XSS is usually really, really bad anyway. CSP plus trusted scripts...you should ... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		paulddraper on Sept 7, 2019 \| parent \| context \| favorite \| on: CSRF is really dead XSS is usually really, really bad anyway. CSP plus trusted scripts...you should be working hard to prevent XSS.

earthboundkid on Sept 7, 2019 [–]

Ideally, yes. In the current advertising market? No.

paulddraper on Sept 8, 2019 | [–]

I don't know much about advertising.

Can't they be easily handled with an iframe?

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact