Last Updated: February 25, 2016
·
1.312K
· jaysoo

Using CSP nonce directive to prevent XSS

#xss
#security
#javascript
#csp

String filtering and escaping has been the standard for XSS prevention for some time now. Unfortunately, this approach has many issues.

The good news is that with Content Security Policy, we can fight against XSS using the right tools!

Here's a demonstration of the new nonce directive to prevent any unwanted inline <script>s from executing.

You will need NodeJS and Express framework to run the server.

https://gist.github.com/jaysoo/5691492

Note: This is only available in Chrome as of this writing.

#xss
#security
#javascript
#csp

Written by Jack Hsu

Say Thanks
Respond

Related protips

Forms, CSRF authenticity token and fragment caching in Rails

10.36K
3

Safe vs Unsafe jQuery Methods

7.399K
4

Rails 4 Facebook Applications

4.804K
6

Have a fresh tip? Share with Coderwall community!

Post
Post a tip
Best #Xss Authors
bashir
10.35K
#xss
#Ruby
#C
wyuenho
7.38K
#xss
#css
#javascript
tmilewski
4.798K
#xss
#Ruby
#Open Source
timfernihough
2.689K
#xss
#mamp
#unix
nmalcolm
1.901K
#xss
#PHP
#python
Related Tags
#xss
#security
#javascript
#csp
Sponsored by
#native_company#
#native_desc#
#native_cta#
Filed Under
Javascript Tips to Beat the DOM Into Submission
Awesome Job
See All Jobs
Post a job for only $299
Thanks to our sponsor
Sponsored by #native_company# — Learn More
#native_title# #native_desc#
#native_cta#