---

How Google Is Using Content Security Policy to Mitigate Web Flaws

Cross Site Scripting, commonly referred to as XSS, is among the most pervasive flaws on the web today.

With an XSS flaw, an attacker is potentially able to inject a script on a site from another domain, without authorization. According to Google engineers, Lukas Weichselbaum and Michele Spagnuolo, XSS is also a big issue for Google, which is why it has invested in efforts to help reduce the risk, with a technology approach known as Content Security Policy (CSP).

Get the Free Newsletter!

Subscribe to Developer Insider for top news, trends, & analysis