Remix clone Hacker News

new | show | ask | jobs Github

	▲	skrebbel 18 hours ago
		at this point I feel like it'd be useful for web server default configurations to include something like `if extension == .svg set-header Content-Security-Policy: script-src 'none' end` wouldn't that stop a browser from running scripts, even if the svg file is opened directly? having this be widespread would solve it wholesale.
	▲	vpShane 7 hours ago \| parent [-]
		Not a bad idea!