Twitter has launched new security capabilities designed to protect users of the micro-blogging service accessing it through the newly launched Firefox 4 web browser.
The Content Security Policy (CSP) feature was developed by Mozilla in an attempt to thwart cross site scripting (XSS) attacks, according to a post on the Twitter Engineering blog.
CSP works by forcing the browser to ignore the JavaScript injected by a XSS attacker into a web page and to load only external assets from a set of whitelisted sites.
The CSP feature works only on Twitter's mobile site at present, but the firm hopes to roll it out across "more of Twitter" in the future. The firm also urged users to request support for the standard in their preferred browser.
"Allowing sites like Twitter to disable inline JavaScript and whitelist external assets is a huge step towards neutralising XSS attacks. However, for many sites it is not going to be as simple as flipping a switch," Twitter said.
"Most sites will require some work and you may need to alter a few third-party JavaScript libraries. Depending on how complex your site is, this could entail the bulk of your effort."
|