Y
Hacker News
new
|
ask
|
show
|
jobs
by
dukky
4061 days ago
But https doesn't 'let you know for sure that the content is exactly what the owner of the site intended' as it doesn't protect you from xss
1 comments
abraham
4061 days ago
Than you fix the XSS vulnerabilities and implement CSP. Shitty security practices is not an excuse for more shitty security practices.
https://developer.mozilla.org/en-US/docs/Web/Security/CSP
link