CSP: Thwarting cross-site scripting and click-jacking attacks

Discussion in 'other security issues & news' started by tlu, Mar 30, 2011.

Thread Status:
Not open for further replies.
  1. tlu

    tlu Guest

  2. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,738
    How does this compare with NoScript's protection in these areas?
     
  3. Searching_ _ _

    Searching_ _ _ Registered Member

    Joined:
    Jan 2, 2008
    Posts:
    1,988
    Location:
    iAnywhere
    Creating a Safer Web - Mozilla Blog

     
  4. tlu

    tlu Guest

    @Searching_ _ _: Regarding CSRF: As mentioned in the article websites can send the origin header. Besides, there are two FF extensions that protect against CSRF: RequestPolicy and CsFire.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.