Writing an IP stack for my 6502 based breadboard computer (based on Ben Eater’s 6502 computer ), and a simple SLIP server so I can get it on the internet.
This will hopefully be made easier by the pre-emptive multitasking and self EEPROM updating I implemented last week.
Content Security Policies are flexible enough to do this. They can be specified either through a HTTP header or as a meta tag in the page.
Yes, a sufficiently malicious embed can retrieve the source HTML as a string via network call, strip out any anti-embed headers or tags, and then pass that source HTML on to be rendered.
Thanks, I’ll look into that!
Until they don’t just inject, but also filter your meta tag, I suppose.