Gmail Gets Content Security Policy Support to Prevent Exploits by Add-Ons

Google has announced support for Content Security Policy (CSP) in Gmail, trying to ensure add-ons or extensions don't interfere with the proper working of the email service, or compromise the security of user data.

The CSP standard is said to prevent any attacks related to cross-site scripting or XSS that exploit vulnerabilities in web applications to allow hackers to send malicious content from an end-user and collect personal data like credit card number and more.

With the addition of CSP support, Google says that it aims to eliminate those extensions that behave 'badly' and loads certain codes interfering in the user's Gmail session.

Google's Gmail blog post adds that "most popular (and well-behaved) extensions have already been updated to work with the CSP standard". If the users are still facing problems, they can update their applications to the latest versions from their browser web store.

Users were recently given more options to edit and work with Office documents from Gmail. Earlier this month Google announced that users could click on a dedicated button placed next to download a file or save to Google Drive button and start editing. The firm adds that the Microsoft Office attachment gets saved and converted in Drive to Google's own document format.

Google also introduced the Gmail 5.0 Android app with support for third-party accounts like Outlook, Yahoo and more last month. Other changes include a new round compose button at the bottom of the currently open mailbox, a new send button, a new accounts menu, and new circular avatars for contacts, apart from new iconography. Google also touts sleeker transitions.