Web Security
Vulnerabilities
XSS (Cross Site Scripting)
- e.g., an input field allowing JS code like
<script>alert('hello')</script>
How to prevent?
HTTP Security Headers
Content-Security-Policy
- used to prevent cross site scripting by specifying which resources are allowed to load
- it is enabled by setting the
Content-Security-Policy
HTTP response header.
1 2 3 4 5 6 7 8 9 |
|
- https://content-security-policy.com/
- https://csp.withgoogle.com/
- Mozilla Observatory
- Mozilla Laboratory-Browser Extension