W3C

Entry Point Regulation Draft Published

The Web Application Security Working Group has published a Working Draft of Entry Point Regulation. Entry Point Regulation aims to mitigate the risk of reflected cross-site scripting (XSS), cross-site script inclusion (XSSI), and cross-site request forgery (CSRF) attacks by demarcating the areas of an application which are intended to be externally referencable. A specified policy is applied on external requests for all non-demarcated resources. Learn more about the Security Activity.