Endpoint segregation to prevent scripting attacks

What is claimed is: 1. A system, comprising: a static content endpoint server implemented by one or more hardware computing devices, wherein the static content endpoint server is configured to: receive a content page request from a client application; generate a content page response to the content page request, wherein the content page response comprises a page including static content for the requested content page, an active content source reference that instructs the client application to download an active content loader from a loader endpoint, and a first policy setting that instructs the client application to not execute any active content for the page unless a source of active content is the loader endpoint; and provide the content page response to the client application; a loader endpoint server implemented by one or more hardware computing devices, wherein the loader endpoint server is configured to: receive a loader request from the client application for the active content loader, wherein the active content loader is configured to execute at the client application to download, from an active content endpoint, one or more active content files for active content specified for the page and a filtering pipe for the active content specified for the page, wherein the filtering pipe is configured to execute at the client application to filter parameters for methods of the active content files prior to the methods executing at the client application; generate a loader response to the loader request, wherein the loader response comprises the active content loader and a second policy setting that instructs the client application to not execute any active content for the page unless a source of active content is the loader endpoint or the active content endpoint; and provide the loader response to the client application; and an active content endpoint server implemented by one or more hardware computing devices, wherein the active content endpoint server is configured to: receive, from the active content loader at the client application, an active content request for the one or more active content files for active content specified for the page; generate an active content response to the active content request, wherein the active content response comprises the one or more active content files and a third policy setting that instructs the client application to not execute any active content for the page unless a source of active content is the active content endpoint; and provide the active content response to the client application. 2. The system of claim 1 , wherein the page is among a plurality of pages accessible from the static content endpoint server, wherein to generate the content page response to the content page request, the static content endpoint server is further configured to: include the page in the content page response without filtering the page to remove source reference instructions for downloading active content; and set the first policy setting within the content page response. 3. The system of claim 1 , wherein the active content endpoint server is further configured to: receive a request from the client application for a template for the page, wherein the template specifies the active content files for the page; and provide the template to the client application. 4. The system of claim 3 , wherein the template further specifies method names of the methods of the active content files to be called and parameters to the methods, wherein the filtering pipe obtains the method names and parameters specified in the template in order to filter the parameters prior to the methods executing at the client application. 5. The system of claim 3 , wherein the active content loader provided from the loader endpoint server examines the template to determine the active content files to request from the active content endpoint. 6. The system of claim 1 , wherein the active content endpoint server is further configured to: receive a request from the client application for a filtering pipe configuration file corresponding to the page, wherein the filtering pipe configuration file includes mapping information between the methods of the active content files and filtering methods; and provide the filtering pipe configuration file to the client application; wherein to filter parameters for the methods of the active content files prior to the methods executing at the client application, the filtering pipe is configured to, for each given method of the methods of the active content files: examine the filtering pipe configuration file to determine a filtering method to apply for the given method to be invoked; call the determined filtering method to filter parameters for the given method to generate a filtered set of parameters; and invoke the given method with the filtered set of parameters. 7. The system of claim 6 , wherein to determine the filtering method to apply for the given method of the methods of the active content files, the filtering pipe is further configured to: determine, based on an examination of the filtering pipe configuration file, that no filtering method is mapped to the given method of the methods of the active content files; and determine the filtering method to apply to be a default filtering method. 8. The system of claim 6 , wherein the active content endpoint server is further configured to: receive a request from the client application for the filtering methods; and provide the filtering methods to the client application; wherein a given filtering method of the filtering methods is configured to, in response to being invoked with a method identifier and a suspect set of parameters: apply a whitelist filter to the suspect set of parameters, wherein the whitelist filter is defined based at least on a type of parameters expected for a method corresponding to the method identifier, or identify one or more portions of the suspect set of parameters interpretable by the client application as active content and encode the identified one or more portions to not be interpretable by the client application as active content. 9. The system of claim 1 , wherein to generate the content page response to the content page request, the static content endpoint server is further configured to: generate a Hypertext Transfer Protocol (HTTP) message, wherein the HTTP message includes: a message header specifying the first policy setting as an HTTP content security policy; and a Hypertext Markup Language (HTML) message body including the page. 10. The system of claim 1 , wherein the loader endpoint server does not serve active content other than the active content loader. 11. A method, comprising: performing, by one or more servers of a static content endpoint, in response to receiving a content page request from a client application: generating a content page response to the content page request, wherein the content page response comprises a page including static content for the requested content page, an active content source reference that instructs the client application to download an active content loader from a loader endpoint, and a first policy setting that instructs the client application to not execute any active content for the page unless sourced from the loader endpoint; and providing the content page response to the client application; performing, by one or more servers of the loader endpoint, in response to receiving a loader request from the client application for the active content loader: generating a loader response to the loader request, wherein the active content loader is configured to execute at the client application to