Google bakes W3C malware-buster into Gmail

Content Security Policy standard means non-complying extensions SHALL NOT PASS!

6 Reg comments Got Tips?

If an online service offers even the slightest gap through which miscreants can launch an attack, they will do so. It's therefore not surprising that Google feels some extensions to its Gmail service may not be entirely friendly to users.

The Chocolate Factory's, response, announced Tuesday, is to adopt the W3C's Content Security Policy (CSP_ standard.

The effect of doing so is simple: Gmail extensions that aren't CSP-compliant won't work any more as Google's adoption of the standard means unapproved code won't load into a browser.

Google warns adopting CSP may mean a few hiccups for users running extensions that comply, but haven't yet updated to reflect that fact. But the company also feels adopting CSP is a worthy security improvement. ®


Biting the hand that feeds IT © 1998–2020