Now this is over. The W3C is about to release a spec called Content Security Plolicy which allow you to specify the minimum set of privileges to make yor content (or application) work. Read this great article from Mike about CSP.
PS CSS just protects you against reflected XSS. You still have to encode your content for stored XSS
No comments:
Post a Comment