If I got a Bitcoin every time some websec folk started a Twitterstorm bashing CSP without proposing a viable alternative, I would be rich.
(I mostly meant this as "IMO this is how the API should look to make it easy to understand+use")
-
-
alternative: e.setInnerHTML("<b>$1</b>", hi) where the string is compile-time constant or a safe type
-
IMO, from experience with printf() in C, format strings are ugly, especially with multiple elements
- 5 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.