Question/discussion about CWE-830: Inclusion of Web Functionality from an Untrusted Source
Can we define what untrusted means here, e.g. untrusted by the people serving the web page, or untrusted by the people using the web page, or both? The reason I ask is e.g. https://news.ycombinator.com/item?id=15442636 they could say "we trust this party, they are secure, to bad" while a user might rightly choose not to trust it (and use a browser extension to block it).