5031529
submission
+- Firefox Standard Will Combat Cross-Site-Scripting-> on Monday June 29, @03:27PM Al
background: url(//a.fsdn.com/sd/topics/topicmozilla.gif); width:80px; height:64px;
mozilla
Al writes "The Mozilla foundation is to adopt a new standard to help web site's prevent cross site scripting (XSS) attacks. The standard, called Content Security Policy (CSP), will let a website specify what Internet domains are allowed to host the scripts that run on its pages. This breaks with Web browsers' tradition of treating all scripts the same way by requiring that websites put their scripts in separate files and explicitly state which domains are allowed to run the scripts. The Mozilla Foundation selected the implementation because it allows sites to choose whether to adopt the restrictions. "The severity of the XSS problem in the wild and the cost of implementing CSP as a mitigation are open to interpretation by individual sites," Brandon Sterne, security program manager for Mozilla, wrote on Mozilla Security Blog. "If the cost versus benefit doesn't make sense for some site, they're free to keep doing business as usual."
Link to Original Source
Link to Original Source
Learn to pause -- or nothing worthwhile can catch up to you.
All trademarks and copyrights on this page are owned by their respective owners. Comments are owned by the Poster. The Rest © 1997-2009 Geeknet, Inc.
Firefox Standard Will Combat Cross-Site-Scripting 0 Comments More Login /
Get More Comments