On 17.09.2013 09:38, Frederik Braun wrote: > Hi, > > I was thinking.. Should there be a way to protect us from Cross-Zone > Scripting (i.e. somebody XSSing privileged pages and thus being able to > execute arbitrary commands) by applying CSP to internal pages?
This was already filed in 2012 as https://bugzilla.mozilla.org/show_bug.cgi?id=810116 _______________________________________________ dev-security mailing list dev-security@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security