A relatively new feature in browsers, Content Security Policy is a tool that protects your web application against Cross-Site Scripting (XSS) vulnerabilities. By declaring to the browser the location where scripts and other resources are supposed to come from, the browser knows to block resources coming from anywhere else.
Adam Barth spends his days as a Software Engineer on Google's Chrome team. In addition to that, when he's not giving talks at SF HTML5, he's an editor for the W3C's Content Security Policy spec and is the chair on the W3C's Web Security Interest Group.
This talk shows you how you can use Content Security Policy 1.0 to help secure your web app today. He also gives a preview of what's on the horizon in 1.1.
Want to dive into more HTML5?