Ditch SCRIPT_ELEMENT_NOT_ALLOWED ?
flukeout opened this issue · comments
Luke Pacholski commented
This is outdated, correct?
Pomax commented
It should be - this is from before we had a separate preview domain, which allowed someone to craft some sneaking JS that would read in document.cookies =)