As of Firefox 23, currently in the Aurora channel, Mozilla's browser supports the Content Security Policy 1.0 spec. CSP is designed to enable websites to whitelist a series of domains that can serve JavaScript code to prevent XSS attacks. The idea is simple. By specifying precisely where the code can come from, arbitrary or injected JavaScript code can't be run. The need for a CSP comes from the fact that very few sites these days only run code hosted under their dom...
Reported by Softpedia 4 days ago.
↧