If I got a Bitcoin every time some websec folk started a Twitterstorm bashing CSP without proposing a viable alternative, I would be rich.
if you can do it automatically, you can probably already scan for potential innerHTML XSS anyway?
-
-
although I guess there's a difference in value between finding potential XSS and blocking it
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
it is possible in theory: http://goo.gl/yau9ca , but not really practical at scale.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.