I was just running my site against webpagetest.org and started learning about how CSPs protect against XSS. I realize there's a plugin for Moodle that handles this, but I'm wondering is this necessary? Has Moodle already dealt with the XSS threat in it's core or is this plugin recommended?
Security and privacy
Moodle & Content Site Policy (CSP) - XSS
This discussion has been locked so you can no longer reply to it.