CSP Declaring Security

Mozilla’s Content Security Policy (CSP) draft spec is a mechanism for declarative security, whereby a site communicates its intent and leaves it up to the user-agent to determine how to enforce it. The ideas behind the CSP draft are not new, and it is but one of many proposals for declarative security, from BEEP to HTML5 sandboxing.  […]

Mozilla’s Content Security Policy (CSP) draft spec is a mechanism for declarative security, whereby a site communicates its intent and leaves it up to the user-agent to determine how to enforce it. The ideas behind the CSP draft are not new, and it is but one of many proposals for declarative security, from BEEP to HTML5 sandboxing.  In some respects it overlaps with other mechanisms for restricting script, although if CSP is successful, new directives will likely be created to provide uniform specification of the available policies, said Eric Lawrence on IE blog.