https://blog.mozilla.org/security/2009/06/19/shutting-down-xss-with-content-security-policy/#comment-105895 … -
- 1 more reply
New conversation -
-
-
@bz_moz@getify Pretty popular bug indeed :-p https://bugzilla.mozilla.org/show_bug.cgi?id=866522 …Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.