ขนาดวิดีโอ: 1280 X 720853 X 480640 X 360
แสดงแผงควบคุมโปรแกรมเล่น
เล่นอัตโนมัติ
เล่นใหม่
This was fun, thanks. Great presentation skills
Amazing talk! Very useful
Great piece, very informative
the best presentation i ever seenThank you so much
Very informative!
Great talk!
>> XSS is considered by many people to be a joke.Ends up moving to top 3 in 2021 😳
how safe is the nonce attribute? couldn't the hacker just look what nonce is used on the site and add that to the script?
Yes, but the nonce in the CSP is re-generated by the server with every request. The nonce you copied will be instantly out of date. The browser will detect the difference between the new nonce in the CSP and your old nonce in the script tag.
This was fun, thanks. Great presentation skills
Amazing talk! Very useful
Great piece, very informative
the best presentation i ever seen
Thank you so much
Very informative!
Great talk!
>> XSS is considered by many people to be a joke.
Ends up moving to top 3 in 2021 😳
how safe is the nonce attribute? couldn't the hacker just look what nonce is used on the site and add that to the script?
Yes, but the nonce in the CSP is re-generated by the server with every request. The nonce you copied will be instantly out of date. The browser will detect the difference between the new nonce in the CSP and your old nonce in the script tag.