« First « Previous Comments 82 - 85 of 85 Search these comments
<script>code</script>or
<a onclick="...code..."></a>you can easily and robustly thwart most xss vectors and sinks. CSP can potentially be very powerful against xss if you dont mind writing your code in certain ways, such as putting all js in .js files. CSP can support allowing you to use inline script tags safely if you tag each with a random-per-page-load nonce, or tagged with a checksum of the code contents.
It's true, you can make a very strong password with just lowercase. But that's not the point - the policy is used because SOME users will create weak passwords if the system lets them type it in
CSP can potentially be very powerful against xss if you dont mind writing your code in certain ways, such as putting all js in .js files.
« First « Previous Comments 82 - 85 of 85 Search these comments
And if anyone's interested I use Keepass, none of that cloud shit.