Mastodon Feed
Reblogged by slightlyoff@toot.cafe ("Alex Russell"):
Seirdy@pleroma.envs.net wrote:
This is a refreshingly good look at why extensions with both full privileged access and dynamic script + style execution are a really bad idea, greatly weakening the CSP on every site:
How insecure is Avast Secure Browser?
Injecting arbitrary scripts and styles ought to require an extra permission and be selectively allowed on a per-site basis.