canmove, Confirmed users
1,537
edits
Security/CSP/Spec: Difference between revisions
m
→Content Restrictions: clarified that CSP won't stop links
(→User-Agent and Other Client-Side Considerations: no version beacon) |
m (→Content Restrictions: clarified that CSP won't stop links) |
||
| Line 17: | Line 17: | ||
=Content Restrictions= | =Content Restrictions= | ||
The main goal of Content Security Policy is to prevent malicious code from being injected into a website and executed within the context of that site. Hence, a recurring theme in CSP is to prevent the creation of script code from potentially tainted strings. | The main goal of Content Security Policy is to prevent malicious code from being injected into a website and executed within the context of that site. Hence, a recurring theme in CSP is to prevent the creation of script code from potentially tainted strings. It should be made clear that it is not the intent of CSP to prevent '''navigation to arbitrary sites''', but rather to restrict the types of script, media, and other resources that may be used on a web page. | ||
The following restrictions will apply whenever any CSP directives are declared for a document: | The following restrictions will apply whenever any CSP directives are declared for a document: | ||