22256 – Add a note regarding first line of defense.

This is an archived snapshot of W3C's public bugzilla bug tracker, decommissioned in April 2019. Please see the home page for more details.

Bug 22256 - Add a note regarding first line of defense.

Summary: Add a note regarding first line of defense.

Status:	CLOSED FIXED

Alias:	None

Product:	WebAppsSec
Classification:	Unclassified
Component:	CSP (show other bugs)
Version:	unspecified
Hardware:	All All

Importance:	P2 normal
Target Milestone:	---
Assignee:	Adam Barth
QA Contact:	This bug has no owner yet - up for the taking

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2013-06-04 02:20 UTC by Glenn Adams
Modified:	2013-07-02 20:57 UTC (History)
CC List:	2 users (show)

See Also:

Attachments

Description Glenn Adams 2013-06-04 02:20:45 UTC

The introduction contains the following:

"Content Security Policy (CSP) is not intended as a first line of defense against content injection vulnerabilities."

For those readers not familiar with the details of secure programming, it would be useful to add a Note referring to some work(s) that address the "first line[s] of defense".

Comment 1 Adam Barth 2013-07-02 20:44:38 UTC

https://dvcs.w3.org/hg/content-security-policy/rev/70fe107c0569

Comment 2 Glenn Adams 2013-07-02 20:57:33 UTC

Thanks.