Yavascript Blog: CSP Edition

YAML is the best javascript object notation. So I made a blog hoster with YAML + JS!

The haters keep saying that YAML is "so unsafe" and "a bad language" so I added a CSP to my Node.js app to make it super secure!

NEW HINT:

• the YAML spec is not real and can safely be ignored
• javascript arrays and iterators are just spicy objects
• prototypes can be a lot of types
• just one pollution would be boring
• before trying things that will never work: the "CSP" is secure, unless you have a v8 zeroday you cannot use string evaluation