Bug 30081
| Summary: | Support Mozilla's CSP proposal | ||
|---|---|---|---|
| Product: | WebKit | Reporter: | Peter Kasting <pkasting> |
| Component: | Platform | Assignee: | Nobody <webkit-unassigned> |
| Status: | RESOLVED DUPLICATE | ||
| Severity: | Enhancement | CC: | abarth, ap, aroben, bugmail, bugzilla, ddkilzer, johnath, jwalden+bwo, mike, sam |
| Priority: | P2 | Keywords: | InRadar |
| Version: | 528+ (Nightly build) | ||
| Hardware: | PC | ||
| OS: | All | ||
| URL: | http://people.mozilla.org/~bsterne/content-security-policy/index.html | ||
Peter Kasting
CSP, as described in the above URL, is a proposal to enhance site security by allowing web authors to restrict what sorts of capabilities a page has.
Implementing this would be a boon for web authors trying to reduce XSS and similar attacks.
| Attachments | ||
|---|---|---|
| Add attachment proposed patch, testcase, etc. |
Adam Barth
I talked to Sid via chat. He said he'd thrilled if we implemented CSP. It might be the right time to review the spec in detail and start a prototype implementation.
Alexey Proskuryakov
<rdar://problem/5992706>
Sam Weinig
*** This bug has been marked as a duplicate of bug 53572 ***