Je hebt een klacht over de onderstaande posting:
Commentaar van de No-Script ontwikkelaar op http://forums.informaction.com/viewtopic.php?f=10&t=1790 -Do you think CSP is going in the right direction or is it simply a misstep that will further cloud the already foggy browser security landscape? -I do not think it's a misstep at all. It would be great if it got wide adoption on the client, and especially on the server side (the two are strictly interdependent, obviously). Notice, though, that its scope is very limited: while it's a great answer to XSS if correctly implemented on the server side (which is unlikely to be done better than current "secure development" best practices, except for larger sites with very good IT staffers), its merits against clickjacking are unlikely and it can't do anything against CSRF: that's why NoScript, ClearClick and ABE are orthogonal to CSP, rather than a competitors.
Beschrijf je klacht (Optioneel):