AutoCSP is an approach for automatically retrofitting content security policy (CSP) to web applications. AutoCSP (1) leverages dynamic taint analysis to identify which content should be allowed to load on the dynamically-generated HTML pages of a web application and (2) indicates to developers how to change the server-side code of the application to generate such pages with the right permissions. You can download a prototype implementation of AutoCSP here.

HTML style by Antonio Carzaniga Updated by Alex Orso on