User: Password:
|
|
Subscribe / Log in / New account

Mozilla's Content Security Policy

Mozilla's Content Security Policy

Posted Jul 2, 2009 16:03 UTC (Thu) by alankila (guest, #47141)
Parent article: Mozilla's Content Security Policy

Trading security over functionality usually means that security loses and functionality wins. I predict a failure of this effort: the difficulties in transforming existing applications and web frameworks to support this seem large. If they had said that you can at least put <script> into <head> before the tag that disables using inline scripts...


(Log in to post comments)

Mozilla's Content Security Policy

Posted Jul 2, 2009 16:16 UTC (Thu) by JoeBuck (guest, #2330) [Link]

A bank or an online commerce site might still think that the tradeoff is worth it. In a situation where an XSS attack costs either the bank or the customer real money, it could be worth the tradeoff.

Mozilla's Content Security Policy

Posted Jul 4, 2009 9:08 UTC (Sat) by NAR (subscriber, #1313) [Link]

Why would a bank let HTML input into any forms?


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds