{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2024,9,9]],"date-time":"2024-09-09T13:30:05Z","timestamp":1725888605787},"publisher-location":"Cham","reference-count":27,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783319598697"},{"type":"electronic","value":"9783319598703"}],"license":[{"start":{"date-parts":[[2017,1,1]],"date-time":"2017-01-01T00:00:00Z","timestamp":1483228800000},"content-version":"unspecified","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2017]]},"DOI":"10.1007\/978-3-319-59870-3_8","type":"book-chapter","created":{"date-parts":[[2017,5,29]],"date-time":"2017-05-29T22:14:17Z","timestamp":1496096057000},"page":"135-150","source":"Crossref","is-referenced-by-count":0,"title":["JSFfox: Run-Timely Confining JavaScript for Firefox"],"prefix":"10.1007","author":[{"given":"Weizhong","family":"Qiang","sequence":"first","affiliation":[]},{"given":"JiaZhen","family":"Guo","sequence":"additional","affiliation":[]},{"given":"Hai","family":"Jin","sequence":"additional","affiliation":[]},{"given":"Weifeng","family":"Li","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2017,5,31]]},"reference":[{"doi-asserted-by":"crossref","unstructured":"Agten, P., Van Acker, S., Brondsema, Y., Phung, P.H., Desmet, L., Piessens, F.: JSand: complete client-side sandboxing of third-party JavaScript without browser modifications. In: Proceedings of the 28th Annual Computer Security Applications Conference, pp. 1\u201310. ACM (2012)","key":"8_CR1","DOI":"10.1145\/2420950.2420952"},{"unstructured":"Alexa: The alexa top 500 sites on the web (2016). \nhttp:\/\/www.alexa.com\/topsites","key":"8_CR2"},{"doi-asserted-by":"crossref","unstructured":"Barth, A., Jackson, C., Mitchell, J.C.: Robust defenses for cross-site request forgery. In: Proceedings of the 15th ACM Conference on Computer and Communications Security, pp. 75\u201388. ACM (2008)","key":"8_CR3","DOI":"10.1145\/1455770.1455782"},{"unstructured":"Bashir, M.A., Arshad, S., Robertson, W., Wilson, C.: Tracing information flows between ad exchanges using retargeted ads. In: Proceedings of the 25th USENIX Security Symposium, pp. 481\u2013496 (2016)","key":"8_CR4"},{"doi-asserted-by":"crossref","unstructured":"Bauer, L., Cai, S., Jia, L., Passaro, T., Stroucken, M., Tian, Y.: Run-time monitoring and formal analysis of information flows in chromium. In: Proceedings of the 22nd Annual Network and Distributed System Security Symposium (2015)","key":"8_CR5","DOI":"10.14722\/ndss.2015.23295"},{"doi-asserted-by":"crossref","unstructured":"Bauer, L., Cai, S., Jia, L., Passaro, T., Tian, Y.: Analyzing the dangers posed by chrome extensions. In: Proceedings of the 2nd IEEE Conference on Communications and Network Security, pp. 184\u2013192. IEEE (2014)","key":"8_CR6","DOI":"10.1109\/CNS.2014.6997485"},{"key":"8_CR7","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"31","DOI":"10.1007\/978-3-642-29615-4_4","volume-title":"Information Security Technology for Applications","author":"K Boda","year":"2012","unstructured":"Boda, K., F\u00f6ldes, \u00c1.M., Guly\u00e1s, G.G., Imre, S.: User tracking on the web via cross-browser fingerprinting. In: Laud, P. (ed.) NordSec 2011. LNCS, vol. 7161, pp. 31\u201346. Springer, Heidelberg (2012). doi:\n10.1007\/978-3-642-29615-4_4"},{"unstructured":"Caja, G.: A source-to-source translator for securing javascript- based web content (2014). \nhttp:\/\/code.google.com\/p\/google-caja\/","key":"8_CR8"},{"doi-asserted-by":"crossref","unstructured":"De Groef, W., Devriese, D., Nikiforakis, N., Piessens, F.: Flowfox: a web browser with flexible and precise information flow control. In: Proceedings of the 19th ACM Conference on Computer and Communications Security, pp. 748\u2013759. ACM (2012)","key":"8_CR9","DOI":"10.1145\/2382196.2382275"},{"doi-asserted-by":"crossref","unstructured":"Devriese, D., Piessens, F.: Noninterference through secure multi-execution. In: Proceedings of the 31st IEEE Symposium on Security and Privacy, pp. 109\u2013124 (2010)","key":"8_CR10","DOI":"10.1109\/SP.2010.15"},{"unstructured":"Martani, F.: XSS, passwords theft using JavaScript (2015). \nhttp:\/\/www.martani.net\/2009\/08\/xss-steal-passwords-using-javascript.html","key":"8_CR11"},{"doi-asserted-by":"crossref","unstructured":"Hedin, D., Birgisson, A., Bello, L., Sabelfeld, A.: JSFlow: tracking information flow in JavaScript and its APIs. In: Proceedings of the 29th Annual ACM Symposium on Applied Computing, pp. 1663\u20131671. ACM (2014)","key":"8_CR12","DOI":"10.1145\/2554850.2554909"},{"unstructured":"Howell, J., Parno, B., Douceur, J.R.: Embassies: radically refactoring the web. In: Proceedings of the 10th USENIX Symposium on Networked Systems Design and Implementation, pp. 529\u2013545 (2013)","key":"8_CR13"},{"unstructured":"Ingram, L., Walfish, M.: Treehouse: JavaScript sandboxes to help web developers help themselves. In: Proceedings of the 23rd USENIX Conference on Annual Technical Conference, pp. 13\u201313. USENIX Association (2012)","key":"8_CR14"},{"doi-asserted-by":"crossref","unstructured":"Meyerovich, L.A., Livshits, B.: Conscript: specifying and enforcing fine-grained security policies for JavaScript in the browser. In: Proceedings of the 31st IEEE Symposium on Security and Privacy, pp. 481\u2013496. IEEE (2010)","key":"8_CR15","DOI":"10.1109\/SP.2010.36"},{"doi-asserted-by":"crossref","unstructured":"Nikiforakis, N., Invernizzi, L., Kapravelos, A., Van Acker, S., Joosen, W., Kruegel, C., Piessens, F., Vigna, G.: You are what you include: large-scale evaluation of remote JavaScript inclusions. In: Proceedings of the 19th ACM Conference on Computer and Communications Security, pp. 736\u2013747. ACM (2012)","key":"8_CR16","DOI":"10.1145\/2382196.2382274"},{"key":"8_CR17","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"87","DOI":"10.1007\/978-3-642-19125-1_7","volume-title":"Engineering Secure Software and Systems","author":"N Nikiforakis","year":"2011","unstructured":"Nikiforakis, N., Meert, W., Younan, Y., Johns, M., Joosen, W.: SessionShield: lightweight protection against session hijacking. In: Erlingsson, \u00da., Wieringa, R., Zannone, N. (eds.) ESSoS 2011. LNCS, vol. 6542, pp. 87\u2013100. Springer, Heidelberg (2011). doi:\n10.1007\/978-3-642-19125-1_7"},{"unstructured":"Resig, J.: Dromaeo JavaScript performance test suite (2016). \nhttp:\/\/dromaeo.com\/","key":"8_CR18"},{"unstructured":"Son, S., Shmatikov, V.: The postman always rings twice: attacking and defending postmessage in html5 websites. In: Proceedings of the 20th Annual Network and Distributed System Security Symposium (2013)","key":"8_CR19"},{"unstructured":"Stefan, D., Yang, E.Z., Marchenko, P., Russo, A., Herman, D., Karp, B., Mazieres, D.: Protecting users by confining JavaScript with cowl. In: Proceedings of the 11th USENIX Symposium on Operating Systems Design and Implementation, pp. 131\u2013146 (2014)","key":"8_CR20"},{"doi-asserted-by":"crossref","unstructured":"Van Acker, S., De Ryck, P., Desmet, L., Piessens, F., Joosen, W.: WebJail: least-privilege integration of third-party components in web mashups. In: Proceedings of the 27th Annual Computer Security Applications Conference, pp. 307\u2013316. ACM (2011)","key":"8_CR21","DOI":"10.1145\/2076732.2076775"},{"unstructured":"W3C: Content security policy level 3 (2016). \nhttp:\/\/www.w3.org\/TR\/CSP\/","key":"8_CR22"},{"unstructured":"W3C: Cross-origin resource sharing (2014). \nhttp:\/\/www.w3.org\/TR\/cors\/","key":"8_CR23"},{"unstructured":"W3C: HTML5 web messaging. \nhttp:\/\/www.w3.org\/TR\/webmessaging\/\n\n. Accessed 4 Apr 2015","key":"8_CR24"},{"unstructured":"W3C: Web workers (2015). \nhttp:\/\/www.w3.org\/TR\/workers\/","key":"8_CR25"},{"issue":"11","key":"8_CR26","doi-asserted-by":"crossref","first-page":"119","DOI":"10.1145\/2076022.1993496","volume":"46","author":"G Wagner","year":"2011","unstructured":"Wagner, G., Gal, A., Wimmer, C., Eich, B., Franz, M.: Compartmental memory management in a modern web browser. ACM SIGPLAN Notices 46(11), 119\u2013128 (2011)","journal-title":"ACM SIGPLAN Notices"},{"doi-asserted-by":"crossref","unstructured":"Yip, A., Narula, N., Krohn, M., Morris, R.: Privacy-preserving browser-side scripting with BFlow. In: Proceedings of the 4th ACM European Conference on Computer Systems, pp. 233\u2013246. ACM (2009)","key":"8_CR27","DOI":"10.1145\/1519065.1519091"}],"container-title":["Lecture Notes in Computer Science","Information Security and Privacy"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-319-59870-3_8","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2017,5,29]],"date-time":"2017-05-29T22:17:29Z","timestamp":1496096249000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-319-59870-3_8"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2017]]},"ISBN":["9783319598697","9783319598703"],"references-count":27,"URL":"https:\/\/doi.org\/10.1007\/978-3-319-59870-3_8","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2017]]}}}