CSP Level 2 bring with it the ability the whitelist inline script tags using the `script-src: nonce-<nonce>` directive.
This allows applications that rely on a small set of inline scripts to still reap the xss-fighting benefits of disallowing all other inline scripts and inline event handlers.628 votes
CSP2 is included in Edge 15, which shipped today (11th April) with Windows 10 Creators Update.
Edge should prevent a page from repeatedly popping up modal dialogs that block action on the current or other tabs. In IE 11, it is possible for a page to pop up a modal OS dialog window, and upon attempting to close that window, simply re-open it. I experienced this today with a rogue fake virus warning page, and had to kill the entire IE process to get rid of the dialog. Simply unacceptable from a security standpoint.114 votes
- Don't see your idea?