With PR #307 about to get merged, there are still some open points.
We can now detect tainted inline scripts if the server sends the correct header. Currently, this is disabled, as it leads to lots of failing tests. This should be fairly simple to test, as the failures should be related to simply adding additional sink event tracking to tests that expect sink events to get triggered in a specific order.
With PR #307 about to get merged, there are still some open points.
We can now detect tainted inline scripts if the server sends the correct header. Currently, this is disabled, as it leads to lots of failing tests. This should be fairly simple to test, as the failures should be related to simply adding additional sink event tracking to tests that expect sink events to get triggered in a specific order.