Content Security Policy (CSP) is one of the most promising countermeasures against XSS, but it should follow some best practices, otherwise security smells (i.e., recurring coding patterns that are indicative of security weakness) may appear. Among the most important CSP best practices is to not allow the use of unsafe-inline and unsafe-eval policies. The method disclosed here adds innovative aspects to the current state-of-the-art to provide automatic means of getting rid of unsafe policies in CSP.
Creative Commons License
This work is licensed under a Creative Commons Attribution-Share Alike 4.0 License.
INC, HP, "AUTOMATICALLY FIXING SECURITY SMELLS IN CONTENT SECURITY POLICIES (CSP) FOR WEB APPLICATIONS", Technical Disclosure Commons, (February 16, 2021)