• #dev 2025-01-05
  • Prev
    Next
  • #indieweb
  • #dev
  • #wordpress
  • #meta
  • #stream
  • #microformats
  • #known
  • #events
#dev ≡
  • ←
  • →
2025-01-05 UTC
# 09:22
carrvo[d] In your case, I believe, the CSP is the browser catching malicious scripts that your webmention handler allowed to be injected into your site. But if you don't allow your webmention handler to inject foreign HTML, then you would be more secure. That is, when your webmention handler is retrieving content from the foreign site, extract non-HTML text that you embed into your own HTML, to then inject. Including striping away foreign scripts (aka,