|
|
|
|
|
|
by larsmak
4528 days ago
|
|
|
Well, it makes perfect sense. You are protecting the client it self - by dictating which sources can be used for fetching information and code. XSS is about malicious code injected on your site, in their browser - it's not the client who's misbehaving. |
|
|