Yahoo

Tackle Cross Site Scripting using Content Security Policy

Cross site scripting (XSS) is identified as one of the main threats to web users by the OWASP Foundation. XSS occurs when a malicious third party injects a script into content served by your website.
Threat Post

Content Security Policy Mitigates XSS, Breaks Websites

An easily available and stout defense against cross-site scripting – content security policy – is sparsely deployed because it is not compatible with most websites. Content Security Policy (CSP) is an ...