Towards a post-XSS world
Mike West(00:24:29)
sourced from JSConfEU
Cross-site scripting attacks are pervasive and dangerously exploitable threats to modern web applications, undermining the critical assumption that your app's code is actually under your control. But you know that already; you're likely playing whack-a-mole right now with one of the dozens of potential attack vectors your app exposes.
Happily, we're this close to eradicating XSS with some new tools like Content Security Policy. Come spend a half-hour of your life learning how you can stop worrying about maliciously injected script. You'll be glad you did!
Mike's "Intro to CSP" article: http://www.html5rocks.com/en/tutorials/security/content-security-policy/