| ▲ | Retr0id 17 hours ago | |
The CSP headers didn't used to be there, which I used to pop an alert(), way back. (at the time there was also a MIME whitelist, but that whitelist included image/svg+xml, which allows script execution) | ||
| ▲ | Retr0id 17 hours ago | |
The CSP headers didn't used to be there, which I used to pop an alert(), way back. (at the time there was also a MIME whitelist, but that whitelist included image/svg+xml, which allows script execution) | ||