grumbulon (npub1m7p…0szf) (◠‿・)—☆ (npub1q3k…q3wu) (npub1pnp…52zw) God's Silliest Soldier (npub10pg…xu2f) wafu :Libbie_dance:❤️:wafumelon_rotate: (npub1yua…c3d4) It looks like it might be a good idea to implement CSPs. We can apparently whitelist all the scripts we want to allow the browser to run on the page. It would be something like:
Content-Security-Policy: script-src : https://domain/static/*.js
This would prevent any scripts from anywhere except /static directory from running regardless of any magic fuckery.