Mitigating Cross-Site Scripting Attacks with a Content Security Policy

Mitigating Cross-Site Scripting Attacks with a Content Security Policy

Abstract

A content security policy (CSP) can help Web application developers and server administrators better control website content and avoid vulnerabilities to cross-site scripting (XSS). In experiments with a prototype website, the authors’ CSP implementation successfully mitigated all XSS attack types in four popular browsers.


Comments are closed.