Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks.
Example of change required:Enabling CSP is as easy as configuring your web server to return the X-Content-Security-Policy HTTP header.
https://developer.mozilla.org/en/Introd ... ity_Policy* User Agents MUST block:
o The contents of internal <script> nodes
o javascript: URIs, e.g. <a href="javascript:bad_stuff()"> (unless enabled by policy)
o Event-handling attributes, e.g. <a onclick="bad_stuff()">
* User Agents MUST NOT block:
o Scripts imported from external files whose sources are allowed by the protected document's policy AND are served with a Content-Type of application/javascript or application/json.
https://wiki.mozilla.org/Security/CSP/Specification
https://wiki.mozilla.org/Security/CSP/S ... strictions
phpMyAdmin
http://www.phpmyadmin.net/documentation/changelog.php
"+ [core] Include Content Security Policy HTTP headers."
MantisBT bugtracking
http://www.mantisbt.org/blog/?p=119
"As Firefox 4 has been pushed back to early 2011 we have more time to finish off the implementation of X-Content-Security-Policy within MantisBT."