Content-Security-Policy-Vulnerability/EN/Background: Unterschied zwischen den Versionen
Zeile 1: | Zeile 1: | ||
− | [https://en.wikipedia.org/wiki/Content_Security_Policy Content Security Policy (CSP)] requires careful coordination and precise definition of the security concept. | + | [https://en.wikipedia.org/wiki/Content_Security_Policy Content Security Policy (CSP)] requires careful coordination and precise definition of the security concept. When this option is enabled, CSP has a significant impact on the way the browser renders (composes) the pages. For example, inline [[JavaScript]] is disabled by default and must be explicitly allowed in the policy. The CSP can help mitigate code injection attacks. |
Aktuelle Version vom 12. Juni 2019, 17:47 Uhr
Content Security Policy (CSP) requires careful coordination and precise definition of the security concept. When this option is enabled, CSP has a significant impact on the way the browser renders (composes) the pages. For example, inline JavaScript is disabled by default and must be explicitly allowed in the policy. The CSP can help mitigate code injection attacks.