NatyOct 7
Getting a #CSP (Content Security policy) working right for my site *and* have reasonable security levels is proving harder than I thought... #webdev #headers #websecurity #ContentSecurityPolicies
N-gated Hacker NewsApr 9, 2025
It's 2025, and #Firefox still thinks their #UI is the next SpaceX launch—except it's powered by #HTML and #CSS instead of rocket fuel. 🚀💥 But don't worry, they're "hardening" it with Content Security Policies, because nothing screams "cutting-edge" like desperately patching a leaky, decade-old tech stack. 🔒😂
https://attackanddefense.dev/2025/04/09/hardening-the-firefox-frontend-with-content-security-policies.html #SpaceX2025 #ContentSecurityPolicies #HackerNews #ngated
Hardening the Firefox Frontend with Content Security Policies

Most of the Firefox User Interface (UI), including the address bar and the tab strip, are implemented using standard web technologies like HTML, CSS and JavaScript plus some additional custom components like XUL. One of the advantages of using web technologies for the front end is that it allows rendering the frontend using the browser engine on all desktop operating systems. However, just like many web applications are susceptible to some form of injection attack (OWASP Top Ten), Firefox’s use of web technologies for the frontend makes it no exception and hence it is vulnerable to injection attacks as well.

Attack & Defense
ConffabAug 9, 2024

The world leading conference for JavaScript Developers and Front End Engineers

https://conffab.com/event/code-24/

#a11y #accessibility #APIs #architecture #career #ContentSecurityPolicies #CoreWebVitals #css #Flexbox #fonts #frontendDevelopment #grid #InteractionToNextPaint #javascript #Layout #layouts #performance #React #regulation #scrollSnap #security #softwareEngineering #SPAs #typography #WebComponents #webCrypto #XSS

The Hacker NewsJul 12, 2022

Referenced link: https://thehackernews.com/2022/07/avoiding-death-by-thousand-scripts.html
Discuss on https://discu.eu/q/https://thehackernews.com/2022/07/avoiding-death-by-thousand-scripts.html

Originally posted by The Hacker News / @[email protected]: https://twitter.com/TheHackersNews/status/1546871459708293120#m

It’s no secret that manual #ContentSecurityPolicies (CSPs) are a pain to manage.

But they don’t have to be.

#AutomatedContentSecurityPolicies are a great way to simplify your #CSPmanagement.

Read the full blog here ➤ https://thehackernews.com/2022/07/avoiding-death-by-thousand-scripts.html

#infosec #cybersecurity

Avoiding Death by a Thousand Scripts: Using Automated Content Security Policies

The process of automating content security policies can be improved by identifying all scripts, as well as the assets that they access.

The Hacker News