Mozilla’s case for Content Security Policies | Cupfighter.net

Home > Security > Mozilla’s case for Content Security Policies

Mozilla’s case for Content Security Policies

July 2nd, 2009 Frank Breedijk Leave a comment Go to comments

In this post from 19-6 Mozilla make a clear case for supporting content security policies.

A content security policy, which is specified here, can impose common sense security restrictions on the (active) content of site.

A content security policy can completely kill Cross Site Scripting if it is set to:

Require that all javascript is loaded from an external file
This file resides at a specified location

Categories: Security Tags: Cross Site Scripting, Mozilla, Security, Web 2.0

Comments (0) Trackbacks (0) Leave a comment Trackback

No comments yet.

No trackbacks yet.

ESX Cluster Stretched over two DC’s… XenDesktop 3 and vSphere 4