1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

News Mozilla demos CSP anti-XSS tech

Discussion in 'Article Discussion' started by CardJoe, 5 Oct 2009.

  1. CardJoe

    CardJoe Freelance Journalist

    Joined:
    3 Apr 2007
    Posts:
    11,343
    Likes Received:
    292
  2. mi1ez

    mi1ez Active Member

    Joined:
    11 Jun 2009
    Posts:
    1,436
    Likes Received:
    18
    Another great, widely available technology from Mozilla. Good work!
     
  3. tad2008

    tad2008 New Member

    Joined:
    6 Nov 2008
    Posts:
    332
    Likes Received:
    3
    I think this is a good approach to a very real problem and gives website owners/administrators a chance to further improve the security of their site and help preserve their reputation. Hopefully this is something that will also be adopted by all the open source CMS's out there to provide the less tech savvy with a bit more peace of mind.
     
  4. p3n

    p3n New Member

    Joined:
    31 Jan 2002
    Posts:
    778
    Likes Received:
    1
    I always thought XSS or 'code injections' (that are malicious and not just malware) were aimed at servers?
     
  5. Saivert

    Saivert New Member

    Joined:
    26 Mar 2005
    Posts:
    390
    Likes Received:
    1
    Why don't they just integrate the Noscript extension? this does solve XSS pretty well by blocking it completely.
     
  6. l3v1ck

    l3v1ck Fueling the world, one oil well at a time.

    Joined:
    23 Apr 2009
    Posts:
    12,945
    Likes Received:
    17
    I'm a big NoScript fan, and have been for ages.
    But people like my dad don't have the patience to enable things on a site by site basis. A global solution would be good.
     
  7. frojoe

    frojoe New Member

    Joined:
    17 Dec 2008
    Posts:
    135
    Likes Received:
    1
    I know I should run noscript, but its a pita. I have it installed but I disabled it a while ago(on my mac not my pc). I only turn it on if the site I'm on looks sketchy. You couldn't convince most average computers users to deal with it I don't think, so as l3v1ck said, a global solution would be great.

    Edit: now that I think about it, I think even though noscript is set to allow scripts globally, it still blocks cross scripting attempts, so it is doing some god for me.
     
  8. Otto69

    Otto69 New Member

    Joined:
    6 Oct 2007
    Posts:
    253
    Likes Received:
    3
    Ah the irony of it all. Web browsers were supposed to replace the fat clients such as Outlook, Word, etc. And now with all these extensions the browser is just a piece of buggy bloatware slowing being re-inflated to fat client size. Re inventing the wheel.
     
  9. thehippoz

    thehippoz New Member

    Joined:
    19 Dec 2008
    Posts:
    5,780
    Likes Received:
    174
    cool.. saddle popper protector
     
  10. will.

    will. A motorbike of jealousy!

    Joined:
    2 Mar 2005
    Posts:
    4,461
    Likes Received:
    20
    Did you read this article?
     
Tags: Add Tags

Share This Page