|
|
|
|
|
|
by stouset
720 days ago
|
|
|
CSP is a backstop that—when configured properly and used alongside restraint in how you script—can minimize some of the worst consequences of injection. It doesn’t wash your hands clean of the responsibility to restrict what kinds of content users can inject into served pages. |
|
|