More Related Content
Similar to 10X More Secure with Content Security Policy (20)
10X More Secure with Content Security Policy
- 3. A policy language used to declare a set of content
restrictions for a web resource
Content Security Policy
- 4. Content Security Policy 1.0
https://www.w3.org/TR/CSP1/
W3C Working Group Note, 19 Feb 2015
Content Security Policy Level 2
https://www.w3.org/TR/CSP2/
W3C Recommendation, 15 Dec 2016
Content Security Policy Level 3
https://www.w3.org/TR/CSP3/
W3C Working Draft, 15 Oct 2016
Content Security Policy Versions
- 10. Effects on JavaScript Code
Inline JavaScript code
JavaScript code from external domains
JavaScript code that uses eval()
- 14. CSP Bypass
Loading content from a CSP-listed domain
Create an iframe, load an external script
Tricking the XSS Auditor in Edge (fixed!)