W3C home > Mailing lists > Public > public-webappsec@w3.org > March 2012

XSS through content-sniffing: good case for CSP sandbox directive

From: Hill, Brad <bhill@paypal-inc.com>
Date: Tue, 13 Mar 2012 00:54:42 +0000
To: "public-webappsec@w3.org" <public-webappsec@w3.org>
Message-ID: <370C9BEB4DD6154FA963E2F79ADC6F2E05F3AF@DEN-EXDDA-S12.corp.ebay.com>
http://www.garage4hackers.com/f11/gmail-xss-vulnerability-through-content-sniffing-2094.html?postcount=1

A good example of the type of bug we could reduce the impact of with a sandbox directive in CSP.

Brad Hill
Received on Tuesday, 13 March 2012 00:55:14 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 13 March 2012 00:55:15 GMT