↳ In-reply-to » @prologic have you seeing this? https://www.sjoerdlangkemper.nl/2024/06/26/htmx-content-security-policy/

@bender@twtxt.net No but reading a bit of that post:

Because dynamic behavior is added to the page using normal HTML tags with custom attributes, it is difficult to provide additional security against cross-site scripting (XSS) attacks.

Is complete bullshit. It’s like one line of code (if you can call HTML “code”)