develwoutacause’s avatardevelwoutacause’s Twitter Archive—№ 864

    1. #Idea: A Response.prototype.safeScript() type that returns a TrustedScript if the fetch passes CSP. You could then safely eval() the script later. Could do the same with safeHtml() that returns TrustedHtml as well...
      Permalink On twitter.com Twitter logo develwoutacause’s avatar Mood +1 🙂
  1. …in reply to @develwoutacause
    We would probably want to require that the page fetch() a TrustedScriptURL instead of an untrusted string, but hopefully this gets the point across at least.
    On twitter.com Twitter logo develwoutacause’s avatar Mood +3 🙂