You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When Layered API increases, there maybe a case where Layered API could be used as a script gadget. And I think browser should provide a way for site owner block loading of std: scripts (e.g. std:virtual-scroller).
When Layered API increases, there maybe a case where Layered API could be used as a script gadget. And I think browser should provide a way for site owner block loading of std: scripts (e.g.
std:virtual-scroller).Just to be clear, I'm talking about an attack like following, where JS file is hosted within the browser and there's no way for website to block attacker from abusing that script.
https://mksben.l0.cm/2018/05/cve-2018-5175-firefox-csp-strict-dynamic-bypass.html
The text was updated successfully, but these errors were encountered: