If I got a Bitcoin every time some websec folk started a Twitterstorm bashing CSP without proposing a viable alternative, I would be rich.
I was thinking of manually - but I think for a developer, the conversion would be pretty easy
-
-
if you can do it automatically, you can probably already scan for potential innerHTML XSS anyway?
-
although I guess there's a difference in value between finding potential XSS and blocking it
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.