How valuable is your data?
Harden your website with Scriptlock!
Scriptlock augments Content Security Policy (CSP) level 1 and Pre-CSP browsers to provide CSP 2.0 nonce functionality.
Scriptlock is ideal for protecting pages with user submitted active content.
Scriptlock is simple to implement and works on all browsers from IE 10, IE 11, Edge 12, Safari 6, Chrome 18.0, Firefox 6.0, Opera 10.5 right up to the latest versions meaning virtually 100% of your users can benefit from enhanced protection*.
How it works
Scriptlock 2.1 builds on our original patented password protection mechanism to emulate the CSP2.0 nonce on pre-CSP and CSP1.0 browsers. It works in three modes:
- On CSP1.0 browsers the system parses blocked "unsafe-inline" SCRIPT elements and executes them if they have a valid nonce attribute, effectively emulating the CSP2.0 nonce. A synchronisation script is used to ensure that inline script executes in the correct sequence when mixed with external script.
- On CSP2.0 browsers the system downgrades gracefully to allow the CSP2.0 nonce to work as normal.
Scriptlock 2.1 provides additional measures on all browsers including:
- Extension of the CSP2.0 standard to provide nonce support for inline event handlers, allowing you the freedom to code how you want and making it quicker and easier to apply CSP protection to existing systems.
- A password protected to eval function as an alternate to blocking "unsafe-eval".
- Alternate semantics that are less vulnerable to dangling mark-up vulnerabilities.
- 'nonce' sanitising for older CSP2.0 browsers that have not implemented sanitisation.
- 'data-csp-nonce' sanitising for PayPal™ enabled websites.
Bring peace of mind to your users
Scriptlock is free to use if you are a non-profit making organisation, so there is no reason to delay in bringing peace of mind to yourself and your users.
Find out more now:
©2011 - 2021 Datawing Limited
Family picture © 4774344sean / www.fotosearch.com Stock Photography
* Current browser market share statistics, source: https://caniuse.com/contentsecuritypolicy2 - 22 Jun 2021