Twitter improves security on mobile site using Firefox 4 features

News

Twitter improves security on mobile site using Firefox 4 features

Jenny Williams

Twitter is using Mozilla's new Content Security Policy (CSP) in Firefox 4 to help prevent web-based attacks on its mobile site.

Mozilla has made Firefox 4 available to download for Windows, Mac OS X and Linux. The latest version includes security features, 'do not track' and CSP.

45023_Firefox-4-twitter-feature.jpg

On its Engineering blog, Twitter says it has been testing the new CSP feature for the past few weeks. "This policy is a standard developed by Mozilla that aims to thwart cross-site scripting (XSS) attacks at their point of execution, the browser."

"Although activating CSP is easy, in order for it to work correctly you may need to modify your site. In our case it meant removing all inline Javascript," Twitter advised.

"Allowing sites like Twitter to disable inline Javascript and whitelist external assets is a huge step towards neutralising XSS attacks," it continued in the blog post.

Brandon Sterne from Twitter's security team said in a blog post: "We expect CSP to be used widely and adopted very quickly. Popular commercial websites like Twitter are already using it, and there are CSP plug-ins for many of the popular content management systems like Wordpress, Django and Drupal. If this works out according to plan, the curtain will soon be coming down on a broad range of nasty web bugs."

Twitter hopes sites that depend on client-side code and user-generated content will be able to make use of the CSP standard in other browsers soon.

 


 


Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
 

COMMENTS powered by Disqus  //  Commenting policy