Mitigaling Cross-Site Scripting Attacks With A Content Security Policy
Mitigating Cross-Site Scripting Attacks with a Content Security Policy
Abstract
A content security policy (CSP) can help Web application developers and server administrators better control website content and avoid vulnerabilities to cross-site scripting (XSS). In experiments with a prototype website, the authors’ CSP implementation successfully mitigated all XSS attack types in four popular browsers.
Comments are closed.