LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

(Nearly) full tickless operation in 3.10

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Mozilla's Content Security Policy

Mozilla's Content Security Policy

Posted Jul 2, 2009 9:45 UTC (Thu) by tzafrir (subscriber, #11501)
Parent article: Mozilla's Content Security Policy

What effect will this have over the ease of use of googlesyndication.com and other "web bugs"?

(Log in to post comments)

Mozilla's Content Security Policy

Posted Jul 2, 2009 13:02 UTC (Thu) by mrshiny (subscriber, #4266) [Link]

At first glance it does appear that this policy will dramatically limit the ease of adding third-party content to the page, such as ads, if that content uses scripts. For one thing, ad content will need to be rewritten to load external .js files. For a service such as Google Analytics the service provider will need to document all the hostnames that serve any JS content (assuming the initial .js file loads additional scripts, which is relatively common).

This policy has the potential to be extremely powerful but the difficulty in implementation is relatively high, especially for many of the popular sites. However, for any sites which don't have ads it could be easily done. I know that the site I maintain would need some framework upgrades to support this feature, however, when coding with this approach in mind it is easy enough to apply. And it's fully backwards compatible, which is great.

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds