XSS - mmedrano9438/peripheral-brain GitHub Wiki

Content Security Policy (CSP) is a security standard that helps to mitigate cross-site scripting (XSS) and other attacks. It works by restricting the resources a page can load and whether a page can be framed by other pages. To configure a CSP, you can: Add the Content-Security-Policy HTTP header to a web page Set values to control what resources the user agent is allowed to load for that page The header is divided into different sections that are each separated by a semi-colon. The “default-src” directive defines the security policy for all types of content which are not expressly called out by more specific directives. CSP is a W3C standard recommended by W3C Working Group and supported by almost all major modern web browsers. To adopt strict CSP, you can: Add nonces to <script> elements Refactor inline event handlers and javascript: URIs Refactor calls to JS APIs incompatible with CSP Serve the Content-Security-Policy header

Today, all modern browsers support the async and defer attributes on scripts. These attributes tell the browser it's safe to continue loading the page, while the scripts are being downloaded.

⚠️ **GitHub.com Fallback** ⚠️