An Introduction to Content Security Policy - HTML5 Rocks

posted on 15/09/2012 05:29 #html5 #development #security

http://www.html5rocks.com/en/tutorials/security/content-security-policy/ →

The web’s security model is rooted in the same origin policy. Code from https://mybank.com should only have access to https://mybank.com’s data, and https://evil.example.com should certainly never be allowed access. Each origin is kept isolated from the rest of the web, giving developers a safe sandbox in which to build and play. In theory, this is perfectly brilliant. In practice, attackers have found clever ways to subvert the system. […]

---