Google has released two new tools for developers looking to protect web domains against XSS scripting security flaws.
Cross-site scripting (XSS) is a common security issue web developers face today. The attack, which relies on vulnerabilities which allow the injection of malicious codes into trusted websites and applications, can lead to malvertising campaigns, watering hole attacks, and drive-by attacks which do not need victims, visiting a trusted site, to do anything more than open a page.
Content Security Policy (CSP) is often the answer for web developers to stay clear of such attacks. CSP, support by all major browsers, can be used to restrict programming input and scripts and prevent them executing, even if attackers are able to inject malicious code into vulnerable web pages.