Welcome to WebmasterWorld Guest from

Forum Moderators: open

Message Too Old, No Replies

Gmail gets CSP support to stop extensions from loading

10:25 pm on Dec 16, 2014 (gmt 0)

Administrator from JP 

WebmasterWorld Administrator bill is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Oct 12, 2000
votes: 139

http://venturebeat.com/2014/12/16/gmail-gets-content-security-policy-support-to-stop-extensions-from-loading-unsafe-code/ [venturebeat.com]

Gmail gets Content Security Policy support to stop extensions from loading unsafe code

Google today added [gmailblog.blogspot.jp] support for Content Security Policy (CSP) to Gmail. The security feature protects users by stopping extensions from loading unsafe code.

CSP is a computer security concept for preventing cross-site scripting (XSS) and related attacks. It provides a standard HTTP header that allows website owners to declare approved sources of content that browsers should be allowed to load on a given page (such as JavaScript, CSS, HTML frames, fonts, images, and even embeddable objects like Java applets, ActiveX, audio, and video files).