[wp-trac] [WordPress Trac] #10237: Implement the new Mozilla feature to prevent XSS
WordPress Trac
wp-trac at lists.automattic.com
Tue May 18 00:10:31 UTC 2010
#10237: Implement the new Mozilla feature to prevent XSS
-------------------------------+--------------------------------------------
Reporter: Denis-de-Bernardy | Owner: ryan
Type: feature request | Status: new
Priority: normal | Milestone: Future Release
Component: Security | Version: 2.8
Severity: normal | Keywords:
-------------------------------+--------------------------------------------
Comment(by bsterne):
I finished the CSP implementation as a plugin which you can download and
read about here:
[http://people.mozilla.org/~bsterne/content-security-
policy/wordpress.html]
I spoke to westi and nacin over IRC and they suggested a CSP plugin as a
proof-of-concept would be valuable here to help people get comfortable
with the idea. I encourage anyone following this ticket to try out the
CSP plugin and provide feedback.
It's worth noting that the plugin only serves the header for the content
portion of the site currently, since there are inline scripts being used
in the admin section that can't be moved without a patch to Core.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/10237#comment:20>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list