Biblio
Filters: Author is Janc, A. [Clear All Filters]
Adopting Strict Content Security Policy for XSS Protection. 2016 IEEE Cybersecurity Development (SecDev). :149–149.
.
2016. Content Security Policy is a mechanism designed to prevent the exploitation of XSS – the most common high-risk web application flaw. CSP restricts which scripts can be executed by allowing developers to define valid script sources; an attacker with a content-injection flaw should not be able to force the browser to execute arbitrary malicious scripts. Currently, CSP is commonly used in conjunction with domain-based script whitelist, where the existence of a single unsafe endpoint in the script whitelist effectively removes the value of the policy as a protection against XSS ( some examples ).