Nice in theory, impossible in practice.https://twitter.com/slekies/status/781039840683036672 …
you mean like "server delivers binary DOM" and "user-written HTML is marked by the server, sanitized by the client"?
-
-
that's too complicated. A mode that removes innerHTML and friends and offers a templating system/api.
-
without complex policies. Just "Secure-Mode: yes".
- 7 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.