{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,6,19]],"date-time":"2025-06-19T04:37:08Z","timestamp":1750307828568,"version":"3.41.0"},"publisher-location":"New York, NY, USA","reference-count":25,"publisher":"ACM","license":[{"start":{"date-parts":[[2008,4,21]],"date-time":"2008-04-21T00:00:00Z","timestamp":1208736000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2008,4,21]]},"DOI":"10.1145\/1367497.1367566","type":"proceedings-article","created":{"date-parts":[[2008,5,15]],"date-time":"2008-05-15T18:35:39Z","timestamp":1210876539000},"page":"507-516","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":3,"title":["Better abstractions for secure server-side scripting"],"prefix":"10.1145","author":[{"given":"Dachuan","family":"Yu","sequence":"first","affiliation":[{"name":"DoCoMo Communications Laboratories USA, Inc., Palo Alto, CA, USA"}]},{"given":"Ajay","family":"Chander","sequence":"additional","affiliation":[{"name":"DoCoMo Communications Laboratories USA, Inc., Palo Alto, CA, USA"}]},{"given":"Hiroshi","family":"Inamura","sequence":"additional","affiliation":[{"name":"DoCoMo Communications Laboratories USA, Inc., Palo Alto, CA, USA"}]},{"given":"Igor","family":"Serikov","sequence":"additional","affiliation":[{"name":"DoCoMo Communications Laboratories USA, Inc., Palo Alto, CA, USA"}]}],"member":"320","published-online":{"date-parts":[[2008,4,21]]},"reference":[{"key":"e_1_3_2_1_1_1","doi-asserted-by":"publisher","DOI":"10.1007\/11531142_19"},{"key":"e_1_3_2_1_2_1","volume-title":"Proc. 1997 Conference on Domain-Specific Languages","author":"Atkins D.","year":"1997","unstructured":"D. Atkins , T. Ball , M. Benedikt , G. Bruns , K. Cox , P. Mataga , and K. Rehor . Experience with a domain specific language for form-based services . In Proc. 1997 Conference on Domain-Specific Languages , 1997 . D. Atkins, T. Ball, M. Benedikt, G. Bruns, K. Cox, P. Mataga, and K. Rehor. Experience with a domain specific language for form-based services. In Proc. 1997 Conference on Domain-Specific Languages, 1997."},{"key":"e_1_3_2_1_3_1","doi-asserted-by":"publisher","DOI":"10.1109\/32.798323"},{"key":"e_1_3_2_1_4_1","unstructured":"R. Auger. The Cross-Site Request Forgery FAQ. http:\/\/www.cgisecurity.com\/articles 2007. R. Auger. The Cross-Site Request Forgery FAQ. http:\/\/www.cgisecurity.com\/articles 2007."},{"key":"e_1_3_2_1_5_1","doi-asserted-by":"publisher","DOI":"10.1145\/514183.514184"},{"key":"e_1_3_2_1_6_1","doi-asserted-by":"publisher","DOI":"10.1145\/945885.945890"},{"key":"e_1_3_2_1_7_1","unstructured":"S. Christey and R. A. Martin. Vulnerability type distributions in CVE. http:\/\/cve.mitre.org\/docs\/vuln-trends 2007. S. Christey and R. A. Martin. Vulnerability type distributions in CVE. http:\/\/cve.mitre.org\/docs\/vuln-trends 2007."},{"key":"e_1_3_2_1_8_1","first-page":"231","volume-title":"Proc. 12th International Smalltalk Conference","author":"Ducasse S.","year":"2004","unstructured":"S. Ducasse , A. Lienhard , and L. Renggli . Seaside - a multiple control flow web application framework . In Proc. 12th International Smalltalk Conference , pages 231 -- 257 , Sept. 2004 . S. Ducasse, A. Lienhard, and L. Renggli. Seaside - a multiple control flow web application framework. In Proc. 12th International Smalltalk Conference, pages 231--257, Sept. 2004."},{"key":"e_1_3_2_1_9_1","volume-title":"Proc. 11th Workshop on Hot Topics in Operating Systems","author":"Livshits B.","year":"2007","unstructured":"\u00da. Erlingsson, B. Livshits , and Y. Xie . End-to-end web application security . In Proc. 11th Workshop on Hot Topics in Operating Systems , May 2007 . \u00da. Erlingsson, B. Livshits, and Y. Xie. End-to-end web application security. In Proc. 11th Workshop on Hot Topics in Operating Systems, May 2007."},{"key":"e_1_3_2_1_10_1","doi-asserted-by":"publisher","DOI":"10.5555\/872023.872573"},{"key":"e_1_3_2_1_11_1","doi-asserted-by":"publisher","DOI":"10.1145\/581339.581375"},{"key":"e_1_3_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.5555\/1765712.1765731"},{"key":"e_1_3_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.5555\/645771.667936"},{"key":"e_1_3_2_1_14_1","unstructured":"J. Kol\u0161ek. Session fixation vulnerability in web-based applications. http:\/\/www.acrossecurity.com\/papers.htm 2002. J. Kol\u0161ek. Session fixation vulnerability in web-based applications. http:\/\/www.acrossecurity.com\/papers.htm 2002."},{"key":"e_1_3_2_1_15_1","doi-asserted-by":"publisher","DOI":"10.1145\/1255329.1255346"},{"key":"e_1_3_2_1_16_1","doi-asserted-by":"crossref","first-page":"71","DOI":"10.1109\/WSE.2004.10013","volume-title":"Proc. 6th International Workshop on Web Site Evolution","author":"Lucca G. A. D.","year":"2004","unstructured":"G. A. D. Lucca , A. R. Fasolino , M. Mastoianni , and P. Tramontana . Identifying XSS vulnerabilities in web applications . In Proc. 6th International Workshop on Web Site Evolution , pages 71 -- 80 , 2004 . G. A. D. Lucca, A. R. Fasolino, M. Mastoianni, and P. Tramontana. Identifying XSS vulnerabilities in web applications. In Proc. 6th International Workshop on Web Site Evolution, pages 71--80, 2004."},{"key":"e_1_3_2_1_17_1","doi-asserted-by":"publisher","DOI":"10.1017\/S0956796804005350"},{"key":"e_1_3_2_1_18_1","unstructured":"G. Ollmann. Second-order code injection attacks. http:\/\/www.nextgenss.com\/papers 2004. G. Ollmann. Second-order code injection attacks. http:\/\/www.nextgenss.com\/papers 2004."},{"key":"e_1_3_2_1_19_1","unstructured":"OWASP Foundation. The ten most critical web application security vulnerabilities. http:\/\/www.owasp.org 2007. OWASP Foundation. The ten most critical web application security vulnerabilities. http:\/\/www.owasp.org 2007."},{"key":"e_1_3_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.1145\/1111037.1111070"},{"key":"e_1_3_2_1_21_1","doi-asserted-by":"publisher","DOI":"10.1145\/1052934.1052935"},{"key":"e_1_3_2_1_22_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-31987-0_28"},{"key":"e_1_3_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.1145\/1250734.1250739"},{"key":"e_1_3_2_1_24_1","volume-title":"July","author":"Yu D.","year":"2007","unstructured":"D. Yu , A. Chander , H. Inamura , and I. Serikov . Better abstractions for secure server-side scripting. DCL-TR-2007-0035 , July 2007 . D. Yu, A. Chander, H. Inamura, and I. Serikov. Better abstractions for secure server-side scripting. DCL-TR-2007-0035, July 2007."},{"key":"e_1_3_2_1_25_1","doi-asserted-by":"publisher","DOI":"10.1145\/1190216.1190252"}],"event":{"name":"WWW '08: The 17th International World Wide Web Conference","sponsor":["ACM Association for Computing Machinery","SIGWEB ACM Special Interest Group on Hypertext, Hypermedia, and Web"],"location":"Beijing China","acronym":"WWW '08"},"container-title":["Proceedings of the 17th international conference on World Wide Web"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/1367497.1367566","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/1367497.1367566","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T13:57:54Z","timestamp":1750255074000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/1367497.1367566"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2008,4,21]]},"references-count":25,"alternative-id":["10.1145\/1367497.1367566","10.1145\/1367497"],"URL":"https:\/\/doi.org\/10.1145\/1367497.1367566","relation":{},"subject":[],"published":{"date-parts":[[2008,4,21]]},"assertion":[{"value":"2008-04-21","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}