Delivers browser preview with 'Content Security Policy' spec, hopes rivals follow its lead

By Gregg Keizer
October 5, 2009 06:05 AM ET
Computer World

Computerworld - Mozilla has released a test build of Firefox that adds new technology designed to stymie most Web-based attacks, the browser maker said Sunday.
The technology, dubbed "Content Security Policy" (CSP), is a Mozilla-initiated specification targeted at Web site and application developers, who will be able to define which content on the site or in the online application is legitimate. That would block any script or malicious code that's been added by hackers who manage to compromise the site or app. Such attacks are generally tagged with the label of cross-site scripting (XSS). [Comments...]