Category: Web Security

WordPress and Content Security Policy April 12th, 2010

Lately, I have been implementing the server logic for Content Security Policy in WordPress. I was very pleased to see that the WordPress community opened up the tracking bug for this feature around the time we first blogged about it. One of the neat things about working for Mozilla is that contributions to other important open source projects are treated as valid, valuable uses of our time.

Today, I posted my first patch to WordPress, still a work in progress, which adds an administration panel (see below) for configuring CSP. One of the features I’m rather happy with is “Suggest Policy”, which analyzes the content in the user’s blog and recommends a policy based on the content types and sources it finds.

Next I’ll be working on moving the remaining inline script into external script files. Stay tuned for further updates!

Content Security Policy – Preview Builds October 1st, 2009

I posted this over at the Mozilla Security Blog but wanted to share it here as well. I am excited to report that Content Security Policy is available for testing! We’ve been working hard on implementing the CSP spec and now the new features are ready to be put to the test.

I would like to encourage any interested parties, whether web security researchers or website administrators, to head over to Mozilla Try Server and grab a preview build of Firefox with CSP enabled:

Windows: 1256079015-win32.zip
Mac OS X: 1256079015-macosx.dmg
Linux: 1256079015-linux.tar.bz2

Once you have it, you can test the core functionality of CSP at the demo page I set up on my Mozilla web space. There is a lot more information about this project there and I look forward to any feedback you have to share with me.