Comments on: Client-Side protection from XSS http://kyran.wordpress.com/2006/10/11/client-side-protection-from-xss/ Security, Technology and Life Sun, 21 Dec 2008 13:05:46 +0000 http://wordpress.com/ hourly 1 By: Brian http://kyran.wordpress.com/2006/10/11/client-side-protection-from-xss/#comment-2 Brian Fri, 13 Oct 2006 21:05:29 +0000 http://kyran.wordpress.com/2006/10/11/client-side-protection-from-xss/#comment-2 I think browsers are going to need to help with the reflected XSS and CSRF problems. I posted a proposal on how web sites could tell browsers what kind of cross-site linking was expected to the webappsec list at one point, and it turned out that Ivan Ristic had written up some notes in a similar vein (only his ideas go much further...) CSL Policy: http://www.webappsec.org/lists/websecurity/archive/2006-06/msg00070.html Secure Browsing Mode: http://www.webappsec.org/lists/websecurity/archive/2006-06/msg00085.html I think browsers are going to need to help with the reflected XSS and CSRF problems. I posted a proposal on how web sites could tell browsers what kind of cross-site linking was expected to the webappsec list at one point, and it turned out that Ivan Ristic had written up some notes in a similar vein (only his ideas go much further…)

CSL Policy: http://www.webappsec.org/lists/websecurity/archive/2006-06/msg00070.html

Secure Browsing Mode:
http://www.webappsec.org/lists/websecurity/archive/2006-06/msg00085.html

]]>