W3C home > Mailing lists > Public > public-web-security@w3.org > January 2011

Re: XSS mitigation in browsers

From: Daniel Veditz <dveditz@mozilla.com>
Date: Fri, 21 Jan 2011 19:55:38 -0800
Message-ID: <4D3A553A.8080101@mozilla.com>
To: Michal Zalewski <lcamtuf@coredump.cx>
CC: public-web-security@w3.org, Sid Stamm <sid@mozilla.com>, Brandon Sterne <bsterne@mozilla.com>
On 1/19/11 3:12 PM, Michal Zalewski wrote:
> 3) Due to the prevalence of open redirectors, the policy should
> preferably apply not only to the initial URL, but also to every 30x
> hop encountered.

CSP enforces its policies on the entire redirect chain.

-Dan Veditz
Received on Saturday, 22 January 2011 03:56:49 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Saturday, 22 January 2011 03:56:50 GMT