What is Content Security Policy?
CSP defines the Content-Security-Policy HTTP header that allows you to create a whitelist of sources of trusted content, and instructs the browser to only execute or render resources from those sources. Even if an attacker can find a hole through which to inject script, the script won’t match the whitelist, and therefore won’t be executed.
Read more: http://www.html5rocks.com/en/tutorials/security/content-security-policy/
No comments:
Post a Comment