First Firefox demo for Content Security Policy
With CSP, the browser will only execute scripts which originate from domains listed in a whitelist – everything else will be blocked. This allows administrators to specify their own script server for loading and executing scripts, for example. Attackers should then no longer be able to inject scripts into HTML files.
CSP only works in a specially prepared browser. The new Preview Build of Firefox supports this function. While this version does not yet support all specifications, it should suffice for an initial impression. At a special demo website, you can test whether and how CSP works. Brandon Sterne, Security Program Manager at Mozilla, says he looks forward to having a wide group of people take part in the first tests and to receiving their comments.
- Mozilla's new security policy, a report from The H.