top | item 40855731 (no title) elmigranto | 1 year ago > if someone manages to inject arbitrary HTMLIf they can, why wouldn’t it be inline <script>? discuss order hn newest amluto|1 year ago Because CSP can be configured to block inline scripts. jsheard|1 year ago The syntax to allow inline scripts is even "unsafe-inline" to emphasize that you are entering the danger zone.
amluto|1 year ago Because CSP can be configured to block inline scripts. jsheard|1 year ago The syntax to allow inline scripts is even "unsafe-inline" to emphasize that you are entering the danger zone.
jsheard|1 year ago The syntax to allow inline scripts is even "unsafe-inline" to emphasize that you are entering the danger zone.
amluto|1 year ago
jsheard|1 year ago