Recently, Nick discussed how cross-site scripting (XSS) is one of the major areas of concern for Web application security and showed us how to avoid attacks from a coding perspective. Now, Mozilla Security has proposed a new defense against XSS called Content Security Policy (CSP).

Read the rest of this entry »