Locking Down Your Website Scripts with CSP, Hashes, Nonces and Report URI
Troy Hunt
NOVEMBER 14, 2017
As it turns out, breaking websites is a heap of fun (with the obvious caveats) and people really get into the exercises. That's pretty much XSS 101 - just get an alert box to fire - and reflecting a script tag is one of the most fundamental techniques attackers use to run their script on your website.
Let's personalize your content