02 September 2014 11:00
![](http://blogmarks.net/screenshots/2014/09/02/46cb00478ed75911270e00a70cc718a0.png)
An Introduction to Content Security Policy - HTML5 Rocks
![](http://blogmarks.net/avatar?url=http%3A%2F%2Fwww.drop-zone-city.com%2FIMG%2Fauton1.jpg)
Instead of blindly trusting everything that a server delivers, CSP defines the Content-Security-Policy HTTP header that allows you to create a whitelist of sources of trusted content, and instructs the browser to only execute or render resources from those sources. Even if an attacker can find a hole through which to inject script, the script won’t match the whitelist, and therefore won’t be executed.
1
(1 marks)