Y
Hacker News
new
|
ask
|
show
|
jobs
by
asjfkdlf
3725 days ago
That would be a good first step. It would have to be a subset of CSP. Don't allow inline scripts or eval.. Only on https is another step I see as very important.