As we mentioned earlier we’ve been working for the past few months on turning the Content Security Policy specification into working Firefox code. (You’ll remember that CSP is a framework to protect websites from XSS and related attacks). We are happy to report that the work is nearly finished, and we have some preview builds available for you to try out.
We’re thrilled to have received so much great feedback from other browser vendors, web site administrators, and security researchers and we’re very proud of the design that has come out of that discussion. We would like to encourage any server administrators or web app security researchers who are interested in this project to grab a preview Firefox build and help us test the new features. Please be aware that there are still a few rough spots. The implementation is not quite complete so you may notice some small gaps between the preview builds and the spec. Most notably, HTTP redirects are not fully handled by CSP (but will be soon).
I posted a demo page where you can see the basic features of CSP in action, though we’re all much more excited to see all the tests and proof points our friends in the security research community are sure to turn up. Please grab a preview build and start testing!
Brandon Sterne
Security Program Manager
Pento wrote on
Julian Reschke wrote on
home computer wrote on
Daniel Veditz wrote on
Andrew wrote on
Johnathan Nightingale wrote on
Daniel Veditz wrote on
rvdh wrote on
Mike wrote on
Geld Lenen wrote on
Tom T. wrote on