CSP: Thwarting cross-site scripting and click-jacking attacks

Discussion in 'other security issues & news' started by tlu, Mar 30, 2011.

Thread Status:
Not open for further replies.
  1. tlu

    tlu Guest

  2. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,516
    How does this compare with NoScript's protection in these areas?
     
  3. Searching_ _ _

    Searching_ _ _ Registered Member

    Joined:
    Jan 2, 2008
    Posts:
    1,988
    Location:
    iAnywhere
    Creating a Safer Web - Mozilla Blog

     
  4. tlu

    tlu Guest

    @Searching_ _ _: Regarding CSRF: As mentioned in the article websites can send the origin header. Besides, there are two FF extensions that protect against CSRF: RequestPolicy and CsFire.
     
Loading...
Thread Status:
Not open for further replies.