XSS through content-sniffing: good case for CSP sandbox directive

http://www.garage4hackers.com/f11/gmail-xss-vulnerability-through-content-sniffing-2094.html?postcount=1

A good example of the type of bug we could reduce the impact of with a sandbox directive in CSP.

Brad Hill

Received on Tuesday, 13 March 2012 00:55:14 UTC