内容安全策略

内容安全策略（英语：Content Security Policy，简称CSP）是一种电脑安全标准，旨在防御跨站脚本、点击劫持等代码注入攻击，阻止恶意内容在受信网页环境中执行。^[1]这一标准是W3C网络应用安全工作组的候选推荐标准^[2]，被现代网页浏览器广泛支持。^[3]

另见

参考资料

^ Sid Stamm. Security/CSP/Spec - MozillaWiki. wiki.mozilla.org. 2009-03-11 [2011-06-29]. （原始内容存档于2019-09-29）. Content Security Policy is intended to help web designers or server administrators specify how content interacts on their web sites. It helps mitigate and detect types of attacks such as XSS and data injection.
^ State of the draft. 2016-09-13 [2016-10-05]. （原始内容存档于2017-02-26）.
^ Can I use Content Security Policy?. Fyrd. [February 22, 2013]. （原始内容存档于2013-07-01）.

外部链接

W3C Working Draft. Content Security Policy Level 3. W3C. 2018-10-15 [2020-03-29]. （原始内容存档于2020-11-12）（英语）.
Content Security Policy (CSP). MDN Web Docs. [2020-03-29]. （原始内容存档于2020-12-18）（英语）.

这是一篇与计算机相关的小作品。您可以通过编辑或修订扩充其内容。

[Stamm_2009-1] Sid Stamm. Security/CSP/Spec - MozillaWiki. wiki.mozilla.org. 2009-03-11 [2011-06-29]. （原始内容存档于2019-09-29）. Content Security Policy is intended to help web designers or server administrators specify how content interacts on their web sites. It helps mitigate and detect types of attacks such as XSS and data injection.

[CSPstatus-2] State of the draft. 2016-09-13 [2016-10-05]. （原始内容存档于2017-02-26）.

[caniuse-3] Can I use Content Security Policy?. Fyrd. [February 22, 2013]. （原始内容存档于2013-07-01）.

[1]

[2]

[3]