Skip to main content

Replied to a post on github.com :

Content Security Policy: http://www.html5rocks.com/en/tutorials/security/content-security-policy/

Basically, does a lot to prevent XSS, but breaks much of the legacy (read: stuff we shouldn't have ever been doing but did anyway) approaches people took.