News

ZDNet8y
Google tackles XSS scripting flaws with new developer tools
Google has released two new tools for developers looking to protect web domains against XSS scripting ... to support CSP, including scripts with incorrect nonce attributes, JavaScript, and inline ...
ZDNet4y
PayPal fixes reflected XSS vulnerability in user wallet currency converter
First disclosed on February 19, 2020, by a bug bounty hunter who goes by the name "Cr33pb0y" on HackerOne, the vulnerability is described as a "reflected XSS and CSP bypass" issue. The bug was ...
Threat Post11y
CSP 1.0 Added to Firefox to Block XSS Attacks
After years of discussion and waiting, Mozilla has finally added Content Security Policy 1.0, a defense against some common attacks such as XSS, to its Firefox browser. CSP already has been ...
heise online6mon
Web-Security: With Content Security Policy against Cross-Site Scripting, Part 2
Cross-site scripting (XSS) remains one of the most common security threats to web applications. Despite advanced protection mechanisms, attackers continue to find new ways to exploit XSS ...
heise online6mon
Page 2: Searching for the perfect CSP rule
Unfortunately, iFrames are always a means to an attack using XSS or cross-site request forgery. Setting both directives to none prevents the malicious use of iFrames. The universal CSP directives ...