- From: Ian Hickson <ian@hixie.ch>
- Date: Wed, 8 Dec 2010 01:12:29 +0000 (UTC)
On Tue, 14 Sep 2010, zhao Matt wrote: > > I know Mozilla and Microsoft have provided some ways (respectively, CSP, XSS > filter) to mitigate or detect XSS attacks. > so I wonder whether HTML5 will present an approach to fight this attacks? "XSS" is a pretty broad range of attacks. HTML has a number of features designed to prevent XSS attacks, for example the origin security policy, the <iframe sandbox> feature, and the text/html-sandboxed MIME type. Others have also been proposed, such as a syntax to embed text as base64 data safely. HTH. If you have any specific questions please don't hesitate to raise them. -- Ian Hickson U+1047E )\._.,--....,'``. fL http://ln.hixie.ch/ U+263A /, _.. \ _\ ;`._ ,. Things that are impossible just take longer. `._.-(,_..'--(,_..'`-.;.'
Received on Tuesday, 7 December 2010 17:12:29 UTC