LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

(Nearly) full tickless operation in 3.10

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Mozilla's Content Security Policy

Mozilla's Content Security Policy

Posted Jul 2, 2009 16:03 UTC (Thu) by alankila (subscriber, #47141)
Parent article: Mozilla's Content Security Policy

Trading security over functionality usually means that security loses and functionality wins. I predict a failure of this effort: the difficulties in transforming existing applications and web frameworks to support this seem large. If they had said that you can at least put <script> into <head> before the tag that disables using inline scripts...

(Log in to post comments)

Mozilla's Content Security Policy

Posted Jul 2, 2009 16:16 UTC (Thu) by JoeBuck (subscriber, #2330) [Link]

A bank or an online commerce site might still think that the tradeoff is worth it. In a situation where an XSS attack costs either the bank or the customer real money, it could be worth the tradeoff.

Mozilla's Content Security Policy

Posted Jul 4, 2009 9:08 UTC (Sat) by NAR (subscriber, #1313) [Link]

Why would a bank let HTML input into any forms?

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds