Locking Down Your Website Scripts with CSP, Hashes, Nonces and Report URI
Troy Hunt
NOVEMBER 14, 2017
I run a workshop titled Hack Yourself First in which people usually responsible for building web apps get to try their hand at breaking them. That's pretty much XSS 101 - just get an alert box to fire - and reflecting a script tag is one of the most fundamental techniques attackers use to run their script on your website. Using Nonces.
Let's personalize your content