What if we could stop worrying about XSS vulnerabilities once and for all? What if we could just build our apps without having to think about the user content trying to execute malicious code on our website stealing our customers' payment data or even stealing access to some admin areas and potentially delivering even more damage?
Well, Content Security Policy can provide us with that. We'll take a look at what it is, at its stable and experimental features.
We will build our own Content Security Policy, experiment with it and see how one could introduce it on a large website with little hassle.