For xB Browser, for users running XeroBank, we’ve removed noscript and replaces it with SPP. That allows users to protect against cross-site scripting, and false certificates, without dealing with NoScript issues.
Does anybody know what this XeroBank guy is talking about?
SPP can’t obviously stand for Site Pecurity Policy. It wouldn’t make sense (spelling and grammar aside) because SSP is not meant and not going to replace NoScript anytime soon. The SSP we know does not allow “users to protect against” anything, it just allows compliant web sites to protect their own users (which is great, anyway).
So, any hint about this SPP supposed NoScript killer?
June 21st, 2008 at 2:48 pm
I think he is saying that the users of xerobank dont need NoScript because XeroBank’s website has their own anti-xss measures.
June 21st, 2008 at 3:21 pm
@sirdarckcat:
I could not sniff any X-SSP header on their site (maybe they’re in some restricted area only?)
Anyway, they definitely need something here.
June 21st, 2008 at 4:13 pm
I think it means Standard Parallel Port - as to be seen here: http://de.wikipedia.org/wiki/Standard_Parallel_Port. Try to execute on a website that has been printed out - quite a quest.
June 21st, 2008 at 4:22 pm
@.mario:
ROTFL, Cross Medium Scripting® FTW!
June 21st, 2008 at 6:33 pm
The site in it’s comments is now corrected to SSP (site security policy).
June 21st, 2008 at 6:47 pm
… making his statements even more problematic :)
June 22nd, 2008 at 8:13 pm