Twitter is using Mozilla's new Content Security Policy (CSP) in Firefox 4 to help prevent web-based attacks on...
its mobile site.
Mozilla has made Firefox 4 available to download for Windows, Mac OS X and Linux. The latest version includes security features, 'do not track' and CSP.
On its Engineering blog, Twitter says it has been testing the new CSP feature for the past few weeks. "This policy is a standard developed by Mozilla that aims to thwart cross-site scripting (XSS) attacks at their point of execution, the browser."
Brandon Sterne from Twitter's security team said in a blog post: "We expect CSP to be used widely and adopted very quickly. Popular commercial websites like Twitter are already using it, and there are CSP plug-ins for many of the popular content management systems like Wordpress, Django and Drupal. If this works out according to plan, the curtain will soon be coming down on a broad range of nasty web bugs."
Twitter hopes sites that depend on client-side code and user-generated content will be able to make use of the CSP standard in other browsers soon.