-
@Scott_Helme @kermiite @securityheaders Can we imagine such CSS hack to trigger DNS request without real content (to avoid matching other CSP rule) or any DNS request before CSP interpolation? Blocking the content with CSP is good, but if a single network packet is sent before that block, it's seems doomed to me.On twitter.com
❤️ 1 Favorite
Mood -2 🙁