訊真科技技術園地第二發文章出爐囉!
感謝公司同仁E小姐的提供,
讓我們對CSP能夠有更深入的了解^^
----------------------------------------------------------------------------------
最近在看XSS攻擊的資料,
這篇文章介紹了CSP藉由限制可存取資源的白名單避免了潛在風險,
也提到了儘量不要使用inline script的觀念。
--
CSP is quite usable in Chrome 16+, Safari 6+, and Firefox 4+, and has (very) limited support in IE 10.
--
CSP is quite usable in Chrome 16+, Safari 6+, and Firefox 4+, and has (very) limited support in IE 10.