webappsec-ISSUE-60 (CSP and META): Injecting META tags can be an interesting bypass technique, possibly [CSP 1.2]

webappsec-ISSUE-60 (CSP and META): Injecting META tags can be an interesting bypass technique, possibly [CSP 1.2]

http://www.w3.org/2011/webappsec/track/issues/60

Raised by: Brad Hill
On product: CSP 1.2

How do we deal with injected META tags in CSP?

Received on Wednesday, 23 April 2014 15:46:08 UTC