Enable javascript in your browser for better experience. Need to know to enable it? Go here.
Last updated : Nov 07, 2016
Not on the current edition
This blip is not on the current edition of the Radar. If it was on one of the last few editions it is likely that it is still relevant. If the blip is older it might no longer be relevant and our assessment might be different today. Unfortunately, we simply don't have the bandwidth to continuously review blips from previous editions of the Radar Understand more
Nov 2016
评估 ? 在了解它将对你的企业产生什么影响的前提下值得探索

We are finding Content Security Policies to be a helpful addition to our security toolkit when dealing with websites that pull assets from mixed contexts. The policy defines a set of rules about where assets can come from (and whether to allow inline script tags). The browser then refuses to load or execute JavaScript, CSS or images that violate those rules. When used in conjunction with good practices, such as output encoding, it provides good mitigation for XSS attacks. Interestingly, the optional endpoint for posting JSON reports of violations is how Twitter discovered that ISPs were injecting HTML or JavaScript into their pages.

Apr 2016
评估 ? 在了解它将对你的企业产生什么影响的前提下值得探索
已发布 : Apr 05, 2016


English | Español | Português | 中文