Enable javascript in your browser for better experience. Need to know to enable it? Go here.
radar blip
radar blip

Content Security Policies

更新于 : Nov 07, 2016
这一条目不在当前版本的技术雷达中。如果它出现在最近几期中,那么它很有可能仍然具有相关参考价值。如果这一条目出现在更早的雷达中,那么它很有可能已经不再具有相关性,我们的评估将不再适用于当下。很遗憾我们没有足够的带宽来持续评估以往的雷达内容。 了解更多
Nov 2016
Assess ? 在了解它将对你的企业产生什么影响的前提下值得探索

We are finding Content Security Policies to be a helpful addition to our security toolkit when dealing with websites that pull assets from mixed contexts. The policy defines a set of rules about where assets can come from (and whether to allow inline script tags). The browser then refuses to load or execute JavaScript, CSS or images that violate those rules. When used in conjunction with good practices, such as output encoding, it provides good mitigation for XSS attacks. Interestingly, the optional endpoint for posting JSON reports of violations is how Twitter discovered that ISPs were injecting HTML or JavaScript into their pages.

Apr 2016
Assess ? 在了解它将对你的企业产生什么影响的前提下值得探索
发布于 : Apr 05, 2016


English | Español | Português | 中文