Entry Point Regulation (EPR) for web apps

I've been working on a project to address XSRF and reflected XSS by
enabling web apps to regulate their entry points.

Blog with more details:

Code for a Chrome extension implementing EPR:

Mike West and I have been talking about spec'ing this out with hooks for
CSP and Fetch.  It would be great to get any comments and feedback from the
webappsec list!


Received on Wednesday, 6 August 2014 09:20:07 UTC