{"json_modified": "2016-05-28T10:17:23.110921", "uuid": "a09140c9-2da5-425e-8051-39da37a3bafc", "title": "Content Security Policy", "url": "/en-US/docs/Mozilla/Add-ons/WebExtensions/Content_Security_Policy", "tags": [], "translations": [], "modified": "2016-05-28T10:17:23", "label": "Content Security Policy", "localization_tags": [], "locale": "en-US", "id": 185626, "last_edit": "2016-05-28T10:17:20", "summary": "<a href=\"/en-US/docs/Web/Security/CSP\">Content Security Policy</a> (CSP) is a mechanism to help prevent websites from inadvertantly executing malicious content. A website specifies a CSP using an HTTP header sent from the server. The CSP is mostly concerned with specifying legitimate sources of various types of content, such as scripts or embedded plugins. For example, a website can use it to specify that the browser should only execute JavaScript served from the website itself, and not from any other sources. A CSP can also instruct the browser to disallow potentially unsafe practices, such as the use of <code><a href=\"/en-US/docs/Web/JavaScript/Reference/Global_Objects/eval\">eval()</a></code>.", "sections": [{"id": "Quick_Links", "title": null}, {"id": "Default_content_security_policy", "title": "Default content security policy"}, {"id": "Location_of_script_and_object_resources", "title": "Location of script and object resources"}, {"id": "eval()_and_friends", "title": "eval() and friends"}, {"id": "Inline_JavaScript", "title": "Inline JavaScript"}], "slug": "Mozilla/Add-ons/WebExtensions/Content_Security_Policy", "review_tags": []}