{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,11,28]],"date-time":"2025-11-28T18:54:04Z","timestamp":1764356044666,"version":"3.46.0"},"reference-count":16,"publisher":"Institute of Electrical and Electronics Engineers (IEEE)","issue":"6","license":[{"start":{"date-parts":[[2025,11,1]],"date-time":"2025-11-01T00:00:00Z","timestamp":1761955200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/ieeexplore.ieee.org\/Xplorehelp\/downloads\/license-information\/IEEE.html"},{"start":{"date-parts":[[2025,11,1]],"date-time":"2025-11-01T00:00:00Z","timestamp":1761955200000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-029"},{"start":{"date-parts":[[2025,11,1]],"date-time":"2025-11-01T00:00:00Z","timestamp":1761955200000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-037"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["IEEE Secur. Privacy"],"published-print":{"date-parts":[[2025,11]]},"DOI":"10.1109\/msec.2025.3602309","type":"journal-article","created":{"date-parts":[[2025,11,26]],"date-time":"2025-11-26T19:06:28Z","timestamp":1764183988000},"page":"73-78","source":"Crossref","is-referenced-by-count":0,"title":["Toward Practical and Scalable Adoption of Nonce-Based Content Security Policy on the Web"],"prefix":"10.1109","volume":"23","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-8850-8583","authenticated-orcid":false,"given":"Anhao","family":"Xiang","sequence":"first","affiliation":[{"name":"Department of Computer Science, Colorado School of Mines, Golden, CO, USA"}]},{"ORCID":"https:\/\/orcid.org\/0009-0003-3918-4206","authenticated-orcid":false,"given":"Mengxia","family":"Ren","sequence":"additional","affiliation":[{"name":"College of Computer Science and Technology, Zhejiang University, Hangzhou, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-6095-4768","authenticated-orcid":false,"given":"Chuan","family":"Yue","sequence":"additional","affiliation":[{"name":"Department of Computer Science, Colorado School of Mines, Golden, CO, USA"}]},{"ORCID":"https:\/\/orcid.org\/0009-0002-3646-5531","authenticated-orcid":false,"given":"James","family":"Crea","sequence":"additional","affiliation":[{"name":"Department of Computer Science, University of Illinois Urbana–Champaign, Urbana, IL, USA"}]},{"ORCID":"https:\/\/orcid.org\/0009-0008-7978-6515","authenticated-orcid":false,"given":"Jack","family":"Kingham","sequence":"additional","affiliation":[{"name":"Department of Computer Science, Colorado School of Mines, Golden, CO, USA"}]},{"ORCID":"https:\/\/orcid.org\/0009-0009-4084-3719","authenticated-orcid":false,"given":"Zachary","family":"Samuels","sequence":"additional","affiliation":[{"name":"Department of Computer Science, Colorado School of Mines, Golden, CO, USA"}]}],"member":"263","reference":[{"volume-title":"Cross site scripting (XSS)","year":"2025","key":"ref1"},{"volume-title":"OWASP top ten","year":"2025","key":"ref2"},{"volume-title":"CWE top 25 most dangerous software weaknesses","year":"2025","key":"ref3"},{"volume-title":"W3C: Content security policy level 3","year":"2025","key":"ref4"},{"key":"ref5","doi-asserted-by":"publisher","DOI":"10.1145\/2976749.2978363"},{"key":"ref6","doi-asserted-by":"publisher","DOI":"10.1145\/2976749.2978338"},{"key":"ref7","doi-asserted-by":"publisher","DOI":"10.1109\/eurosp57164.2023.00032"},{"key":"ref8","doi-asserted-by":"publisher","DOI":"10.1145\/3460120.3484780"},{"key":"ref9","doi-asserted-by":"publisher","DOI":"10.1109\/icse55347.2025.00193"},{"volume-title":"Mitigate cross-site scripting (XSS) with a strict content security policy (CSP)","year":"2025","author":"Weichselbaum","key":"ref10"},{"volume-title":"Content security policy - A successful mess between hardening and mitigation","year":"2019","author":"Weichselbaum","key":"ref11"},{"key":"ref12","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-031-54129-2_27"},{"volume-title":"Adding CSP to.Net React application","year":"2025","key":"ref13"},{"volume-title":"How to implement content security policy NONCE in html script tags with node and helmet","year":"2025","key":"ref14"},{"volume-title":"Content security policy blocks angular styles","year":"2025","key":"ref15"},{"key":"ref16","doi-asserted-by":"publisher","DOI":"10.1109\/ipccc59868.2024.10850449"}],"container-title":["IEEE Security & Privacy"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx8\/8013\/11269917\/11269929.pdf?arnumber=11269929","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,11,28]],"date-time":"2025-11-28T18:45:02Z","timestamp":1764355502000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/11269929\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,11]]},"references-count":16,"journal-issue":{"issue":"6"},"URL":"https:\/\/doi.org\/10.1109\/msec.2025.3602309","relation":{},"ISSN":["1540-7993","1558-4046"],"issn-type":[{"type":"print","value":"1540-7993"},{"type":"electronic","value":"1558-4046"}],"subject":[],"published":{"date-parts":[[2025,11]]}}}