@prologic@twtxt.net have you seeing this? https://www.sjoerdlangkemper.nl/2024/06/26/htmx-content-security-policy/
@bender@twtxt.net No but reading a bit of that post:
Because dynamic behavior is added to the page using normal HTML tags with custom attributes, it is difficult to provide additional security against cross-site scripting (XSS) attacks.
Is complete bullshit. It’s like one line of code (if you can call HTML “code”)