Completed
Crosssite scripting
Class Central Classrooms beta
YouTube videos curated by Class Central.
Classroom Contents
No More XSS - Deploying CSP with Nonces and Strict-Dynamic
Automatically move to the next video in the Classroom when playback concludes
- 1 Introduction
- 2 Agenda
- 3 Crosssite scripting
- 4 Templates and autoescape
- 5 No crosssite scripting
- 6 Content security policy
- 7 Domain whitelist
- 8 Object source base URI
- 9 HTML injection
- 10 Inline scripts
- 11 CSP nonces
- 12 What can go wrong
- 13 Hashes
- 14 Whitelisting
- 15 Strictdynamic
- 16 JavaScript templates
- 17 Deploying CSP
- 18 Easier to deploy
- 19 Code changes
- 20 Nonces
- 21 Change templates
- 22 Report only mode
- 23 CSP policy
- 24 Resources
- 25 Questions
- 26 Report URL