Widgets, advertisements, and other kinds of third-party content. That said, it would be quite useful to be able to place restrictions upon To avoid reintroducing them in a new form. Of issues in past features such as X-XSS-Protection, so we must be careful Secure page by denying it access to particular scripts. Loading, and it’s very possible to introduce vulnerabilities into an otherwise Allowing CSP to apply directly to these third-partyĬontexts would be dangerous CSP gives quite granular control over resource Give developers the ability to apply restrictions to third-party content Malicious script, style, and other resource types. Ĭontent Security Policy is a great defense against cross-site scriptingĪttacks, allowing developers to harden their own sites against injection of 3.3 Obtain the required CSP for context.3.2 Is policy list subsumed under subsuming policy?.3.1 Is response blocked by context’s required CSP?.2.2 The Embedding-CSP HTTP Request Header.This document is governed by the 1 September 2015 W3C Process Document. That page also includes instructions for disclosing a patent.Īn individual who has actual knowledge of a patent which the individual believes contains Essential Claim(s) must disclose the information in accordance with section 6 of the W3C Patent Policy. W3C maintains a public list of any patent disclosures made in connection with the deliverables of the group This document was produced by a group operating under This document was produced by the Web Application Security Working Group. Obsoleted by other documents at any time. This is a draft document and may be updated, replaced or Publication as a Working Draft does not imply endorsement by the W3C Please put the text “csp-embedded-enforcement” in the subject, Is preferred for discussion of this specification. The ( archived) public mailing list (see instructions) This document is intended to become a W3C Recommendation. This document was published by the Web Application Security Working Group as a Working Draft. A list ofĬurrent W3C publications and the latest revision of this technical reportĬan be found in the W3C technical reports
Other documents may supersede this document. This section describes the status of this document at the time of
0 kommentar(er)
