|
AutoCSP
is an approach for automatically retrofitting content
security policy (CSP) to web applications. AutoCSP (1) leverages
dynamic taint analysis to identify which content should be allowed to
load on the dynamically-generated HTML pages of a web application and
(2) indicates to developers how to change the server-side code of the
application to generate such pages with the right permissions. You
can download a prototype implementation of AutoCSP here.
|