Tag

Cross-site Scripting

Content Security Policy

By Linos Giannopoulos | Terminology and Guidelines | No Comments

Content Security Policy (CSP) is a security layer that all modern browsers support with minor differences in regards to how it is being handled [1]. CSP was designed to application attacks such as Cross Site Scripting (XSS) [2] and clickjacking. Notably, such attacks have been popular for more than ten years. A developer can employ CSP to restrict (in a whitelist / blacklist manner) the sources from which the application can receive content. Such content involves several elements: frame-src: which specifies valid sources for nested browsing contexts using elements such as <frame> and <iframe>. img-src: Valid sources for images and favicons. script-src:…

Read More