public marks

PUBLIC MARKS from dzc with tag "cross-site scripting"

2014

An Introduction to Content Security Policy - HTML5 Rocks

Instead of blindly trusting everything that a server delivers, CSP defines the Content-Security-Policy HTTP header that allows you to create a whitelist of sources of trusted content, and instructs the browser to only execute or render resources from those sources. Even if an attacker can find a hole through which to inject script, the script won’t match the whitelist, and therefore won’t be executed.

2009

dzc's TAGS related to tag "cross-site scripting"

conception web +   Content Security Policy +   csp +   firefox +   html5 +   HTTP CSP +   javascript +   navigateur web +   à surveiller +   securité site web +   security +   sécurité +   xss +   XSS attacks +