My implementation of the Content Security Policy server logic for WordPress is now available as a WordPress Plugin. Fig.1 – CSP configuration page making a policy recommendation. Fig. 2 – New panel in media uploader allows direct creation of script files in the uploads directory.

I am excited to report that Content Security Policy is available for testing! We’ve been working hard on implementing the CSP spec and now the new features are ready to be put to the test. I would like to encourage any interested parties, whether web security researchers or website administrators, to grab a preview build of Firefox with CSP enabled and head over to the demo page to see it in action.

I published another set of changes to the Content Security Policy proposal. We are getting very close to the implementation phase now, and I’ve made a final call for feedback. Sid and I are in the process of moving the documentation to the Mozilla Wiki, where the final specification will live.

I updated my web security proposal with a fairly large set of changes. I removed Cross Site Request Forgery from the scope of the proposal and instead will focus on the implementation of the Origin header. The syntax has also been expanded to allow policy creation for a larger set of content types, e.g. not [...]

I published a proposal for a set of browser security features that I hope to get turned into an open web standard and implemented in a future version of Firefox. The goal is create a mechanism that allows websites to communicate security policies to the browser which dictate how web content should behave.