Tuesday, August 10, 2010
Inside Mozilla's Firefox 4 Security
One of the new security features in Firefox 4 is the Content Security Policy (CSP) effort.
"Content security policy is focused on Cross Site Scripting (XSS) mitigation so it prevents injected scripts from actually running," Brandon Sterne, security program manager at Mozilla, toldInternetNews.com. "The site gets to declare a policy that the Firefox browser will then apply to the page and then any content that hasn't been blessed by the site won't be loaded or executed."