I am more thinking about a holistic approach that does not involve complex policy enforcement...
-
-
: I’d guess we’d either enforce `object-src ‘none’` or add nonces to objects. *shrug* Strawman! :)
@slekies -
maybe
@mikewest hopes that by the time this is a deployed standard, browsers would have killed flash already - 1 more reply
New conversation -
-
-
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.