I know how to implement CSP on web hosting but is there any way to implement it on the browser end so as to plug the security holes where the site owner forgot to?
3 Likes
I use the NoScript Firefox addon for desktop and mobile, mainly for its cross site protection. Then I have the RequestPolicy to control site external resources.
OT) Thats my excuse for still using Firefox. 
1 Like
Found a “transcript about CSP from the 2012 Devoxx in Antwerp” a couple of years ago which could be of interest.
1 Like
Thanks, I found an equivalent extension for Chrome, Opera and Vivaldi that uses a JSON file to apply CSP by URL.
With that it should hopefully be trivial to disable all inline CSS and scripts on poorly written web sites.
5 Likes
Surely such an oudated and poor method of coding isn’t used anymore?
It shouldn’t be and provided that you don’t it then becomes possible to use CSP to actually block it and prevent CSS or JavaScript being injected into the HTML from being able to run.
This topic was automatically closed 91 days after the last reply. New replies are no longer allowed.