{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2024,9,7]],"date-time":"2024-09-07T20:22:32Z","timestamp":1725740552565},"publisher-location":"Berlin, Heidelberg","reference-count":31,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"type":"print","value":"9783642392344"},{"type":"electronic","value":"9783642392351"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2013]]},"DOI":"10.1007\/978-3-642-39235-1_6","type":"book-chapter","created":{"date-parts":[[2013,7,13]],"date-time":"2013-07-13T00:07:36Z","timestamp":1373674056000},"page":"102-121","source":"Crossref","is-referenced-by-count":3,"title":["PreparedJS: Secure Script-Templates for JavaScript"],"prefix":"10.1007","author":[{"given":"Martin","family":"Johns","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","reference":[{"key":"6_CR1","doi-asserted-by":"crossref","unstructured":"Van Acker, S., De Ryck, P., Desmet, L., Piessens, F., Joosen, W.: WebJail: Least-privilege Integration of Third-party Components in Web Mashups. In: Proceedings of the ACSAC 2011 Conference (2011)","DOI":"10.1145\/2076732.2076775"},{"key":"6_CR2","doi-asserted-by":"crossref","unstructured":"Bates, D., Barth, A., Jackson, C.: Regular expressions considered harmful in client-side XSS filters. In: WWW (2010)","DOI":"10.1145\/1772690.1772701"},{"key":"6_CR3","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"23","DOI":"10.1007\/978-3-540-70542-0_2","volume-title":"Detection of Intrusions and Malware, and Vulnerability Assessment","author":"P. Bisht","year":"2008","unstructured":"Bisht, P., Venkatakrishnan, V.N.: XSS-GUARD: Precise dynamic prevention of cross-site scripting attacks. In: Zamboni, D. (ed.) DIMVA 2008. LNCS, vol.\u00a05137, pp. 23\u201343. Springer, Heidelberg (2008)"},{"key":"6_CR4","unstructured":"CERT\/CC. CERT Advisory CA-2000-02 Malicious HTML Tags Embedded in Client Web Requests (February 2000), \n                    \n                      http:\/\/www.cert.org\/advisories\/CA-2000-02.html\n                    \n                    \n                   (January 30, 2006)"},{"key":"6_CR5","doi-asserted-by":"crossref","unstructured":"Crockford, D.: The application\/json Media Type for JavaScript Object Notation (JSON). RFC 4627 (July 2006), \n                    \n                      http:\/\/www.ietf.org\/rfc\/rfc4627.txt","DOI":"10.17487\/rfc4627"},{"key":"6_CR6","doi-asserted-by":"crossref","unstructured":"Heiderich, M., Niemietz, M., Schuster, F., Holz, T., Schwenk, J.: Scriptless attacks: stealing the pie without touching the sill. In: ACM Conference on Computer and Communications Security (2012)","DOI":"10.1145\/2382196.2382276"},{"key":"6_CR7","doi-asserted-by":"crossref","unstructured":"Jim, T., Swamy, N., Hicks, M.: Defeating Script Injection Attacks with Browser-Enforced Embedded Policies. In: WWW 2007 (May 2007)","DOI":"10.1145\/1242572.1242654"},{"key":"6_CR8","unstructured":"Johns, M.: Code Injection Vulnerabilities in Web Applications - Exemplified at Cross-site Scripting. PhD thesis, University of Passau (2009)"},{"key":"6_CR9","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"96","DOI":"10.1007\/978-3-642-11747-3_8","volume-title":"Engineering Secure Software and Systems","author":"M. Johns","year":"2010","unstructured":"Johns, M., Beyerlein, C., Giesecke, R., Posegga, J.: Secure Code Generation for Web Applications. In: Massacci, F., Wallach, D., Zannone, N. (eds.) ESSoS 2010. LNCS, vol.\u00a05965, pp. 96\u2013113. Springer, Heidelberg (2010)"},{"key":"6_CR10","unstructured":"Klein, A.: DOM Based Cross Site Scripting or XSS of the Third Kind (Sebtember 2005), \n                    \n                      http:\/\/www.webappsec.org\/projects\/articles\/071105.shtml\n                    \n                    \n                   (May 05, 2007)"},{"key":"6_CR11","doi-asserted-by":"crossref","unstructured":"Louw, M.T., Venkatakrishnan, V.N.: BluePrint: Robust prevention of Cross-site Scripting Attacks for Existing Browsers. In: IEEE Symposium on Security and Privacy, Oakland (May 2009)","DOI":"10.1109\/SP.2009.33"},{"key":"6_CR12","unstructured":"Maone, G.: NoScript Firefox Extension (2006) (software) \n                    \n                      http:\/\/www.noscript.net\/whats"},{"key":"6_CR13","doi-asserted-by":"crossref","unstructured":"Meyerovich, L.A., Benjamin Livshits, V.: Conscript: Specifying and enforcing fine-grained security policies for javascript in the browser. In: IEEE Symposium on Security and Privacy, pp. 481\u2013496. IEEE Computer Society (2010)","DOI":"10.1109\/SP.2010.36"},{"key":"6_CR14","unstructured":"Nadji, Y., Saxena, P., Song, D.: Document Structure Integrity: A Robust Basis for Cross-site Scripting Defense. In: NDSS 2009 (2009)"},{"key":"6_CR15","series-title":"IFIP AICT","doi-asserted-by":"publisher","first-page":"295","DOI":"10.1007\/0-387-25660-1_20","volume-title":"Security and Privacy in the Age of Ubiquitous Computing","author":"A. Nguyen-Tuong","year":"2005","unstructured":"Nguyen-Tuong, A., Guarnieri, S., Greene, D., Shirley, J., Evans, D.: Automatically hardening web applications using precise tainting. In: Sasaki, R., Qing, S., Okamoto, E., Yoshiura, H. (eds.) Security and Privacy in the Age of Ubiquitous Computing. IFIP AICT, vol.\u00a0181, pp. 295\u2013307. Springer, Boston (2005)"},{"key":"6_CR16","doi-asserted-by":"crossref","unstructured":"Nikiforakis, N., Invernizzi, L., Kapravelos, A., Van Acker, S., Joosen, W., Kruegel, C., Piessens, F., Vigna, G.: You Are What You Include: Large-scale Evaluation of Remote JavaScript Inclusions. In: CCS 2012 (2012)","DOI":"10.1145\/2382196.2382274"},{"key":"6_CR17","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"87","DOI":"10.1007\/978-3-642-19125-1_7","volume-title":"Engineering Secure Software and Systems","author":"N. Nikiforakis","year":"2011","unstructured":"Nikiforakis, N., Meert, W., Younan, Y., Johns, M., Joosen, W.: SessionShield: Lightweight Protection against Session Hijacking. In: Erlingsson, \u00da., Wieringa, R., Zannone, N. (eds.) ESSoS 2011. LNCS, vol.\u00a06542, pp. 87\u2013100. Springer, Heidelberg (2011)"},{"key":"6_CR18","unstructured":"Open Web Application Project (OWASP). OWASP Top 10 for 2010 (The Top Ten Most Critical Web Application Security Vulnerabilities) (2010), \n                    \n                      http:\/\/www.owasp.org\/index.php\/Category:OWASP_Top_Ten_Project"},{"key":"6_CR19","unstructured":"Open Web Application Project (OWASP). XSS (Cross Site Scripting) Prevention Cheat Sheet (2012), https:\/\/www.owasp.org\/index.php\/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet (last accessed December 03, 2012)"},{"key":"6_CR20","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"124","DOI":"10.1007\/11663812_7","volume-title":"Recent Advances in Intrusion Detection","author":"T. Pietraszek","year":"2006","unstructured":"Pietraszek, T., Berghe, C.V.: Defending against Injection Attacks through Context-Sensitive String Evaluation. In: Valdes, A., Zamboni, D. (eds.) RAID 2005. LNCS, vol.\u00a03858, pp. 124\u2013145. Springer, Heidelberg (2006)"},{"key":"6_CR21","unstructured":"Robertson, W., Vigna, G.: Static Enforcement of Web Application Integrity Through Strong Typing. In: Proceedings of the USENIX Security Symposium, Montreal, Canada (August 2009)"},{"key":"6_CR22","unstructured":"Ross, D.: IE 8 XSS Filter Architecture \/ Implementation (August 2008), \n                    \n                      http:\/\/blogs.technet.com\/b\/srd\/archive\/2008\/08\/19\/ie-8-xss-filter-architecture-implementation.aspx\n                    \n                    \n                   (last accessed May 05, 2012)"},{"key":"6_CR23","unstructured":"Ruderman, J.: The Same Origin Policy (August 2001), \n                    \n                      http:\/\/www.mozilla.org\/projects\/security\/components\/same-origin.html\n                    \n                    \n                   (January 10, 2006)"},{"issue":"3","key":"6_CR24","doi-asserted-by":"publisher","first-page":"344","DOI":"10.1016\/j.cose.2011.12.013","volume":"31","author":"T. Scholte","year":"2012","unstructured":"Scholte, T., Balzarotti, D., Kirda, E.: Have things changed now? an empirical study on input validation vulnerabilities in web applications. Computers & Security\u00a031(3), 344\u2013356 (2012)","journal-title":"Computers & Security"},{"key":"6_CR25","doi-asserted-by":"crossref","unstructured":"Stamm, S., Sterne, B., Markham, G.: Reining in the web with content security policy. In: WWW (2010)","DOI":"10.1145\/1772690.1772784"},{"key":"6_CR26","unstructured":"The webappsec mailing list. The Cross Site Scripting (XSS) FAQ (May 2002), \n                    \n                      http:\/\/www.cgisecurity.com\/articles\/xss-faq.shtml"},{"key":"6_CR27","unstructured":"Toews, B.: Abusing Password Managers with XSS (April 2012), \n                    \n                      http:\/\/labs.neohapsis.com\/2012\/04\/25\/abusing-password-managers-with-xss\/\n                    \n                    \n                   (last accessed May 05, 2012)"},{"key":"6_CR28","unstructured":"Vogt, P., Nentwich, F., Jovanovic, N., Kruegel, C., Kirda, E., Vigna, G.: Cross Site Scripting Prevention with Dynamic Data Tainting and Static Analysis. In: NDSS 2007 (2007)"},{"key":"6_CR29","unstructured":"W3C. Content Security Policy 1.0. W3C Candidate Recommendation (November 2012), \n                    \n                      http:\/\/www.w3.org\/TR\/2011\/WD-CSP-20111129\/"},{"key":"6_CR30","unstructured":"W3C. Content Security Policy 1.1. W3C Editor\u2019s Draft 02 (December 2012), \n                    \n                      https:\/\/dvcs.w3.org\/hg\/content-security-policy\/raw-file\/tip\/csp-specification.dev.html"},{"key":"6_CR31","unstructured":"Zalewski, M.: Postcards from the post-XSS world (December 2011), \n                    \n                      http:\/\/lcamtuf.coredump.cx\/postxss\/"}],"container-title":["Lecture Notes in Computer Science","Detection of Intrusions and Malware, and Vulnerability Assessment"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-642-39235-1_6","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,5,15]],"date-time":"2019-05-15T15:16:17Z","timestamp":1557933377000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-642-39235-1_6"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2013]]},"ISBN":["9783642392344","9783642392351"],"references-count":31,"URL":"https:\/\/doi.org\/10.1007\/978-3-642-39235-1_6","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2013]]}}}