MozillaWiki

Security/CSP/XSSModule: Difference between revisions

Page Discussion

Security/CSP/XSSModule (view source)

Revision as of 00:11, 18 October 2009

180 bytes added ,  18 October 2009
no edit summary
No edit summary
No edit summary
Line 53: Line 53:
https://example.net
https://example.net
http://*.foo.example.com</pre>  
http://*.foo.example.com</pre>  
If the descriptor lacks a scheme, then the scheme defaults to the same scheme as the current web page. &nbsp;If the descriptor contains a *, then the star matches zero or more subdomains. &nbsp;For example, *.example.org matches example.org, foo.example.org and bar.foo.example.org. &nbsp;The origin-descriptor, then, denotes the set of all URLs with schemes and (fully qualified) host names that match the descriptor. &nbsp;Notice that in all cases the origin-list ignores port numbers for simplicity.
If the descriptor lacks a scheme, then the scheme defaults to the same scheme as the current web page. &nbsp;If the descriptor contains a *, then the star matches zero or more subdomains. &nbsp;For example, *.example.org matches example.org, foo.example.org and bar.foo.example.org. &nbsp;The origin-descriptor, then, denotes the set of all URLs with schemes and (fully qualified) host names that match the descriptor. &nbsp;Notice that in all cases the origin-list ignores port numbers for simplicity.
 
A resource load is said to ''respect an origin-list'' if the initial request, and all subsequent redirects, are for URLs contained in the set of URLs denoted by the origin-list.


== block-xss  ==
== block-xss  ==
Abarth
118

edits

Retrieved from "https://wiki.mozilla.org/Special:MobileDiff/176348"