Security/CSP/Spec: Difference between revisions

Jump to navigation Jump to search

Security/CSP/Spec (view source)

Revision as of 16:09, 8 October 2009

144 bytes added ,  8 October 2009
→‎No data: URIs unless opted-in to via explicit policy
Line 90: Line 90:
* Vulnerability types mitigated:
* Vulnerability types mitigated:
*# data: URL script injection
*# data: URL script injection
* data: URIs can be re-enabled by adding "data:" as a source to any source directive.  For example: <tt>img-src data: https://my-host.com</tt>.


==XBL bindings must come from chrome: or resource: URIs==
==XBL bindings must come from chrome: or resource: URIs==
Sidstamm
canmove, Confirmed users
1,537

edits

Retrieved from "https://wiki.mozilla.org/Special:MobileDiff/174360"

Navigation menu