Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
As discussed in w3c/webappsec-csp#98, this patch attempts to mitigate dangling markup injection attacks' ability to repurpose existing nonces via clever injections. It's not clear that we can ship this mitigation, as it's fairly expensive. Accordingly, it's marked as 'at risk' in the document, pending further investigation.
- Loading branch information