Firefox 23 Protects You Against XSS Attacks with the New Content Security Policy 1.0

The new technology prevents common types of XSS attacks

Mozilla is announcing that Firefox now supports Content Security Policy (CSP) 1.0. The specification is designed to prevent cross-site-scripting attacks or, at the very least, provide a more secure experience for users.

CSP enables websites to specify the domains from where scripts can be executed, thus preventing one of the most common types of XSS attacks.

The feature also prevents inline scripts, i.e. those embedded in an HTML page, from executing, preventing code injection attacks as well.

Firefox 23 now has support for the latest version of the CSP spec. It joins Chrome, which added support earlier in the year, and IE10 which only supports the sandbox directive.

Mozilla provided a more detailed analysis of the changes between the older, non-standard CSP that Firefox supported and the new 1.0 standard, if you're interested.

The older X-Content-Security-Policy header will be deprecated at some point, now that the standard version is ready. Moving forth, the W3C is already working on CSP 1.1, and Mozilla is actively involved in that.

Hot right now  ·  Latest news