2025-01-05 UTC
# 
vikanezrimaya Thought: CSP prevents injecting arbitrary things into the website (e.g. a rogue Webmention injecting an inline script or style into the page), but at the same time prevents the post author from injecting arbitrary things into e-content (like a custom style for a one-off post), unless special care is taken to inject nonces into script/style tags inside e-content, or, alternatively, hash their contents and send the hashes as part of th