In a recent post in Mozilla Security Blog, Brandon Sterne Security Program Manager talked about Mozilla effort to shut down XSS (Cross-Site-Scripting) attacks with Content Security Policy.
For several years, Cross-Site Scripting (XSS) attacks have plagued many of the web’s most popular sites and victimized their users. At Mozilla, we’ve been working for the last year on a new technology called Content Security Policy, designed to shut these attacks down.
Mozilla is making efforts not only to make Firefox the fastest browser, but also the most secure platform. Brandon explains CSP approach to validate content :
Of course this will not save you 100% from XSS, Clickjacking or Packet Sniffing Attacks, but I think it’s a good initiative from browsers to help keeping the web safe.