|
|
|
|
|
|
by briandh
3794 days ago
|
|
|
> if you have a secure enough content security policy (and the browser in question supports it properly) it will be impossible for an attacker to execute their inserted Javascript I don't follow your reasoning. Why wouldn't an MITM attacker modifying an HTTP response body to insert rogue Javascript also be able to modify the response headers to strip or alter the Content Security Policy? |
|
|
I still am willing to bet that SSL is not impossible to MITM. Someone will manage to find a flaw in such a complex system.