An interesting perspective on WAF bypass and XSS protection. While WAFs may have limitations as a security boundary, Content Security Policy (CSP) is highlighted as a more viable solution. CSP serves as a real security boundary for XSS vulnerabilities, unlike WAFs which are compared to bandaid solutions. The tweet emphasizes the importance of implementing CSP for effective XSS protection.
Original tweet: