AngularJS has recently implemented support for Content Security Policy that restricts the use of
new Function(), and other such text-to-JS conduits. This is a huge win, as CSP is one of the best protections modern browsers provide against XSS attacks. However, Angular’s implementation reveals a need for feature detection that the spec currently doesn’t address. This is my proposal for such an API.
1 articles and links tagged with “modernizr”
Content Security Policy: Feature Detection