Re: Re: The PHP filter class I'm working on (securiity)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Martin Zvarík wrote:

What's the point?
The point is detailed on the (not fully complete) description page I just put up - 

http://www.clfsrpm.net/xss/
Namely, a lot of people who have web sites do not have the technical capability to prevent their site from being used as an XSS vector to attack other people.
By setting a simple security policy, browsers that implement CSP can see that something funny is being tried because the web site has instructed the browser it will not try to do that action from that domain.
By implementing CSP server side, even users without CSP enabled browsers (just about everyone currently) will have some measure of protection. 

That's the point.


--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux