Content Security Policy (original) (raw)
Content Security Policy (CSP) ist ein Sicherheitskonzept, um Cross-Site-Scripting und andere Angriffe durch Einschleusen von Daten in Webseiten zu verhindern. Es handelt sich um einen W3C-Empfehlungskandidaten zur Sicherheit von Webanwendungen. CSP wurde ursprünglich von der Mozilla Foundation entworfen und in Firefox 4.0 erstmals experimentell unterstützt.
| Property | Value |
|---|---|
| dbo:abstract | Content Security Policy (CSP) ist ein Sicherheitskonzept, um Cross-Site-Scripting und andere Angriffe durch Einschleusen von Daten in Webseiten zu verhindern. Es handelt sich um einen W3C-Empfehlungskandidaten zur Sicherheit von Webanwendungen. CSP wurde ursprünglich von der Mozilla Foundation entworfen und in Firefox 4.0 erstmals experimentell unterstützt. (de) Content Security Policy (CSP) is a computer security standard introduced to prevent cross-site scripting (XSS), clickjacking and other code injection attacks resulting from execution of malicious content in the trusted web page context. It is a Candidate Recommendation of the W3C working group on Web Application Security, widely supported by modern web browsers. CSP provides a standard method for website owners to declare approved origins of content that browsers should be allowed to load on that website—covered types are JavaScript, CSS, HTML frames, web workers, fonts, images, embeddable objects such as Java applets, ActiveX, audio and video files, and other HTML5 features. (en) Content Security Policy (abrégé CSP) est un mécanisme de sécurité standardisé permettant de restreindre l'origine du contenu (tel qu'un script Javascript, une feuille de style etc.) dans une page web à certains sites autorisés. Il permet notamment de mieux se prémunir contre des attaques d'injection de code comme les attaques par cross-site scripting (abrégé XSS) ou par détournement de clic. Ces attaques se reposant essentiellement sur l'exécution de code malveillant sur un site où l'utilisateur se sent en confiance. Sa troisième version est actuellement un Candidat de Recommandation pour le groupe de travail W3C sur le Web Application Security . CSP fournit une méthode standard pour que les propriétaires de sites web puissent déclarer les origines approuvées de contenu dont les navigateurs devraient être autorisés à charger sur ce site. Les types couverts sont des scripts JavaScript, des feuilles de style CSS, des (en), des (en), des polices d'écriture, des images, des objets incorporables comme des Applets Java, ActiveX, des fichiers audio ou vidéo, et d'autres fonctionnalités d'HTML5. La plupart des navigateurs modernes supportent ce mécanisme dans sa première version. Ceux ne supportant pas cette spécification ignorent simplement l'en-tête, cela est donc transparent pour le visiteur. (fr) 콘텐츠 보안 정책(Content Security Policy, CSP)은 신뢰된 웹 페이지 콘텍스트에서 악의적인 콘텐츠를 실행하게 하는 사이트 간 스크립팅(XSS), 클릭재킹, 그리고 기타 코드 인젝션 공격을 예방하기 위해 도입된 컴퓨터 보안 표준이다. 웹 애플리케이션 보안의 W3C 워킹 그룹의 후보 권고안이며 현대의 웹 브라우저에 폭넓게 지원된다. CSP는 웹사이트 소유자들이 승인된 콘텐츠 오리진(origin)을 선언할 수 있게 하는 표준 방식을 제공하며, 이를 통해 해당 웹사이트들로부터 브라우저들이 자바스크립트, CSS, 프레임, , 글꼴, 이미지, 그리고 자바 애플릿, 액티브X, 오디오 및 비디오 파일, 그리고 기타 HTML5 기능들을 사용할 수 있게 허용이 가능해진다. (ko) 内容安全策略(英語:Content Security Policy,简称CSP)是一种计算机安全标准,旨在防御跨站脚本、点击劫持等代码注入攻击,阻止恶意内容在受信网页环境中执行。这一标准是W3C网络应用安全工作组的候选推荐标准,被现代网页浏览器广泛支持。 (zh) |
| dbo:thumbnail | wiki-commons:Special:FilePath/ContentSecurityPolicy3_diagram.png?width=300 |
| dbo:wikiPageExternalLink | http://www.gnudeveloper.com/cyber_security/secure_coding_guidelines_for_content_security_policy.html http://www.w3.org/TR/CSP/ https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP |
| dbo:wikiPageID | 34231217 (xsd:integer) |
| dbo:wikiPageLength | 17810 (xsd:nonNegativeInteger) |
| dbo:wikiPageRevisionID | 1113876953 (xsd:integer) |
| dbo:wikiPageWikiLink | dbr:Cascading_Style_Sheets dbr:Ruby_on_Rails dbr:Web_typography dbc:Web_applications dbr:Computer_security dbr:Cox_Communications dbr:Safari_(web_browser) dbr:Same-origin_policy dbr:Gecko_(layout_engine) dbr:GitHub dbr:Google_Chrome dbr:Content_delivery_network dbr:Cross-site_scripting dbr:Referer dbc:Hacking_(computer_security) dbr:AngularJS dbr:Application_programming_interface dbr:MDN_Web_Docs dbr:Clickjacking dbr:Web_page dbr:W3C dbr:WebKit dbr:Web_browser dbr:Web_server dbr:Web_worker dbr:HTTPS dbr:HTTP_Public_Key_Pinning dbr:HTTP_Strict_Transport_Security dbr:HTTP_Switchboard dbr:ActiveX dbr:Firefox dbr:Firefox_4 dbr:NoScript dbc:Hypertext_Transfer_Protocol_headers dbr:HTML5 dbr:HTTP dbr:Internet_Explorer_10 dbr:Internet_Explorer_11 dbr:JSON dbr:JavaScript dbc:Computer_security_standards dbc:Web_security_exploits dbr:API dbr:Code_injection dbr:Java_applet dbr:Multitier_architecture dbr:Django_(web_framework) dbr:Document_Object_Model dbr:Bookmarklet dbr:HTML_META dbr:HTML_frame dbr:Microsoft_Edge dbr:Opera_(web_browser) dbr:Subresource_Integrity dbr:Trusted_Computing_Base dbr:Load_balancer dbr:File:ContentSecurityPolicy3_diagram.png |
| dbp:group | lower-alpha (en) |
| dbp:wikiPageUsesTemplate | dbt:As_of dbt:Citation_needed dbt:Efn dbt:Reflist dbt:Short_description |
| dcterms:subject | dbc:Web_applications dbc:Hacking_(computer_security) dbc:Hypertext_Transfer_Protocol_headers dbc:Computer_security_standards dbc:Web_security_exploits |
| gold:hypernym | dbr:Computer |
| rdf:type | yago:WikicatComputerSecurityExploits yago:WikicatComputerSecurityStandards yago:WikicatWebApplications yago:WikicatWebSecurityExploits yago:Abstraction100002137 yago:Accomplishment100035189 yago:Act100030358 yago:Action100037396 yago:Application106570110 yago:Code106355894 yago:CodingSystem106353757 yago:Communication100033020 yago:Event100029378 yago:Feat100036762 yago:Heading106343971 yago:Line107012534 yago:Matter106365467 yago:Measure100033615 yago:Program106568978 yago:PsychologicalFeature100023100 yago:WikicatHypertextTransferProtocolHeaders yago:Writing106359877 yago:Writing106362953 yago:WrittenCommunication106349220 yago:YagoPermanentlyLocatedEntity dbo:InformationAppliance yago:Software106566077 yago:Standard107260623 yago:SystemOfMeasurement113577171 yago:Text106387980 |
| rdfs:comment | Content Security Policy (CSP) ist ein Sicherheitskonzept, um Cross-Site-Scripting und andere Angriffe durch Einschleusen von Daten in Webseiten zu verhindern. Es handelt sich um einen W3C-Empfehlungskandidaten zur Sicherheit von Webanwendungen. CSP wurde ursprünglich von der Mozilla Foundation entworfen und in Firefox 4.0 erstmals experimentell unterstützt. (de) Content Security Policy (CSP) is a computer security standard introduced to prevent cross-site scripting (XSS), clickjacking and other code injection attacks resulting from execution of malicious content in the trusted web page context. It is a Candidate Recommendation of the W3C working group on Web Application Security, widely supported by modern web browsers. CSP provides a standard method for website owners to declare approved origins of content that browsers should be allowed to load on that website—covered types are JavaScript, CSS, HTML frames, web workers, fonts, images, embeddable objects such as Java applets, ActiveX, audio and video files, and other HTML5 features. (en) 콘텐츠 보안 정책(Content Security Policy, CSP)은 신뢰된 웹 페이지 콘텍스트에서 악의적인 콘텐츠를 실행하게 하는 사이트 간 스크립팅(XSS), 클릭재킹, 그리고 기타 코드 인젝션 공격을 예방하기 위해 도입된 컴퓨터 보안 표준이다. 웹 애플리케이션 보안의 W3C 워킹 그룹의 후보 권고안이며 현대의 웹 브라우저에 폭넓게 지원된다. CSP는 웹사이트 소유자들이 승인된 콘텐츠 오리진(origin)을 선언할 수 있게 하는 표준 방식을 제공하며, 이를 통해 해당 웹사이트들로부터 브라우저들이 자바스크립트, CSS, 프레임, , 글꼴, 이미지, 그리고 자바 애플릿, 액티브X, 오디오 및 비디오 파일, 그리고 기타 HTML5 기능들을 사용할 수 있게 허용이 가능해진다. (ko) 内容安全策略(英語:Content Security Policy,简称CSP)是一种计算机安全标准,旨在防御跨站脚本、点击劫持等代码注入攻击,阻止恶意内容在受信网页环境中执行。这一标准是W3C网络应用安全工作组的候选推荐标准,被现代网页浏览器广泛支持。 (zh) Content Security Policy (abrégé CSP) est un mécanisme de sécurité standardisé permettant de restreindre l'origine du contenu (tel qu'un script Javascript, une feuille de style etc.) dans une page web à certains sites autorisés. Il permet notamment de mieux se prémunir contre des attaques d'injection de code comme les attaques par cross-site scripting (abrégé XSS) ou par détournement de clic. Ces attaques se reposant essentiellement sur l'exécution de code malveillant sur un site où l'utilisateur se sent en confiance. Sa troisième version est actuellement un Candidat de Recommandation pour le groupe de travail W3C sur le Web Application Security . (fr) |
| rdfs:label | Content Security Policy (de) Content Security Policy (en) Content Security Policy (fr) 콘텐츠 보안 정책 (ko) 内容安全策略 (zh) |
| owl:sameAs | freebase:Content Security Policy yago-res:Content Security Policy wikidata:Content Security Policy dbpedia-de:Content Security Policy dbpedia-fr:Content Security Policy dbpedia-ko:Content Security Policy dbpedia-sr:Content Security Policy dbpedia-zh:Content Security Policy https://global.dbpedia.org/id/BT5Q |
| prov:wasDerivedFrom | wikipedia-en:Content_Security_Policy?oldid=1113876953&ns=0 |
| foaf:depiction | wiki-commons:Special:FilePath/ContentSecurityPolicy3_diagram.png |
| foaf:isPrimaryTopicOf | wikipedia-en:Content_Security_Policy |
| is dbo:wikiPageDisambiguates of | dbr:Content_security dbr:CSP |
| is dbo:wikiPageWikiLink of | dbr:Internet_privacy dbr:Computer_security dbr:Same-origin_policy dbr:MontageJS dbr:Cross-origin_resource_sharing dbr:Cross-site_scripting dbr:Clickjacking dbr:Troy_Hunt dbr:HTTP_Strict_Transport_Security dbr:HTTP_referer dbr:Adblock_Plus dbr:NoScript dbr:List_of_HTTP_header_fields dbr:Intertrust_Technologies_Corporation dbr:JavaScript dbr:Bookmarklet dbr:Content_security dbr:Browser_engine dbr:CSP dbr:Web_skimming |
| is foaf:primaryTopic of | wikipedia-en:Content_Security_Policy |
