Y
Hacker News
new
|
ask
|
show
|
jobs
by
j13n
439 days ago
You can disable all use of eval with htmx. The tradeoff is one has to write a bit more JavaScript.
https://news.ycombinator.com/item?id=43650921
1 comments
sudodevnull
439 days ago
I have thoughts about a fully compliant CSP middleware, problem is it's per language so I'd probably only make for Go (maybe PHP & TS)
link
geoka9
439 days ago
Hashes or nonces?
link
sudodevnull
439 days ago
Hashed script content
link
geoka9
439 days ago
Thank you for doing this. Is it possible to follow the work somewhere?
link
sudodevnull
438 days ago
Not right now. CSP in a Datastar context is mostly a red herring. If an enterprise wants it to check a box then please reach out.
link
geoka9
437 days ago
I don't represent an enterprise; just a dev. It would make it easier to sell the idea of Datastar to clients if it was compatible with strict CSP.
link