Google has taken several steps this week to improve the security of its Gmail application and Chrome web browser. Gmail is set to support Content Security Policy (CSP) and has also published preliminary code for end-to-end email encryption.
Content Security Policy (CSP) is an idea that has been around since at least 2010, when Mozilla implemented the technology in its Firefox 4 web browser. The basic idea behind CSP is to limit the risk of Cross Site Scripting (XSS) security flaws. CSP provides policies for a browser about what scripts from sites can run.