Y
Hacker News
new
|
ask
|
show
|
jobs
by
the_mitsuhiko
1413 days ago
External sources yes, preventing an app to inject inline HTML and JavaScript is tricky.
1 comments
ezekg
1413 days ago
You can block all inline scripts via CSP.
link
the_mitsuhiko
1413 days ago
That’s why I said tricky and not impossible.
link