Content-Security-Policy-Vulnerability/EN/Background: Unterschied zwischen den Versionen

Aktuelle Version vom 12. Juni 2019, 17:47 Uhr

Content Security Policy (CSP) requires careful coordination and precise definition of the security concept. When this option is enabled, CSP has a significant impact on the way the browser renders (composes) the pages. For example, inline JavaScript is disabled by default and must be explicitly allowed in the policy. The CSP can help mitigate code injection attacks.

Version vom 6. Februar 2019, 15:55 Uhr (Quelltext anzeigen) Siwebot (Diskussion \| Beiträge) ← Zum vorherigen Versionsunterschied		Aktuelle Version vom 12. Juni 2019, 17:47 Uhr (Quelltext anzeigen) Siwebot (Diskussion \| Beiträge)
Zeile 1:		Zeile 1:
−	[https://en.wikipedia.org/wiki/Content_Security_Policy Content Security Policy (CSP)] requires careful coordination and precise definition of the security concept. If this option is enabled, CSP has ~~considerable~~ impact on the way the browser renders pages ~~(for~~ example, inline ~~Javascript~~ is disabled by default and must be allowed ~~explicitly~~ in the policy). CSP can ~~prevend a number of attachs such as [https://en.wikipedia.org/wiki/Cross-site_scripting cross-site scripting] and other~~ attacks ~~which inject data in web pages~~.	+	[https://en.wikipedia.org/wiki/Content_Security_Policy Content Security Policy (CSP)] requires careful coordination and precise definition of the security concept. When this option is enabled, CSP has a significant impact on the way the browser renders (composes) the pages. For example, inline [[JavaScript]] is disabled by default and must be explicitly allowed in the policy. The CSP can help mitigate code injection attacks.

Content-Security-Policy-Vulnerability/EN/Background: Unterschied zwischen den Versionen

Aktuelle Version vom 12. Juni 2019, 17:47 Uhr

Navigationsmenü

Meine Werkzeuge

Namensräume

Varianten

Ansichten

Mehr

Suche

Navigation

Siwecos

Werkzeuge