External sources yes, preventing an app to inject inline HTML and JavaScript is ... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

the_mitsuhiko on Aug 10, 2022 | parent | context | favorite | on: Instagram can track anything you do on any website...

External sources yes, preventing an app to inject inline HTML and JavaScript is tricky.

ezekg on Aug 10, 2022 [–]

You can block all inline scripts via CSP.

the_mitsuhiko on Aug 10, 2022 | [–]

That’s why I said tricky and not impossible.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact