If I got a Bitcoin every time some websec folk started a Twitterstorm bashing CSP without proposing a viable alternative, I would be rich.
browser can do context-aware escaping, and converting existing innerHTML users to this seems doable
-
-
you mean manually or automatically converting?
-
I was thinking of manually - but I think for a developer, the conversion would be pretty easy
- 2 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.