CSP: Thwarting cross-site scripting and click-jacking attacks

[jamescv7]

Content Security Policies are designed to prevent cross-site scripting and other attack types. Firefox 4 is the first browser to support this new concept.

Cross-site scripting (XSS) has become the plague of the internet, and even the banks haven't managed fully to tackle this problem on their web sites. However, XSS attacks on browsers could soon be a thing of the past, at least for Firefox users: the Mozilla Foundation's latest version 4 of Firefox supports the concept of Content Security Policy (CSP). This allows web administrators to tell browsers which domains to accept as trusted sources of JavaScript code by sending the special X-Content-Security-Policy HTTP header.

http://www.h-online.com/security/features/CSP-Thwarting-cross-site-scripting-and-click-jacking-attacks-1216438.html