Content Security Policy 1.0 for SeaMonkey?

[CMonkeyBloke]

CSP 1.0 Added to Firefox to Block XSS Attacks

I have a couple of questions about this: Will CSP be implemented into the SeaMonkey equivalent when this is implemented into Firefox? And, would it make SeaMonkey safer from CSS attacks even if I already use NoScript & RequestPolicy?

[Philip Chee]

CSP 1.0 Added to Firefox to Block XSS Attacks

I have a couple of questions about this: Will CSP be implemented into the SeaMonkey equivalent when this is implemented into Firefox? And, would it make SeaMonkey safer from CSS attacks even if I already use NoScript & RequestPolicy?

Bug 875706 Flip the pref to enable the Content Security Policy (CSP) 1.0 parser for SeaMonkey.

References:
FX Bug 842657 Flip the pref to enable the CSP 1.0 parser for Firefox.
FXOS Bug 858787 Flip the pref to turn on the CSP 1.0 parser for Firefox OS

http://en.wikipedia.org/wiki/Content_Security_Policy

https://wiki.mozilla.org/index.php?title=Security/CSP/Spec&oldid=133465#Background

Content Security Policy is intended to help web designers or server administrators specify how content interacts on their web sites. It helps mitigate and detect types of attacks such as XSS and data injection. CSP is not intended to be a main line of defense, but rather one of the many layers of security that can be employed to help secure a web site.

Phil

[CMonkeyBloke]

OK, thanks for the links & info Phil.

[therube]

And while we're here, Introducing Content Security Policy.


> a defense against some common attacks such as XSS

Do note that it is not an end-all.
For instance, still unresolved, Bug 528661 - (xssfilter) Heuristics to block reflected XSS (like in IE8).


Oh, & don't forget, NoScript.
Anti-XSS protection

NoScript’s Anti-XSS Filters Partially Ported to IE8

Security Policies

[CMonkeyBloke]

OK thanks for the info therube.