orb
orb copied to clipboard
Could be stricter on safelisted CSS and JS MIME types
In particular, we could require an ok status as well and network error otherwise as the attacker process will do the same. It's not clear how often this would prevent a legitimate security issue, but it seems worth considering.