For those who don’t know, Content-Security-Policy or CSP is an attempt at mitigating Cross Site Scripting (XSS) attacks which are generally what you aim for when you manipulate a web endpoint – a web page – such that you can inject your own client-side code.
It’s problematic because an unrestricted XSS attacker operates from the trust level of the website the injection was made in, allowing access to user sessions and details; anything the user can access or manipulate the attacker can.
more here.............http://words.zemn.me/csp
Image may be NSFW.It’s problematic because an unrestricted XSS attacker operates from the trust level of the website the injection was made in, allowing access to user sessions and details; anything the user can access or manipulate the attacker can.
more here.............http://words.zemn.me/csp
Clik here to view.
