Tag: CSP

Total 34 Posts

XSS on etherscan.io

I got a DM from a journalist called Jordan Pearson this evening and what started out as a quick comment for an article turned into an investigation of an ongoing issue. etherscan.io Etherscan is ranked as the 1,379th site in the world according to Alexa, so they're pretty…

Continue Reading

Launching Report URI JS

The most common way to set a Content Security Policy on your site is to deliver it as a HTTP response header, but that's not always possible. On hosted platforms like GitHub Pages, Ghost Pro or WordPress it's not always easy or even possible to set a HTTP response header.…

Continue Reading