|
|
|
|
|
|
by solardev
665 days ago
|
|
|
Maybe? You'd hope, but who knows. Still easy to just replace the image with plain text in the HTML, or a data URL (if allowed). Or put an iframe in there. Point is, if they control the HTML they can do pretty much anything. Edit: Just tried it with Chase, Merrill Lynch, Citibank, Bank of America, and Wells Fargo. Only Wells Fargo had a CSP in place to prevent this. But even Walls Fargo let you just inject a data URL image. |
|
|
They are not in any way interested inn tightening of fortgaurding their portal's rendering, until it ends up causing them to give more money i.e. bad for business.