{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,11,18]],"date-time":"2025-11-18T23:14:38Z","timestamp":1763507678210,"version":"3.40.3"},"publisher-location":"Cham","reference-count":40,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783319205496"},{"type":"electronic","value":"9783319205502"}],"license":[{"start":{"date-parts":[[2015,1,1]],"date-time":"2015-01-01T00:00:00Z","timestamp":1420070400000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2015,1,1]],"date-time":"2015-01-01T00:00:00Z","timestamp":1420070400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2015]]},"DOI":"10.1007\/978-3-319-20550-2_14","type":"book-chapter","created":{"date-parts":[[2015,6,22]],"date-time":"2015-06-22T01:55:06Z","timestamp":1434938106000},"page":"261-281","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":16,"title":["May I? - Content Security Policy Endorsement for Browser Extensions"],"prefix":"10.1007","author":[{"given":"Daniel","family":"Hausknecht","sequence":"first","affiliation":[]},{"given":"Jonas","family":"Magazinius","sequence":"additional","affiliation":[]},{"given":"Andrei","family":"Sabelfeld","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2015,6,23]]},"reference":[{"key":"14_CR1","doi-asserted-by":"crossref","unstructured":"Van Acker, S., Nikiforakis, N., Desmet, L., Piessens, F., Joosen, W.: Monkey-in-the-browser: malware and vulnerabilities in augmented browsing script markets. In: ASIA CCS 2014 (2014)","DOI":"10.1145\/2590296.2590311"},{"issue":"9","key":"14_CR2","doi-asserted-by":"publisher","first-page":"91","DOI":"10.1145\/1995376.1995398","volume":"54","author":"S Bandhakavi","year":"2011","unstructured":"Bandhakavi, S., Tiku, N., Pittman, W., King, S.T., Madhusudan, P., Winslett, M.: Vetting browser extensions for security vulnerabilities with VEX. Commun. ACM 54(9), 91\u201399 (2011). doi:10.1145\/1995376.1995398","journal-title":"Commun. ACM"},{"key":"14_CR3","unstructured":"Barth, A., Porter Felt, A., Saxena, P., Boodman, A.: Protecting browsers from extension vulnerabilities. In: NDSS (2010)"},{"key":"14_CR4","doi-asserted-by":"crossref","unstructured":"Barua, A., Zulkernine, M., Weldemariam, K.: Protecting web browser extensions from javascript injection attacks. In: ICECCS (2013)","DOI":"10.1109\/ICECCS.2013.36"},{"key":"14_CR5","doi-asserted-by":"crossref","unstructured":"Bauer, L., Cai, S., Jia, L., Passaro, T., Tian, Y.: Analyzing the dangers posed by Chrome extensions. In: IEEE CNS (2014)","DOI":"10.1109\/CNS.2014.6997485"},{"key":"14_CR6","unstructured":"BuiltWith. Content security policy usage statistics. http:\/\/trends.builtwith.com\/docinfo\/Content-Security-Policy. (Accessed Februrary 2015)"},{"key":"14_CR7","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"33","DOI":"10.1007\/978-3-319-02726-5_3","volume-title":"Information and Communications Security","author":"W Chang","year":"2013","unstructured":"Chang, W., Chen, S.: Defeat information leakage from browser extensions via data obfuscation. In: Qing, S., Zhou, J., Liu, D. (eds.) ICICS 2013. LNCS, vol. 8233, pp. 33\u201348. Springer, Heidelberg (2013)"},{"key":"14_CR8","doi-asserted-by":"crossref","unstructured":"Dhawan, M., Ganapathy, V.: Analyzing information flow in javascript-based browser extensions. In: ACSAC (2009)","DOI":"10.1109\/ACSAC.2009.43"},{"key":"14_CR9","doi-asserted-by":"crossref","unstructured":"Fazzini, M., Saxena, P., Orso, A.: AutoCSP: Automatically Retrofitting CSP to Web Applications (2015)","DOI":"10.1109\/ICSE.2015.53"},{"key":"14_CR10","unstructured":"Google. Chrome web store. https:\/\/chrome.google.com\/webstore\/category\/extensions. (Accessed February 2015)"},{"key":"14_CR11","unstructured":"Google. Chromium. http:\/\/dev.chromium.org\/Home. (Accessed February 2015)"},{"key":"14_CR12","unstructured":"Google. Content security policy (csp) - google chrome. https:\/\/developer.chrome.com\/extensions\/contentSecurityPolicy. (Accessed February 2015)"},{"key":"14_CR13","unstructured":"Google. Gmail. https:\/\/www.gmail.com\/. (Accessed February 2015)"},{"key":"14_CR14","unstructured":"Google. Reject the unexpected - content security policy in gmail. http:\/\/gmailblog.blogspot.se\/2014\/12\/reject-unexpected-content-security.html. (Accessed Februrary 2015)"},{"key":"14_CR15","unstructured":"Heule, S., Rifkin, D., Stefan, D., Russo, A.: The most dangerous code in the browser. In: HotOS (2015)"},{"key":"14_CR16","unstructured":"Javed, A.: CSP AiDer: An automated recommendation of content security policy for web applications. In: Poster at IEEE Symposium on Security & Privacy (2011)"},{"key":"14_CR17","unstructured":"Joyent. Node.js. http:\/\/www.nodejs.org\/. (Accessed February 2015)"},{"key":"14_CR18","unstructured":"Kapravelos, A., Grier, C., Chachra, N., Kruegel, C., Vigna, G., Paxson, V.: Hulk: Eliciting Malicious Behavior in Browser Extensions. In: USENIX Sec. (2014)"},{"key":"14_CR19","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"333","DOI":"10.1007\/978-3-642-31057-7_16","volume-title":"ECOOP 2012 \u2013 Object-Oriented Programming","author":"R Karim","year":"2012","unstructured":"Karim, R., Dhawan, M., Ganapathy, V., Shan, C.: An analysis of the mozilla jetpack extension framework. In: Noble, J. (ed.) ECOOP 2012. LNCS, vol. 7313, pp. 333\u2013355. Springer, Heidelberg (2012)"},{"key":"14_CR20","unstructured":"LinkedIn. Rapportive. http:\/\/rapportive.com\/. (Accessed February 2015)"},{"key":"14_CR21","doi-asserted-by":"crossref","unstructured":"Maggi, F., Frossi, A., Zanero, S., Stringhini, G., Stone-Gross, B., Kruegel, C., Vigna, G.: Two years of short urls internet measurement: security threats and countermeasures. In: WWW (2013)","DOI":"10.1145\/2488388.2488463"},{"key":"14_CR22","unstructured":"mitmproxy. https:\/\/mitmproxy.org\/. (Accessed February 2015)"},{"key":"14_CR23","unstructured":"Mozilla. Firefox nightly. https:\/\/nightly.mozilla.org\/. (Accessed February 2015)"},{"key":"14_CR24","doi-asserted-by":"crossref","unstructured":"Nikiforakis, N., Invernizzi, L., Kapravelos, A., Van Acker, S., Joosen, W., Kruegel, C., Piessens, Vigna, G.: You are what you include: Large-scale evaluation of remote javascript inclusions. In: CCS (2012)","DOI":"10.1145\/2382196.2382274"},{"key":"14_CR25","unstructured":"OWASP. Clickjacking. https:\/\/www.owasp.org\/index.php\/Clickjacking. (Accessed February 2015)"},{"key":"14_CR26","unstructured":"OWASP. Content security policy. https:\/\/www.owasp.org\/index.php\/Content_Security_Policy. (Accessed February 2015)"},{"key":"14_CR27","unstructured":"OWASP. Cross-site scripting (Accessed February 2015)"},{"key":"14_CR28","unstructured":"OWASP. Top 10 2013. https:\/\/www.owasp.org\/index.php\/Top_10_2013. (Accessed February 2015)"},{"key":"14_CR29","unstructured":"Patil, K., Vyas, T., Braun, F., Goodwin, M., Liang, Z.: Poster: UserCSP - User Specified Content Security Policies. In: SOUPS (2013)"},{"key":"14_CR30","unstructured":"Rapportive : Reviews : Add-ons for firefox. https:\/\/addons.mozilla.org\/en-US\/firefox\/addon\/rapportive\/reviews\/. (Accessed February 2015)"},{"key":"14_CR31","unstructured":"Syrian Electronic Army uses Taboola ad to hack Reuters (again). https:\/\/nakedsecurity.sophos.com\/2014\/06\/23\/syrian-electronic-army-uses-taboola-ad-to-hack-reuters-again\/"},{"key":"14_CR32","doi-asserted-by":"publisher","first-page":"66","DOI":"10.1016\/j.cose.2014.06.005","volume":"47","author":"H Shahriar","year":"2014","unstructured":"Shahriar, H., Weldemariam, K., Zulkernine, M., Lutellier, T.: Effective detection of vulnerable and malicious browser extensions. Comput. Secur. 47, 66\u201384 (2014). doi:10.1016\/j.cose.2014.06.005","journal-title":"Comput. Secur."},{"key":"14_CR33","unstructured":"Sterne, B.: Content security policy recommendation bookmarklet. http:\/\/brandon.sternefamily.net\/2010\/10\/content-security-policy-recommendation-bookmarklet\/. (Accessed February 2015)"},{"key":"14_CR34","unstructured":"Taboola. Taboola | drive traffic and monetize your site. http:\/\/www.taboola.com\/. (Accessed February 2015)"},{"key":"14_CR35","unstructured":"Can I Use. Content security policy 1.0. (Accessed February 2015)"},{"key":"14_CR36","unstructured":"W3C. Csp 1.0. http:\/\/www.w3.org\/TR\/CSP\/. (Accessed February 2015)"},{"key":"14_CR37","unstructured":"W3C. Csp 2.0. http:\/\/www.w3.org\/TR\/CSP2\/. (Accessed February 2015)"},{"key":"14_CR38","unstructured":"W3C. World wide web consortium. http:\/\/www.w3.org\/. (Accessed February 2015)"},{"key":"14_CR39","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"212","DOI":"10.1007\/978-3-319-11379-1_11","volume-title":"Research in Attacks, Intrusions and Defenses","author":"M Weissbacher","year":"2014","unstructured":"Weissbacher, M., Lauinger, T., Robertson, W.: Why Is CSP failing? trends and challenges in CSP adoption. In: Stavrou, A., Bos, H., Portokalidis, G. (eds.) RAID 2014. LNCS, vol. 8688, pp. 212\u2013233. Springer, Heidelberg (2014)"},{"key":"14_CR40","unstructured":"WhiteHat. Content security policy - whitehat security blog. https:\/\/blog.whitehatsec.com\/content-security-policy\/. (Accessed February 2015)"}],"container-title":["Lecture Notes in Computer Science","Detection of Intrusions and Malware, and Vulnerability Assessment"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-319-20550-2_14","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2023,2,21]],"date-time":"2023-02-21T02:04:23Z","timestamp":1676945063000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-319-20550-2_14"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2015]]},"ISBN":["9783319205496","9783319205502"],"references-count":40,"URL":"https:\/\/doi.org\/10.1007\/978-3-319-20550-2_14","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2015]]},"assertion":[{"value":"23 June 2015","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}}]}}