{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,9,28]],"date-time":"2025-09-28T20:30:16Z","timestamp":1759091416067,"version":"3.40.3"},"publisher-location":"Cham","reference-count":31,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783319241739"},{"type":"electronic","value":"9783319241746"}],"license":[{"start":{"date-parts":[[2015,1,1]],"date-time":"2015-01-01T00:00:00Z","timestamp":1420070400000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2015,1,1]],"date-time":"2015-01-01T00:00:00Z","timestamp":1420070400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2015]]},"DOI":"10.1007\/978-3-319-24174-6_2","type":"book-chapter","created":{"date-parts":[[2015,10,9]],"date-time":"2015-10-09T11:36:32Z","timestamp":1444390592000},"page":"23-42","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":2,"title":["Waiting for CSP \u2013 Securing Legacy Web Applications with JSAgents"],"prefix":"10.1007","author":[{"given":"Mario","family":"Heiderich","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Marcus","family":"Niemietz","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"J\u00f6rg","family":"Schwenk","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2016,1,13]]},"reference":[{"key":"2_CR1","unstructured":"Klein, A.: DOM based cross site scripting or XSS of the third kind (2005). http:\/\/www.webappsec.org\/projects\/articles\/071105.shtml"},{"key":"2_CR2","doi-asserted-by":"crossref","unstructured":"Heiderich, M., Schwenk, J., Frosch, T., Magazinius, J., Yang, E.Z.: mxss attacks: attacking well-secured web-applications by using innerhtml mutations. In: CCS (2013)","DOI":"10.1145\/2508859.2516723"},{"key":"2_CR3","doi-asserted-by":"crossref","unstructured":"Heiderich, M., Frosch, T., Jensen, M., Holz, T.: Crouching tiger - hidden payload: security risks of scalable vector graphics. In: Proceedings of the 18th ACM conference on Computer and Communications Security, pp. 239\u2013250. ACM (2011)","DOI":"10.1145\/2046707.2046735"},{"key":"2_CR4","doi-asserted-by":"crossref","unstructured":"Heiderich, M., Niemietz, M., Schuster, F., Holz, T., Schwenk, J.: Scriptless attacks-stealing the pie without touching the sill. In: ACM Conference on Computer and Communications Security (CCS) (2012)","DOI":"10.1145\/2382196.2382276"},{"key":"2_CR5","unstructured":"Stone, P.: Pixel perfect timing attacks with html5. http:\/\/contextis.co.uk\/files\/Browser_Timing_Attacks.pdf"},{"key":"2_CR6","unstructured":"Sterne, B., Barth, A.: Content security policy 1.0,\u201d W3C, Candidate Recommendation, November 2012. http:\/\/www.w3.org\/TR\/2012\/CR-CSP-20121115\/"},{"key":"2_CR7","unstructured":"Barth, A., Veditz, D., West, M.: Content security policy 1.1, w3c editor\u2019s draft 12 November 2013. https:\/\/dvcs.w3.org\/hg\/content-security-policy\/raw-file\/tip\/csp-specification.dev.html"},{"key":"2_CR8","unstructured":"Barth, A.: HTTP State Management Mechanism, RFC 6265 (Proposed Standard), Internet Engineering Task Force, April 2011. http:\/\/www.ietf.org\/rfc\/rfc6265.txt"},{"key":"2_CR9","unstructured":"Hickson, I.: Html living standard - last updated 21 february 2014. http:\/\/www.whatwg.org\/specs\/web-apps\/current-work\/multipage\/the-iframe-element.html"},{"key":"2_CR10","unstructured":"Ross, D.: IE8 XSS Filter design philosophy in-depth, April 2008. http:\/\/blogs.msdn.com\/b\/dross\/archive\/2008\/07\/03\/ie8-xss-filter-design-philosophy-in-depth.aspx"},{"key":"2_CR11","doi-asserted-by":"crossref","unstructured":"Bates, D., Barth, A., Jackson, C.: Regular expressions considered harmful in client-side XSS filters. In: Proceedings of the 19th International Conference on World Wide Web, ser. WWW 2010, pp. 91\u2013100. ACM, New York (2010). http:\/\/doi.acm.org\/10.1145\/1772690.1772701","DOI":"10.1145\/1772690.1772701"},{"key":"2_CR12","unstructured":"Zuchlinski, G.: The anatomy of cross site scripting. Hitchhiker\u2019s World 8, November 2003"},{"key":"2_CR13","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"23","DOI":"10.1007\/978-3-540-70542-0_2","volume-title":"Conference on Detection of Intrusions and Malware & Vulnerability Assessment","author":"P Bisht","year":"2008","unstructured":"Bisht, P., Venkatakrishnan, V.N.: XSS-GUARD: precise dynamic prevention of cross-site scripting attacks. In: Zamboni, D. (ed.) DIMVA 2008. LNCS, vol. 5137, pp. 23\u201343. Springer, Heidelberg (2008)"},{"key":"2_CR14","unstructured":"Johns, M.: Code injection vulnerabilities in web applications - exemplified at cross-site scripting. Ph.D. dissertation, University of Passau, Passau, July 2009"},{"key":"2_CR15","unstructured":"Gebre, M., Lhee, K., Hong, M.: A robust defense against content-sniffing xss attacks. In: 2010 6th International Conference on Digital Content, Multimedia Technology and its Applications (IDC), pp. 315\u2013320. IEEE (2010)"},{"key":"2_CR16","doi-asserted-by":"crossref","unstructured":"Saxena, P., Molnar, D., Livshits, B.: SCRIPTGARD: automatic context-sensitive sanitization for large-scale legacy web applications. In: Proceedings of the 18th ACM conference on Computer and communications security, pp. 601\u2013614. ACM (2011)","DOI":"10.1145\/2046707.2046776"},{"key":"2_CR17","unstructured":"Gourdin, B., Soman, C., Bojinov, H., Bursztein, E.: Toward secure embedded web interfaces. In: Proceedings of the Usenix Security Symposium (2011)"},{"issue":"4","key":"2_CR18","doi-asserted-by":"publisher","first-page":"612","DOI":"10.1016\/j.cose.2011.12.004","volume":"31","author":"MV Gundy","year":"2012","unstructured":"Gundy, M.V., Chen, H.: Noncespaces: using randomization to defeat cross-site scripting attacks. Comput. Secur. 31(4), 612\u2013628 (2012)","journal-title":"Comput. Secur."},{"key":"2_CR19","unstructured":"Nadji, Y., Saxena, P., Song, D.: Document structure integrity: a robust basis for cross-site scripting defense. In: NDSS. The Internet Society (2009)"},{"key":"2_CR20","doi-asserted-by":"crossref","unstructured":"Louw, M.T., Venkatakrishnan, V.N.: Blueprint: robust prevention of cross-site scripting attacks for existing browsers. In: Proceedings of the 2009 30th IEEE Symposium on Security and Privacy, ser. SP 2009, pp. 331\u201334. IEEE Computer Society, Washington, DC (2009). http:\/\/dx.doi.org\/10.1109\/SP.2009.33","DOI":"10.1109\/SP.2009.33"},{"key":"2_CR21","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"150","DOI":"10.1007\/978-3-642-23822-2_9","volume-title":"Computer Security \u2013 ESORICS 2011","author":"J Weinberger","year":"2011","unstructured":"Weinberger, J., Saxena, P., Akhawe, D., Finifter, M., Shin, R., Song, D.: A systematic analysis of XSS sanitization in web application frameworks. In: Atluri, V., Diaz, C. (eds.) ESORICS 2011. LNCS, vol. 6879, pp. 150\u2013171. Springer, Heidelberg (2011)"},{"key":"2_CR22","unstructured":"Nava, E.V., Lindsay, D.: Abusing Internet Explorer 8\u2019s XSS Filters. http:\/\/p42.us\/ie8xss\/Abusing_IE8s_XSS_Filters.pdf"},{"key":"2_CR23","unstructured":"Zalewski, M.: Browser Security Handbook, July 2010. http:\/\/code.google.com\/p\/browsersec\/wiki\/Main"},{"key":"2_CR24","volume-title":"The Tangled Web: A Guide to Securing Modern Web Applications","author":"M Zalewski","year":"2011","unstructured":"Zalewski, M.: The Tangled Web: A Guide to Securing Modern Web Applications. No Starch Press, San Francisco (2011)"},{"key":"2_CR25","unstructured":"Bug 29278: XSSAuditor bypasses from sla.ckers.org. https:\/\/bugs.webkit.org\/show_bug.cgi?id=29278"},{"key":"2_CR26","unstructured":"Heiderich, M.: Towards Elimination of XSS Attacks with a Trusted and Capability Controlled DOM (2012). http:\/\/www-brs.ub.ruhr-uni-bochum.de\/netahtml\/HSS\/Diss\/HeiderichMario\/diss.pdf"},{"key":"2_CR27","unstructured":"Hooimeijer, P., Livshits, B., Molnar, D., Saxena, P., Veanes, M.: Fast and precise sanitizer analysis with bek. In: Proceedings of the 20th USENIX Conference On Security, ser. SEC 2011, p. 1. USENIX Association, Berkeley (2011). http:\/\/dl.acm.org\/citation.cfm?id=2028067.2028068"},{"key":"2_CR28","doi-asserted-by":"crossref","unstructured":"Kolbitsch, C., Livshits, B., Zorn, B., Seifert, C.: Rozzle: De-Cloaking internet malware. In: Proceedings IEEE Symposium on Security & Privacy (2012)","DOI":"10.1109\/SP.2012.48"},{"key":"2_CR29","unstructured":"Nava, E.V.: ACS - active content signatures. PST\\_WEBZINE\\_0X04, no. 4, December 2006"},{"key":"2_CR30","unstructured":"Di Paola, S.: Preventing xss with data binding. http:\/\/www.wisec.it\/sectou.php?id=46c5843ea4900"},{"key":"2_CR31","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"281","DOI":"10.1007\/978-3-642-23644-0_15","volume-title":"Recent Advances in Intrusion Detection","author":"M Heiderich","year":"2011","unstructured":"Heiderich, M., Frosch, T., Holz, T.: IceShield: detection and mitigation of malicious websites with a frozen DOM. In: Sommer, R., Balzarotti, D., Maier, G. (eds.) RAID 2011. LNCS, vol. 6961, pp. 281\u2013300. Springer, Heidelberg (2011)"}],"container-title":["Lecture Notes in Computer Science","Computer Security -- ESORICS 2015"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-319-24174-6_2","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2023,11,17]],"date-time":"2023-11-17T08:06:59Z","timestamp":1700208419000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-319-24174-6_2"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2015]]},"ISBN":["9783319241739","9783319241746"],"references-count":31,"URL":"https:\/\/doi.org\/10.1007\/978-3-319-24174-6_2","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2015]]},"assertion":[{"value":"13 January 2016","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"This content has been made available to all.","name":"free","label":"Free to read"}]}}