DEV Community 👩‍💻👨‍💻

Discussion on: Stay alert

joshcheek profile image
Josh Cheek

Seems like they should be able to add a Content Security Policy setting to allow sites to opt in or out of it. I haven't thought it all the way through, but I feel like CSP addresses this sort of thing already, like what are valid JS sources, can JS call eval, can it run inline JS, where can it load iframe sources from, etc. Feels like this would alert fit right in.

leob profile image

Yes, or why not make it an option in Chrome or whatever browser so that the user can enable or disable it.

Default would be "off" for max security, the user then sees a little warning icon when visiting a site that uses bespoke disabled feature - the user can then choose to enable it (once, or permanently) for that site, or all sites, so that the site's feature becomes usable when that's of vital important to the user.

Long story short - make it an option that the user can control!