Browser Security: Content Security Policy (CSP)

https://www.netsparker.com/blog/web-security/frame-injection-attacks/
Content-Security-Policy: script-src https://example.com/
<script src="https://not-example.com/js/library.js"></script>
<button id="btn" onclick="doSomething()">
document.getElementById("btn").addEventListener('click', doSomething);
Content-Security-Policy: script-src 'unsafe-inline';
<script>
var inline = 1;
</script>
Content-Security-Policy: script-src 'nonce-2726c7f26c'
<script nonce="2726c7f26c">
var inline = 1;
</script>
  • data: Allows data: URIs to be used as a content source. This is insecure; an attacker can also inject arbitrary data: URIs. Use this sparingly and definitely not for scripts.
  • mediastream: Allows mediastream: URIs to be used as a content source.
  • blob: Allows blob: URIs to be used as a content source.
  • filesystem: Allows filesystem: URIs to be used as a content source.

--

--

--

A food lover, a cyber security enthusiast, a musician and a traveller, so you will see a mix of different contents in my blog. ☺️

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

CoinEx Exclusive Celebration Event for June,Up to one Million CET Is Waiting for You

{UPDATE} Fly Sky High Hack Free Resources Generator

Traceable AI nabs $60M to secure app APIs using machine learning : Tech Big News

Software/Web Security Testing = Human Trials?

Hack The Box & CryptoHack Cyber Apocalypse 2021 Forensic Writeups

{UPDATE} Princess Room Cleanup Hack Free Resources Generator

Adiantum: Encryption for everyone!

Laptops/PC’s will soon become obsolete?

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
goay xuan hui

goay xuan hui

A food lover, a cyber security enthusiast, a musician and a traveller, so you will see a mix of different contents in my blog. ☺️

More from Medium

How to Stay Sane on a Boat

Brokeback Mountain — Reaction Paper

Progressive JPEG in action! — DEMO

Using docstrings for better code readability