On 12-Feb-09, at 10:09 AM, FunkyRes wrote:
Since so many sites are dynamically generated and can create their own headers, and since so many of these sites have XSS vulnerabilities, how about a header that tells the browser the domain scope for scripts?
You may be interested in the Content Security Policy work, described here:
http://people.mozilla.org/~bsterne/content-security-policy/ Cheers, Johnathan --- Johnathan Nightingale Human Shield john...@mozilla.com _______________________________________________ dev-security mailing list dev-security@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security