The name Cross-Site Scripting (XSS) was coined in January 2000 by a small group of Microsoft security engineers. Today, almost 17 years later, it's still widely used to attack web apps, users, and browsers. Let's go beyond
alert(1) and let's see what else we can do to stop the attack. You'll fall in love with Content Security Policy (CSP) after seeing this talk, guaranteed*.
* Terms and Conditions may apply
Date and event
November 26, 2016, Drupal IronCamp (talk duration 45 minutes)