{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,1]],"date-time":"2026-02-01T01:26:08Z","timestamp":1769909168947,"version":"3.49.0"},"publisher-location":"Cham","reference-count":26,"publisher":"Springer International Publishing","isbn-type":[{"value":"9783319663982","type":"print"},{"value":"9783319663999","type":"electronic"}],"license":[{"start":{"date-parts":[[2017,1,1]],"date-time":"2017-01-01T00:00:00Z","timestamp":1483228800000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"},{"start":{"date-parts":[[2017,1,1]],"date-time":"2017-01-01T00:00:00Z","timestamp":1483228800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2017]]},"DOI":"10.1007\/978-3-319-66399-9_7","type":"book-chapter","created":{"date-parts":[[2017,8,11]],"date-time":"2017-08-11T14:03:24Z","timestamp":1502460204000},"page":"116-134","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":22,"title":["DOMPurify: Client-Side Protection Against XSS and Markup Injection"],"prefix":"10.1007","author":[{"given":"Mario","family":"Heiderich","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Christopher","family":"Sp\u00e4th","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"J\u00f6rg","family":"Schwenk","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2017,8,12]]},"reference":[{"key":"7_CR1","unstructured":"Johns, M.: Code injection vulnerabilities in web applications - exemplified at cross-site scripting. Ph.D. dissertation, University of Passau, Passau, July 2009"},{"key":"7_CR2","doi-asserted-by":"crossref","unstructured":"Heiderich, M., Frosch, T., Jensen, M., Holz, T.: Crouching tiger - hidden payload: security risks of scalable vector graphics. In: Proceedings of the 18th ACM Conference on Computer and Communications Security, pp. 239\u2013250. ACM (2011)","DOI":"10.1145\/2046707.2046735"},{"key":"7_CR3","doi-asserted-by":"crossref","unstructured":"Heiderich, M., Schwenk, J., Frosch, T., Magazinius, J., Yang, E.Z.: mXSS attacks: attacking well-secured web-applications by using innerHTML mutations. In: Proceedings of the 2013 ACM SIGSAC Conference on Computer and Communications Security, pp. 777\u2013788. ACM (2013)","DOI":"10.1145\/2508859.2516723"},{"key":"7_CR4","doi-asserted-by":"crossref","unstructured":"Akhawe, D., Barth, A., Lam, P.E., Mitchell, J., Song, D.: Towards a formal foundation of web security. In: 23rd IEEE Computer Security Foundations Symposium (CSF) 2010, pp. 290\u2013304. IEEE (2010)","DOI":"10.1109\/CSF.2010.27"},{"key":"7_CR5","unstructured":"Heiderich, M., Sp\u00e4th, C., Schwenk, J.: DOMPurify testset (2017). https:\/\/goo.gl\/2g2BMz"},{"key":"7_CR6","unstructured":"Heiderich, M., Sp\u00e4th, C., Schwenk, J.: Output of ResembleJS (2017). https:\/\/goo.gl\/9bdmZv"},{"key":"7_CR7","unstructured":"Ross, D.: IE8 security part IV: the XSS filter - IEBlog - site home - MSDN blogs (2008). http:\/\/blogs.msdn.com\/b\/ie\/archive\/2008\/07\/02\/ie8-security-part-iv-the-xss-filter.aspx"},{"key":"7_CR8","doi-asserted-by":"crossref","unstructured":"Bates, D., Barth, A., Jackson, C.: Regular expressions considered harmful in client-side XSS filters. In: Proceedings of the 19th International Conference on World Wide Web, WWW 2010, pp. 91\u2013100. ACM, New York (2010). http:\/\/doi.acm.org\/10.1145\/1772690.1772701","DOI":"10.1145\/1772690.1772701"},{"key":"7_CR9","unstructured":"Zuchlinski, G.: The anatomy of cross site scripting. In: Hitchhiker\u2019s World, vol. 8, November 2003"},{"key":"7_CR10","unstructured":"Bisht, P., Venkatakrishnan, V.N.: XSS-GUARD: precise dynamic prevention of cross-site scripting attacks. In: Conference on Detection of Intrusions and Malware and Vulnerability Assessment (2008)"},{"key":"7_CR11","unstructured":"Gebre, M., Lhee, K., Hong, M.: A robust defense against content-sniffing XSS attacks. In: 2010 6th International Conference on Digital Content, Multimedia Technology and its Applications (IDC), pp. 315\u2013320. IEEE (2010)"},{"key":"7_CR12","doi-asserted-by":"crossref","unstructured":"Saxena, P., Molnar, D., Livshits, B.: SCRIPTGARD: automatic context-sensitive sanitization for large-scale legacy web applications. In: Proceedings of the 18th ACM Conference on Computer and Communications Security, pp. 601\u2013614. ACM (2011)","DOI":"10.1145\/2046707.2046776"},{"key":"7_CR13","unstructured":"Gourdin, B., Soman, C., Bojinov, H., Bursztein, E.: Toward secure embedded web interfaces. In: Proceedings of the USENIX Security Symposium (2011)"},{"issue":"4","key":"7_CR14","doi-asserted-by":"publisher","first-page":"612","DOI":"10.1016\/j.cose.2011.12.004","volume":"31","author":"MV Gundy","year":"2012","unstructured":"Gundy, M.V., Chen, H.: Noncespaces: using randomization to defeat cross-site scripting attacks. Comput. Secur. 31(4), 612\u2013628 (2012)","journal-title":"Comput. Secur."},{"key":"7_CR15","unstructured":"Nadji, Y., Saxena, P., Song, D.: Document structure integrity: a robust basis for cross-site scripting defense. In: NDSS. The Internet Society (2009)"},{"key":"7_CR16","doi-asserted-by":"crossref","unstructured":"Louw, M.T., Venkatakrishnan, V.N.: Blueprint: robust prevention of cross-site scripting attacks for existing browsers. In: Proceedings of the 2009 30th IEEE Symposium on Security and Privacy, SP 2009, Washington, DC, USA, pp. 331\u2013346. IEEE Computer Society (2009). http:\/\/dx.doi.org\/10.1109\/SP.2009.33","DOI":"10.1109\/SP.2009.33"},{"key":"7_CR17","doi-asserted-by":"crossref","unstructured":"Weichselbaum, L., Spagnuolo, M., Lekies, S., Janc, A.: CSP is dead, long live CSP! On the insecurity of whitelists and the future of content security policy. In: Proceedings of the 23rd ACM Conference on Computer and Communications Security, Vienna, Austria (2016)","DOI":"10.1145\/2976749.2978363"},{"key":"7_CR18","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"150","DOI":"10.1007\/978-3-642-23822-2_9","volume-title":"Computer Security \u2013 ESORICS 2011","author":"J Weinberger","year":"2011","unstructured":"Weinberger, J., Saxena, P., Akhawe, D., Finifter, M., Shin, R., Song, D.: A systematic analysis of XSS sanitization in web application frameworks. In: Atluri, V., Diaz, C. (eds.) ESORICS 2011. LNCS, vol. 6879, pp. 150\u2013171. Springer, Heidelberg (2011). doi:10.1007\/978-3-642-23822-2_9"},{"key":"7_CR19","unstructured":"Nava, E.V., Lindsay, D.: Abusing Internet Explorer 8\u2019s XSS Filters. http:\/\/p42.us\/ie8xss\/Abusing_IE8s_XSS_Filters.pdf"},{"key":"7_CR20","unstructured":"Zalewski, M.: Browser Security Handbook, July 2010. http:\/\/code.google.com\/p\/browsersec\/wiki\/Main"},{"key":"7_CR21","unstructured":"Zalewski, M.: The Tangled Web: A Guide to Securing Modern Web Applications. No Starch Press (2011)"},{"key":"7_CR22","unstructured":"Bug 29278: XSSAuditor bypasses from sla.ckers.org. https:\/\/bugs.webkit.org\/show_bug.cgi?id=29278"},{"key":"7_CR23","unstructured":"Hooimeijer, P., Livshits, B., Molnar, D., Saxena, P., Veanes, M.: Fast and precise sanitizer analysis with BEK. In: Proceedings of the 20th USENIX Conference on Security, SEC 2011, Berkeley, CA, USA, p. 1. USENIX Association (2011). http:\/\/dl.acm.org\/citation.cfm?id=2028067.2028068"},{"key":"7_CR24","doi-asserted-by":"crossref","unstructured":"Kolbitsch, C., Livshits, B., Zorn, B., Seifert, C.: Rozzle: de-cloaking internet malware. In: Proceedings of IEEE Symposium on Security and Privacy (2012)","DOI":"10.1109\/SP.2012.48"},{"key":"7_CR25","doi-asserted-by":"crossref","unstructured":"Heiderich, M., Niemietz, M., Schuster, F., Holz, T., Schwenk, J.: Scriptless attacks: stealing the pie without touching the sill. In: Proceedings of the 19th ACM Conference on Computer and Communications Security, pp. 760\u2013771 (2012)","DOI":"10.1145\/2382196.2382276"},{"key":"7_CR26","unstructured":"Stone, P.: Pixel perfect timing attacks with HTML5. http:\/\/contextis.co.uk\/files\/Browser_Timing_Attacks.pdf"}],"container-title":["Lecture Notes in Computer Science","Computer Security \u2013 ESORICS 2017"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-319-66399-9_7","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,8,15]],"date-time":"2022-08-15T00:08:13Z","timestamp":1660522093000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-319-66399-9_7"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2017]]},"ISBN":["9783319663982","9783319663999"],"references-count":26,"URL":"https:\/\/doi.org\/10.1007\/978-3-319-66399-9_7","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2017]]},"assertion":[{"value":"12 August 2017","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"ESORICS","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"European Symposium on Research in Computer Security","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Oslo","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Norway","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2017","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"11 September 2017","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"15 September 2017","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"22","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"esorics2017","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"http:\/\/deic.uab.cat\/conferences\/dpm\/dpm2017\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"This content has been made available to all.","name":"free","label":"Free to read"}]}}