Cross-site scripting vulnerabilities are very common in web applications. They have been in the OWASP top 10 for a while and are routinely used by attackers.
There are simple guidelines that one can follow to prevent XSS bugs and most of the web frameworks out there offer some level of protection but at the end of the day, it's easy to make a mistake.
Content Security Policy adds another layer to a website's defenses: browser-enforced restrictions against external resources or unauthorized scripting. An extra response header instructs browsers to enforce a policy set by the server administrator.
Sign in to add slides, notes or videos to this session