Security/CSP/Deploying: Difference between revisions

Jump to navigation Jump to search

Security/CSP/Deploying (view source)

Revision as of 22:28, 2 July 2009

174 bytes added ,  2 July 2009
→‎Removing Inline Scripts
Line 12: Line 12:


=== <b><tt>&lt;script&gt;</tt> tags with text child nodes</b> ===
=== <b><tt>&lt;script&gt;</tt> tags with text child nodes</b> ===
; The Problem :
; General Solution :
; Conversion Steps:


=== <b><tt>javascript:</tt> URIs</b> ===
=== <b><tt>javascript:</tt> URIs</b> ===
; The Problem :
; General Solution :
; Conversion Steps:


=== <b>Event handling attributes in HTML tags</b> ===
=== <b>Event handling attributes in HTML tags</b> ===
There are many HTML [http://www.w3.org/TR/html5/browsers.html#event-handler-attributes-0 event handling attributes] (on*) that can contain strings to be evaluated as script.
; The Problem : There are many HTML [http://www.w3.org/TR/html5/browsers.html#event-handler-attributes-0 event handling attributes] (on*) that can contain strings to be evaluated as script.
 
; General Solution :
; Conversion Steps:


== Removing "eval()"-like features ==
== Removing "eval()"-like features ==
Sidstamm
canmove, Confirmed users
1,537

edits

Retrieved from "https://wiki.mozilla.org/Special:MobileDiff/153327"

Navigation menu