{"id":176,"date":"2009-09-30T14:42:30","date_gmt":"2009-09-30T21:42:30","guid":{"rendered":"http:\/\/blog.mozilla.org\/security\/?p=176"},"modified":"2009-10-21T10:37:59","modified_gmt":"2009-10-21T17:37:59","slug":"a-glimpse-into-the-future-of-browser-security","status":"publish","type":"post","link":"https:\/\/blog.mozilla.org\/security\/2009\/09\/30\/a-glimpse-into-the-future-of-browser-security\/","title":{"rendered":"A Glimpse Into the Future of Browser Security"},"content":{"rendered":"<p>As we <a href=\"http:\/\/blog.mozilla.org\/security\/2009\/06\/19\/shutting-down-xss-with-content-security-policy\/\">mentioned earlier<\/a> we&#8217;ve been working for the past few months on turning the <a href=\"https:\/\/wiki.mozilla.org\/Security\/CSP\/Spec\">Content Security Policy specification<\/a> into working Firefox code.  (You&#8217;ll remember that CSP is a framework to protect websites from XSS and related attacks). We are happy to report that the work is nearly finished, and we have some <a href=\"http:\/\/people.mozilla.org\/~bsterne\/content-security-policy\/download.html\">preview builds<\/a> available for you to try out.<\/p>\n<p>We&#8217;re thrilled to have received so much great feedback from other browser vendors, web site administrators, and security researchers and we&#8217;re very proud of the design that has come out of that discussion.  We would like to encourage any server administrators or web app security researchers who are interested in this project to grab a <a href=\"http:\/\/people.mozilla.org\/~bsterne\/content-security-policy\/download.html\">preview Firefox build<\/a> and help us test the new features.  Please be aware that there are still a few rough spots.  The implementation is not quite complete so you may notice some small gaps between the preview builds and the spec.  Most notably, HTTP redirects are not fully handled by CSP (but will be soon).<\/p>\n<p>I posted a <a href=\"http:\/\/people.mozilla.org\/~bsterne\/content-security-policy\/demo.cgi\">demo page<\/a> where you can see the basic features of CSP in action, though we&#8217;re all much more excited to see all the tests and proof points our friends in the security research community are sure to turn up.  Please grab a preview build and start testing!<\/p>\n<p>Brandon Sterne<br \/>\nSecurity Program Manager<\/p>\n","protected":false},"excerpt":{"rendered":"<p>As we mentioned earlier we&#8217;ve been working for the past few months on turning the Content Security Policy specification into working Firefox code. (You&#8217;ll remember that CSP is a framework &hellip; <a class=\"go\" href=\"https:\/\/blog.mozilla.org\/security\/2009\/09\/30\/a-glimpse-into-the-future-of-browser-security\/\">Read more<\/a><\/p>\n","protected":false},"author":54,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[30,69],"tags":[],"coauthors":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v22.5 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>A Glimpse Into the Future of Browser Security - Mozilla Security Blog<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/blog.mozilla.org\/security\/2009\/09\/30\/a-glimpse-into-the-future-of-browser-security\/\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Al Billings\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/blog.mozilla.org\/security\/2009\/09\/30\/a-glimpse-into-the-future-of-browser-security\/\",\"url\":\"https:\/\/blog.mozilla.org\/security\/2009\/09\/30\/a-glimpse-into-the-future-of-browser-security\/\",\"name\":\"A Glimpse Into the Future of Browser Security - Mozilla Security Blog\",\"isPartOf\":{\"@id\":\"https:\/\/blog.mozilla.org\/security\/#website\"},\"datePublished\":\"2009-09-30T21:42:30+00:00\",\"dateModified\":\"2009-10-21T17:37:59+00:00\",\"author\":{\"@id\":\"https:\/\/blog.mozilla.org\/security\/#\/schema\/person\/d33dd2d17a8109165b6df7d1245e33fc\"},\"breadcrumb\":{\"@id\":\"https:\/\/blog.mozilla.org\/security\/2009\/09\/30\/a-glimpse-into-the-future-of-browser-security\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/blog.mozilla.org\/security\/2009\/09\/30\/a-glimpse-into-the-future-of-browser-security\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/blog.mozilla.org\/security\/2009\/09\/30\/a-glimpse-into-the-future-of-browser-security\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/blog.mozilla.org\/security\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"A Glimpse Into the Future of Browser Security\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/blog.mozilla.org\/security\/#website\",\"url\":\"https:\/\/blog.mozilla.org\/security\/\",\"name\":\"Mozilla Security Blog\",\"description\":\"\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/blog.mozilla.org\/security\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/blog.mozilla.org\/security\/#\/schema\/person\/d33dd2d17a8109165b6df7d1245e33fc\",\"name\":\"Al Billings\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/blog.mozilla.org\/security\/#\/schema\/person\/image\/9456a97c7c46aaacc293dfb3e668ecfd\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/59eb615338adae529ebe54960f87cd0c?s=96&d=identicon&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/59eb615338adae529ebe54960f87cd0c?s=96&d=identicon&r=g\",\"caption\":\"Al Billings\"},\"sameAs\":[\"https:\/\/openbuddha.com\"]}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"A Glimpse Into the Future of Browser Security - Mozilla Security Blog","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/blog.mozilla.org\/security\/2009\/09\/30\/a-glimpse-into-the-future-of-browser-security\/","twitter_misc":{"Written by":"Al Billings","Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/blog.mozilla.org\/security\/2009\/09\/30\/a-glimpse-into-the-future-of-browser-security\/","url":"https:\/\/blog.mozilla.org\/security\/2009\/09\/30\/a-glimpse-into-the-future-of-browser-security\/","name":"A Glimpse Into the Future of Browser Security - Mozilla Security Blog","isPartOf":{"@id":"https:\/\/blog.mozilla.org\/security\/#website"},"datePublished":"2009-09-30T21:42:30+00:00","dateModified":"2009-10-21T17:37:59+00:00","author":{"@id":"https:\/\/blog.mozilla.org\/security\/#\/schema\/person\/d33dd2d17a8109165b6df7d1245e33fc"},"breadcrumb":{"@id":"https:\/\/blog.mozilla.org\/security\/2009\/09\/30\/a-glimpse-into-the-future-of-browser-security\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/blog.mozilla.org\/security\/2009\/09\/30\/a-glimpse-into-the-future-of-browser-security\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/blog.mozilla.org\/security\/2009\/09\/30\/a-glimpse-into-the-future-of-browser-security\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/blog.mozilla.org\/security\/"},{"@type":"ListItem","position":2,"name":"A Glimpse Into the Future of Browser Security"}]},{"@type":"WebSite","@id":"https:\/\/blog.mozilla.org\/security\/#website","url":"https:\/\/blog.mozilla.org\/security\/","name":"Mozilla Security Blog","description":"","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/blog.mozilla.org\/security\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/blog.mozilla.org\/security\/#\/schema\/person\/d33dd2d17a8109165b6df7d1245e33fc","name":"Al Billings","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/blog.mozilla.org\/security\/#\/schema\/person\/image\/9456a97c7c46aaacc293dfb3e668ecfd","url":"https:\/\/secure.gravatar.com\/avatar\/59eb615338adae529ebe54960f87cd0c?s=96&d=identicon&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/59eb615338adae529ebe54960f87cd0c?s=96&d=identicon&r=g","caption":"Al Billings"},"sameAs":["https:\/\/openbuddha.com"]}]}},"_links":{"self":[{"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/posts\/176"}],"collection":[{"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/users\/54"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/comments?post=176"}],"version-history":[{"count":0,"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/posts\/176\/revisions"}],"wp:attachment":[{"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/media?parent=176"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/categories?post=176"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/tags?post=176"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/coauthors?post=176"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}