bajax on Nostr: 7666 lain does CSP apply to external resources too? These directives look like ...
7666 (npub1ur3…e6hx) lain (npub1wah…xc8t) does CSP apply to external resources too? These directives look like they're tuned to declare the rules for the page itself. In theory, you could still execute a script loaded into your /media directory. (though this would prevent one of the mechanisms I've heard that they may have used to load their payload, loading the script into an SVG file opened in a separate tab)
Published at
2023-05-26 18:03:42Event JSON
{
"id": "eac5389cffd04aa091adb23e7de2e477312ca45b41ffacea58caf4c34d54e57e",
"pubkey": "d0dd0f56429d544919cf90b7a0aca600da99757ae2334ead0a7c68e3c5f33b29",
"created_at": 1685124222,
"kind": 1,
"tags": [
[
"p",
"e0e3ec53c97e94954d03752ba854d796fce01f151a7648bba304627c11602eea",
"wss://relay.mostr.pub"
],
[
"p",
"776ed1a547e2693a2c964e4824d6306a11aa364cd9c798f3e1ccd638af3d3725",
"wss://relay.mostr.pub"
],
[
"e",
"c572273792484f1f2ed79d50c40cc70520c8cb1d157cb29324ba2edc2aa0c38a",
"wss://relay.mostr.pub",
"reply"
],
[
"mostr",
"https://bajax.us/objects/7f926600-d3b6-43c1-9837-de148695c390"
]
],
"content": "nostr:npub1ur37c57f062f2ngrw546s4xhjm7wq8c4rfmy3warq338cytq9m4qqae6hx nostr:npub1wahdrf28uf5n5tykfeyzf43sdgg65djvm8re3ulpentr3teaxujs09xc8t does CSP apply to external resources too? These directives look like they're tuned to declare the rules for the page itself. In theory, you could still execute a script loaded into your /media directory. (though this would prevent one of the mechanisms I've heard that they may have used to load their payload, loading the script into an SVG file opened in a separate tab)",
"sig": "b047ccdd05fc1b3ee317142ff6e2c5f0ab139eb4e3c7d12dca5fd0f3e34ecacdaa4e8deb3448c1ccc13a1363b798bacbe387c52114a0a9c4d4ad4370748832a4"
}