Mozilla’s case for Content Security Policies
July 2nd, 2009
No comments
In this post from 19-6 Mozilla make a clear case for supporting content security policies.
A content security policy, which is specified here, can impose common sense security restrictions on the (active) content of site.
A content security policy can completely kill Cross Site Scripting if it is set to:
- Require that all javascript is loaded from an external file
- This file resides at a specified location