Y
Hacker News
new
|
ask
|
show
|
jobs
by
sublinear
311 days ago
Under a properly configured CSP, allowing scripts that aren't from the same origin to inject things into the DOM is the problem.
Both of your examples are problematic.