For xB Browser, for users running XeroBank, we've removed noscript and replaces it with SPP. That allows users to protect against cross-site scripting, and false certificates, without dealing with NoScript issues.

Does anybody know what this XeroBank guy is talking about?

SPP can't obviously stand for Site Pecurity Policy. It wouldn't make sense (spelling and grammar aside) because SSP is not meant and not going to replace NoScript anytime soon. The SSP we know does not allow "users to protect against" anything, it just allows compliant web sites to protect their own users (which is great, anyway).

So, any hint about this SPP supposed NoScript killer?

7 Responses to “Replace What?!”

  1. #1 sirdarckcat says:

    I think he is saying that the users of xerobank dont need NoScript because XeroBank's website has their own anti-xss measures.

  2. #2 Giorgio says:

    @sirdarckcat:
    I could not sniff any X-SSP header on their site (maybe they're in some restricted area only?)
    Anyway, they definitely need something here.

  3. #3 .mario says:

    I think it means Standard Parallel Port - as to be seen here: http://de.wikipedia.org/wiki/Standard_Parallel_Port. Try to execute on a website that has been printed out - quite a quest.

  4. #4 Giorgio says:

    @.mario:
    ROTFL, Cross Medium Scripting® FTW!

  5. #5 Ben says:

    The site in it's comments is now corrected to SSP (site security policy).

  6. #6 Giorgio says:

    is now corrected to SSP (site security policy)

    ... making his statements even more problematic :)

  7. #7 Aerik says:

    Update: My mistake in reading the minutes, we aren't removing NoScript, we're disabling NoScript script/plugin blocking for VPN users, in addition to playing with adding SSP.

Bad Behavior has blocked 3535 access attempts in the last 7 days.