2013年6月 – EVILCOS
source link: https://evilcos.me/?m=201306
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
EVILCOS
//:alert(/Hacking Symbol/)//余弦
大家正在看
- [zz]浏览器urlencode策略差异导致XSS风险 - 16,876 views
- papers更新 - 16,907 views
- [zz]关于kcon v2我的一些见解 - 16,914 views
- [zz]http-waf-detect.nse - 16,930 views
- [zz]xss to root android - 17,033 views
- 幻影webzine 0x06发布! - 17,057 views
- 关于思维模式 - 17,085 views
- 27G数据库 - 17,094 views
- 从攻到防 - 17,128 views
- 我们要如何思考 - 17,190 views
- 进入android安全,玩玩先 - 17,221 views
- 写书有感1 - 17,259 views
- 2012.1.2 - 17,399 views
- 黑客得学会玩概率 - 17,439 views
- CSP1.0进入Firefox - 17,445 views
- web2hack.org改版上线 - 17,450 views
- 重整了evilcos.me - 17,453 views
- 唧唧歪歪几句 - 17,454 views
- 保护好你的referer - 17,454 views
- SAE云豆被刷尽,问题分析 - 17,454 views
月份:2013年6月
http://threatpost.com/csp-1-0-added-to-firefox-to-block-xss-attacks/
X-Content-Security-Policy头会变为:Content-Security-Policy。
我没测试,不过据说Firefox、Chrome、IE10(沙箱模式)都支持了这个头。CSP1.0 还支持内嵌的样式的屏蔽,这些目的都是为了防御XSS。
我们的《Web前端黑客技术揭秘》最后一章有详细说明(http://vdisk.weibo.com/s/GDqYZ,开放),并认为CSP最终会成为XSS的终结者。不过这需要那些网站配合浏览器的CSP策略了,不仅能保证代码编写规范,也能保证前端安全性。
Proudly powered by WordPress. Theme: Flat 1.7.11 by Themeisle.
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK