Yahoo

Tackle Cross Site Scripting using Content Security Policy

Cross site scripting (XSS) is identified as one of the main threats to web users by the OWASP Foundation. XSS occurs when a malicious third party injects a script into content served by your website.
Threat Post

Content Security Policy Mitigates XSS, Breaks Websites

An easily available and stout defense against cross-site scripting – content security policy – is sparsely deployed because it is not compatible with most websites. Content Security Policy (CSP) is an ...
VentureBeat

Gmail gets Content Security Policy support to stop extensions from loading unsafe code

Google today added support for Content Security Policy (CSP) to Gmail. The security feature protects users by stopping extensions from loading unsafe code. CSP is a computer security concept for ...