Skip to content

Commit

Permalink
Mitigate nonce-stealing attacks.
Browse files Browse the repository at this point in the history 
As discussed in w3c/webappsec-csp#98, this patch attempts to mitigate
dangling markup injection attacks' ability to repurpose existing nonces
via clever injections.

It's not clear that we can ship this mitigation, as it's fairly expensive.
Accordingly, it's marked as 'at risk' in the document, pending further
investigation.
  • Loading branch information
@ryandel8834
ryandel8834 authored and ryandel8834 committed Sep 1, 2016
1 parent ed5f702 commit 8696d5c
Show file tree
Hide file tree
Showing 2 changed files with 271 additions and 201 deletions.
Loading

0 comments on commit 8696d5c

Please sign in to comment.