Embed Notice

HTML Code

<blockquote style="position: relative; padding-left: 55px;"><section><a href="https://convenient.email/objects/2c704a81-1767-17a3-e7b9-122801251034">silverwizard (silverwizard@convenient.email)'s status on Tuesday, 22-Oct-2024 22:09:37 JST</a><a href="https://convenient.email/profile/silverwizard" title="silverwizard@convenient.email"><img src="https://gnusocial.jp/theme/gnusocialjp/default-avatar-stream.png" width="48" height="48" alt="silverwizard" style="position: absolute; left: 0; top: 0;">silverwizard</a><div><a href="https://friendica.mrpetovan.com/display/735a2029-4267-1792-1354-63c146697280" rel="in-reply-to">in reply to</a><ul><li><li><a href="https://gnusocial.jp/user/7006" title="icewolf@masto.brightfur.net">Frost, Wolffucker 🐺:therian:</a></li></ul></div></section><article><p><a href="https://friendica.mrpetovan.com/profile/hypolite">@hypolite</a> <a href="https://masto.brightfur.net/users/IceWolf">@IceWolf</a> CORS allows you to limit cross domain resources. But I can mine bitcoin on your CPU without any cross domain anything. Hell, in theory,I might be able to send spam that way! I can definitely steal your credit card number.</p><p>But if I could just add a X-No-Dynamism header that would say "this HTTP session does not send JS or WASM", I could keep everything on my site safe.</p><p>I could let users write pretty unfiltered HTML, and most of the tricks would be contained in a frame.</p></article><footer><a rel="bookmark" href="https://gnusocial.jp/conversation/3860992#notice-7555275">In conversation</a><time datetime="2024-10-22T22:09:37+09:00" title="Tuesday, 22-Oct-2024 22:09:37 JST">about a month ago</time> <span>from <span><a href="https://convenient.email/display/2c704a81-1767-17a3-e7b9-122801251034" rel="external" title="Sent from convenient.email via ActivityPub">convenient.email</a></span></span><a href="https://convenient.email/display/2c704a81-1767-17a3-e7b9-122801251034">permalink</a></footer></blockquote>

Corresponding Notice

Embed this notice
silverwizard (silverwizard@convenient.email)'s status on Tuesday, 22-Oct-2024 22:09:37 JSTsilverwizard
in reply to
- hypolite
- Frost, Wolffucker 🐺:therian:
@hypolite @IceWolf CORS allows you to limit cross domain resources. But I can mine bitcoin on your CPU without any cross domain anything. Hell, in theory,I might be able to send spam that way! I can definitely steal your credit card number.
But if I could just add a X-No-Dynamism header that would say "this HTTP session does not send JS or WASM", I could keep everything on my site safe.
I could let users write pretty unfiltered HTML, and most of the tricks would be contained in a frame.
In conversationabout a month ago from convenient.emailpermalink

Public

Embed Notice

HTML Code

Corresponding Notice