- From: Norman Szigeti <nszigeti@cmtelematics.com>
- Date: Mon, 8 Jul 2024 11:05:25 +0200
- To: public-webappsec@w3.org
Received on Tuesday, 9 July 2024 09:57:27 UTC
Dear group, I wanted to send an official submission to W3C, but I cannot find the right way to do it. I wanted to recommend extending the Content-Security-Policy instruction set with the ability to disable the "javascript:" pseudo-protocol. A properly written modern website does not use this kind of URLs, and also it's pretty easy to check if it's required for a project or not, so it can be easy to implement this security measure in a lot of websites. And it can be a strong protection against a lot of XSS attacks. Thank you in advance for taking this into consideration. Best Regards, Norman Szigeti
Received on Tuesday, 9 July 2024 09:57:27 UTC