Forum Moderators: open
Gmail gets Content Security Policy support to stop extensions from loading unsafe code
Google today added [gmailblog.blogspot.jp] support for Content Security Policy (CSP) to Gmail. The security feature protects users by stopping extensions from loading unsafe code.
CSP is a computer security concept for preventing cross-site scripting (XSS) and related attacks. It provides a standard HTTP header that allows website owners to declare approved sources of content that browsers should be allowed to load on a given page (such as JavaScript, CSS, HTML frames, fonts, images, and even embeddable objects like Java applets, ActiveX, audio, and video files).
