Google elaborated in a blog post last year on how to strengthen its security mechanism and safeguard its applications from usual web susceptibilities and the features safeguarding its applications are Content Security Policy and Trusted Types - depends on script nonces, Cross-Origin Opener Policy and Fetch Metadata Request Headers.
These security mechanisms safeguard the application from injected strikes and enhance isolation capacities. Google stated that even if the small segment of the malicious script is inserted by an attacker, “the browser will refuse to execute any injected script which doesn’t identify itself with the current nonce” and this eases down the impact of any server-side inserted susceptibilities containing reflected XSS and reflected XSS.
The Content Security Policy (CSP) was refined by the enforcement of these developments by Google and the tech giant stated that “CSP has mitigated the exploitation of over 30 high-risk XSS flaws across Google in the past two years. Nonce-based CSP is supported in chrome, Firefox, Microsoft Edge, and other Chromium-based browsers. Partial support for this variant of CSP is also available in Safari”.
Meanwhile, Mozilla spokesperson stated to The Daily Swig that Mozilla’s security was boosted due to the injection of Project Fission last year and the Firefox security team has played a massive role in making the internet more secure for all users. He added that the primary aim ..
Support the originator by clicking the read the rest link below.
