- From: Norman Szigeti <northbrid@gmail.com>
- Date: Tue, 25 Jun 2024 13:53:20 +0100
- To: public-webappsec@w3.org
Received on Thursday, 3 October 2024 15:38:22 UTC
Dear group, I wanted to send an official submission to W3C, but I cannot find the right way to do it. I wanted to recommend extending the Content-Security-Policy instruction set with the ability to disable the "javascript:" pseudo-protocol. A properly written modern website does not use this kind of URLs, and also it's pretty easy to check if it's required for a project or not, so it can be easy to implement this security measure in a lot of websites. And it can be a strong protection against a lot of XSS attacks. Thank you in advance for taking this into consideration. Best Regards, Norman Szigeti
Received on Thursday, 3 October 2024 15:38:22 UTC