内容安全策略

内容安全策略英語:,简称CSP)是一种计算机安全标准,旨在防御跨站脚本点击劫持代码注入攻击,阻止恶意内容在受信网页环境中执行。[1]这一标准是W3C网络应用安全工作组的候选推荐标准[2],被现代网页浏览器广泛支持。[3]

另见

参考资料

  1. Sid Stamm. . wiki.mozilla.org. 2009-03-11 [2011-06-29]. (原始内容存档于2019-09-29). Content Security Policy is intended to help web designers or server administrators specify how content interacts on their web sites. It helps mitigate and detect types of attacks such as XSS and data injection.
  2. . 2016-09-13 [2016-10-05]. (原始内容存档于2017-02-26).
  3. . Fyrd. [February 22, 2013]. (原始内容存档于2013-07-01).

外部链接

  • W3C Working Draft. . W3C. 2018-10-15 [2020-03-29]. (原始内容存档于2020-11-12) (英语).
  • . MDN Web Docs. [2020-03-29]. (原始内容存档于2020-12-18) (英语).
This article is issued from Wikipedia. The text is licensed under Creative Commons - Attribution - Sharealike. Additional terms may apply for the media files.