Mitigate cross-site scripting (XSS) with a strict Content Security Policy (CSP)

Lukas Weichselbaum