Crisper: Protecting your Polymer app with CSP -- Polycasts #40

Channel:
Chrome for Developers
Subscribers:
791,000
Published on ● Video Link: https://www.youtube.com/watch?v=VrajHIZZbE4


Duration: 5:25
10,407 views
304

Content Security Policy (CSP) is a set of rules to help mitigate and prevent attacks such as Cross Site Scripting (XSS) and data injection. On some platforms like Chrome Apps and Cordova it's a *requirement* that your code comply with CSP, so what does that mean if you're building a Polymer app? Today on the show we'll look at how to use a little tool called Crisper to make sure your site is protected by CSP.

Demo Source
https://goo.gl/cJBR4H

Introduction to CSP
https://developer.mozilla.org/en-US/d...

Crisper
https://github.com/PolymerLabs/crisper

gulp-crisper
https://goo.gl/uGaA7Y

Polymer Starter Kit
https://goo.gl/djOKPW

Polycasts playlist: https://goo.gl/r5fsMq
Polymer Slack: http://bit.ly/polymerslack


Subscribe to the Chrome Developers channel: https://goo.gl/OUF4e2



Other Videos By Chrome for Developers


2016-03-16Google Sign-In for Websites: Authentication with backends
2016-03-16Intro to Gulp 4, Totally Tooling Tips (S3 Mini Tip #1)
2016-03-09Introduction to Google Sign-In for Websites
2016-03-09Lazy Loading Elements -- Polycasts #43
2016-03-08Chrome 49: Custom CSS properties, background sync and save-data client hint
2016-02-24Yo! Where's my data table?! #BuiltWithPolymer -- Polycasts #42
2016-02-16Colors – DevTools Tonight #0 (Pilot)
2016-02-11Intro to AMP (Accelerated Mobile Pages)
2016-02-10How do I use Sass with Polymer? #AskPolymer -- Polycasts #41
2016-02-03#Love4theWeb
2016-01-27Crisper: Protecting your Polymer app with CSP -- Polycasts #40
2016-01-26Chrome 48: Custom buttons in notifications, DevTools Security panel, and Presentation mode
2016-01-14Highlights from Chrome Dev Summit 2015
2016-01-14Optimize for production with Vulcanize -- Polycasts #39
2015-12-30Browser testing with Travis & Sauce Labs -- Polycasts #38
2015-12-18Slack: Extended Xmas Special - Supercharged
2015-12-17Chrome Developers Xmas Special
2015-12-16Testing AJAX with Web Component Tester -- Polycasts #37
2015-12-16Security, Totally Tooling Tips (S2, Ep7)
2015-12-09Cross Device Testing, Totally Tooling Tips (S2 Ep6)
2015-12-03Unit Testing with Web Component Tester -- Polycasts #36


Tags:
Chrome
Developers
Google
Web
Polymer
CSP
Cross Site Scripting
XSS
Chrome Apps
Cordova
Crisper
product: web
fullname: Rob Dodson
Location: MTV
Team: Scalable Advocacy
Type: Screencast
GDS: Full Production
Other: NoGreenScreen