[TYPO3-dev] protecting TYPO3 against cross-site scripting and click-jacking attacks ?
bernd wilke
t3ng at pi-phi.tk
Sun Apr 17 15:38:16 CEST 2011
on heise there was an article [1] how firefox 4.0 will support Content
Security Policy (CSP), a new way to protect your site against cross-site
scripting and click-jacking attacks. In the last sentence they mention
plugins for WordPress, Drupal and Django.
a TYPO3-extension supporting the new headers would not be the problem,
what about all the javascript generated all around in an installation?
at least you will need a list of extensions which put javascript inline
into the HTML-output.
[1]
english: http://h-online.com/-1216438
german: http://heise.de/-1214277
bernd
--
http://www.pi-phi.de/cheatsheet.html
More information about the TYPO3-dev
mailing list