Friday, October 02, 2009

CSP Preview!

Brandon Sterne and I released a preview of Firefox with Content Security Policy features built in. There are still little bits of the specification that aren't yet ready (like HTTP redirection handling), but most of the core functionality should be there.

If you'd like to play around with this pre-release version of Firefox (very alpha, future release) that has CSP built in, download it here! You can test it out at Brandon's demo page.

In case you're not familiar with CSP, it's a content-restriction system that allows web sites to specify what other types of stuff can be embedded on their pages and where it can be loaded from. It's very similar to something called HTTP Immigration Control that I was working on in grad school, so I'm very exited to be part of the design, specification and implementation -- hopefully a big step towards securing the web.

Previously: Shutting Down XSS with Content Security Policy and CSP: With or Without Meta?

Update: The old download link expired. New one should have a much longer lifetime (here).


Anonymous said...

have been looking for an answer to ff3.0.9 The bookmark user expiration set days isnt working.
ff keeps on saving by passing my two day limit. I have searched ff forms and google to properly ask this question and getting no answer. I am trying anything I can to find the answer.

Sid Stamm said...

I am not sure how to solve your problem. Try asking at

There's also a live chat feature there (and forums) in case you want to discuss the problem with other people.