http://isc.sans.edu/diary/Firefox+4+Security+Features/10594
On March 22nd 2010 Mozilla released the long awaited firefox 4 browser. Of the improvements to the browser Mozilla added what is referred to as "XSS and Content Security Policy (CSP)". This does a rather decent job at preventing certain browser pop-ups/alert boxes.
However, for someone that plays around with XSS and loves alert boxes this was a slight problem. You won't find CSP in any of the menu options but you will find it in 'about:config'. If you do a search for CSP you will find the following two entries:
security.csp.debug - false
security.csp.enable - true
If you want to make sure that you can test your alert boxes it is highly recommended that you go and mark 'security.csp.enable' as 'false'.
No comments:
Post a Comment