[TYPO3-dev] protecting TYPO3 against cross-site scripting and click-jacking attacks ?
Kay Strobach
typo3 at kay-strobach.de
Sun Apr 17 17:36:19 CEST 2011
Hi bernd,
4.5 has a xss form protection with a special token.
regards
Kay
Am 17.04.2011 15:38, schrieb bernd wilke:
> on heise there was an article [1] how firefox 4.0 will support Content
> Security Policy (CSP), a new way to protect your site against cross-site
> scripting and click-jacking attacks. In the last sentence they mention
> plugins for WordPress, Drupal and Django.
>
> a TYPO3-extension supporting the new headers would not be the problem,
> what about all the javascript generated all around in an installation?
>
> at least you will need a list of extensions which put javascript inline
> into the HTML-output.
>
>
> [1]
> english: http://h-online.com/-1216438
> german: http://heise.de/-1214277
>
>
> bernd
--
http://www.kay-strobach.de - Open Source Rocks
More information about the TYPO3-dev
mailing list