Dynamic Content Security Policy Generation at Client-Side to Mitigate XSS Attacks

Abstract

Cross-site scripting (XSS) attacks are a major threat to web applications and have consistently ranked among the OWASP Top 10 vulnerabilities. Attackers can inject malicious scripts that execute within a user's browser. Server-side Content Security Policies (CSPs) offer some protection, but their static nature makes them ineffective when dealing with dynamic content and a very small percentage of web application use. This paper explores dynamically generated CSPs on the client side. This approach overcomes the limitations of traditional CSPs and provides a more robust defense against XSS attacks. © 2024 IEEE.