{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,12,16]],"date-time":"2025-12-16T12:12:18Z","timestamp":1765887138187,"version":"3.41.0"},"publisher-location":"New York, NY, USA","reference-count":50,"publisher":"ACM","license":[{"start":{"date-parts":[[2009,4,20]],"date-time":"2009-04-20T00:00:00Z","timestamp":1240185600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2009,4,20]]},"DOI":"10.1145\/1526709.1526838","type":"proceedings-article","created":{"date-parts":[[2009,4,21]],"date-time":"2009-04-21T14:17:17Z","timestamp":1240323437000},"page":"961-970","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":62,"title":["Characterizing insecure javascript practices on the web"],"prefix":"10.1145","author":[{"given":"Chuan","family":"Yue","sequence":"first","affiliation":[{"name":"The College of William and Mary, Williamsburg, VA, USA"}]},{"given":"Haining","family":"Wang","sequence":"additional","affiliation":[{"name":"The College of William and Mary, Williamsburg, VA, USA"}]}],"member":"320","published-online":{"date-parts":[[2009,4,20]]},"reference":[{"key":"e_1_3_2_1_1_1","doi-asserted-by":"publisher","DOI":"10.1145\/183432.183527"},{"key":"e_1_3_2_1_2_1","doi-asserted-by":"publisher","DOI":"10.1145\/1455770.1455782"},{"key":"e_1_3_2_1_3_1","doi-asserted-by":"publisher","DOI":"10.5555\/850947.853341"},{"key":"e_1_3_2_1_4_1","doi-asserted-by":"publisher","DOI":"10.1145\/1242572.1242656"},{"key":"e_1_3_2_1_5_1","first-page":"843","article-title":"Designing Data-Intensive Web Applications. Morgan Kaufmann","volume":"1","author":"Ceri S.","year":"2002","unstructured":"S. Ceri , P. Fraternali , A. Bongio , M. Brambilla , S. Comai , and M. Matera . Designing Data-Intensive Web Applications. Morgan Kaufmann , ISBN 1-55860 - 843 - 845 , 2002 . S. Ceri, P. Fraternali, A. Bongio, M. Brambilla, S. Comai, and M. Matera. Designing Data-Intensive Web Applications. Morgan Kaufmann, ISBN 1-55860-843-5, 2002.","journal-title":"ISBN"},{"key":"e_1_3_2_1_6_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2007.6"},{"key":"e_1_3_2_1_7_1","volume-title":"Web Engineering: Principles And Techniques","author":"W.","year":"2005","unstructured":"W. S. (Editor). Web Engineering: Principles And Techniques . IGI Publishing , ISBN 1-591-40433-9, 2005 . W. S. (Editor). Web Engineering: Principles And Techniques. IGI Publishing, ISBN 1-591-40433-9, 2005."},{"key":"e_1_3_2_1_8_1","doi-asserted-by":"publisher","DOI":"10.1145\/1408664.1408680"},{"key":"e_1_3_2_1_9_1","volume-title":"JavaScript: The Definitive Guide","author":"Flanagan D.","year":"2006","unstructured":"D. Flanagan . JavaScript: The Definitive Guide . O'Reilly Media , ISBN 0-596-10199-6, 2006 . D. Flanagan. JavaScript: The Definitive Guide. O'Reilly Media, ISBN 0-596-10199-6, 2006."},{"key":"e_1_3_2_1_10_1","first-page":"49154","article-title":"XSS Exploits: Cross Site Scripting Attacks and Defense. Syngress","volume":"1","author":"Fogie S.","year":"2007","unstructured":"S. Fogie , J. Grossman , R. Hansen , A. Rager , and P. D. Petkov . XSS Exploits: Cross Site Scripting Attacks and Defense. Syngress , ISBN 1-597 - 49154 - 49153 , 2007 . S. Fogie, J. Grossman, R. Hansen, A. Rager, and P. D. Petkov. XSS Exploits: Cross Site Scripting Attacks and Defense. Syngress, ISBN 1-597-49154-3, 2007.","journal-title":"ISBN"},{"key":"e_1_3_2_1_11_1","doi-asserted-by":"publisher","DOI":"10.1145\/988672.988679"},{"key":"e_1_3_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.1145\/1135777.1135884"},{"key":"e_1_3_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.1145\/1242572.1242654"},{"key":"e_1_3_2_1_14_1","doi-asserted-by":"publisher","DOI":"10.1145\/1135777.1135817"},{"key":"e_1_3_2_1_15_1","volume-title":"Web Engineering: The Discipline of Systematic Development of Web Applications","author":"Kappel G.","year":"2006","unstructured":"G. Kappel , B. Proll , S. Reich , and W. R. (Eds.). Web Engineering: The Discipline of Systematic Development of Web Applications . John Wiley & amp; Sons, ISBN 0-470-01554-3, 2006 . G. Kappel, B. Proll, S. Reich, and W. R. (Eds.). Web Engineering: The Discipline of Systematic Development of Web Applications. John Wiley & Sons, ISBN 0-470-01554-3, 2006."},{"key":"e_1_3_2_1_16_1","doi-asserted-by":"publisher","DOI":"10.1145\/1135777.1135829"},{"key":"e_1_3_2_1_17_1","doi-asserted-by":"publisher","DOI":"10.1145\/1180405.1180434"},{"key":"e_1_3_2_1_18_1","first-page":"335","volume-title":"Proc. of the USENIX Annual Technical Conference","author":"Livshits B.","year":"2008","unstructured":"B. Livshits and W. Cui . Spectator: detection and containment of javascript worms . In Proc. of the USENIX Annual Technical Conference , pages 335 -- 348 , 2008 . B. Livshits and W. Cui. Spectator: detection and containment of javascript worms. In Proc. of the USENIX Annual Technical Conference, pages 335--348, 2008."},{"key":"e_1_3_2_1_19_1","volume-title":"Web Engineering","author":"Mendes E.","year":"2005","unstructured":"E. Mendes and N. M. (Eds.). Web Engineering . Springer , ISBN 3-540-28196-7, 2005 . E. Mendes and N. M. (Eds.). Web Engineering. Springer, ISBN 3-540-28196-7, 2005."},{"key":"e_1_3_2_1_20_1","volume-title":"Proc. of the NDSS","author":"Moshchuk A.","year":"2006","unstructured":"A. Moshchuk , T. Bragin , S. D. Gribble , and H. M. Levy . A crawler-based study of spyware in the web . In Proc. of the NDSS , 2006 . A. Moshchuk, T. Bragin, S. D. Gribble, and H. M. Levy. A crawler-based study of spyware in the web. In Proc. of the NDSS, 2006."},{"key":"e_1_3_2_1_21_1","doi-asserted-by":"crossref","DOI":"10.1007\/3-540-45144-7","volume-title":"Web Engineering : Managing Diversity and Complexity of Web Application Development","author":"Murugesan S.","year":"2001","unstructured":"S. Murugesan and Y. D. (Eds.). Web Engineering : Managing Diversity and Complexity of Web Application Development . Springer , ISBN 3-540-42130-0, 2001 . S. Murugesan and Y. D. (Eds.). Web Engineering : Managing Diversity and Complexity of Web Application Development. Springer, ISBN 3-540-42130-0, 2001."},{"key":"e_1_3_2_1_22_1","doi-asserted-by":"publisher","DOI":"10.1145\/1455770.1455783"},{"key":"e_1_3_2_1_23_1","volume-title":"Web Site Engineering: Beyond Web Page Design","author":"Powell T. A.","year":"1998","unstructured":"T. A. Powell , D. L. Jones , and D. C. Cutts . Web Site Engineering: Beyond Web Page Design . Prentice Hall , ISBN : 0-13650-920-7, 1998 . T. A. Powell, D. L. Jones, and D. C. Cutts. Web Site Engineering: Beyond Web Page Design. Prentice Hall, ISBN: 0-13650-920-7, 1998."},{"key":"e_1_3_2_1_24_1","volume-title":"Proc. of the USENIX Security Symposium","author":"Provos N.","year":"2008","unstructured":"N. Provos , P. Mavrommatis , M. A. Rajab , and F. Monrose . All your iframes point to us . In Proc. of the USENIX Security Symposium , 2008 . N. Provos, P. Mavrommatis, M. A. Rajab, and F. Monrose. All your iframes point to us. In Proc. of the USENIX Security Symposium, 2008."},{"key":"e_1_3_2_1_25_1","first-page":"61","volume-title":"Proc. of the OSDI","author":"Reis C.","year":"2006","unstructured":"C. Reis , J. Dunagan , H. J. Wang , O. Dubrovsky , and S. Esmeir . Browsershield: vulnerability-driven filtering of dynamic html . In Proc. of the OSDI , pages 61 -- 74 , 2006 . C. Reis, J. Dunagan, H. J. Wang, O. Dubrovsky, and S. Esmeir. Browsershield: vulnerability-driven filtering of dynamic html. In Proc. of the OSDI, pages 61--74, 2006."},{"key":"e_1_3_2_1_26_1","doi-asserted-by":"publisher","DOI":"10.1145\/988672.988740"},{"key":"e_1_3_2_1_27_1","volume-title":"Web Engineering: Modelling and Implementing Web Applications","author":"Rossi G.","year":"2007","unstructured":"G. Rossi , O. Pastor , D. Schwabe , and L. O. (Eds.). Web Engineering: Modelling and Implementing Web Applications . Springer , ISBN : 1-84628-922-X, 2007 . G. Rossi, O. Pastor, D. Schwabe, and L. O. (Eds.). Web Engineering: Modelling and Implementing Web Applications. Springer, ISBN: 1-84628-922-X, 2007."},{"key":"e_1_3_2_1_28_1","volume-title":"Proc. of the NDSS","author":"Wang Y.-M.","year":"2006","unstructured":"Y.-M. Wang , D. Beck , X. Jiang , R. Roussev , C. Verbowski , S. Chen , and S. T. King . Automated web patrol with strider honeymonkeys: Finding web sites that exploit browser vulnerabilities . In Proc. of the NDSS , 2006 . Y.-M. Wang, D. Beck, X. Jiang, R. Roussev, C. Verbowski, S. Chen, and S. T. King. Automated web patrol with strider honeymonkeys: Finding web sites that exploit browser vulnerabilities. In Proc. of the NDSS, 2006."},{"key":"e_1_3_2_1_29_1","doi-asserted-by":"publisher","DOI":"10.1145\/1368088.1368112"},{"key":"e_1_3_2_1_30_1","doi-asserted-by":"publisher","DOI":"10.5555\/786767.786825"},{"key":"e_1_3_2_1_31_1","doi-asserted-by":"publisher","DOI":"10.1002\/spe.4380210706"},{"key":"e_1_3_2_1_32_1","doi-asserted-by":"publisher","DOI":"10.1145\/1190216.1190252"},{"key":"e_1_3_2_1_33_1","doi-asserted-by":"publisher","DOI":"10.1109\/DSN.2007.21"},{"key":"e_1_3_2_1_34_1","doi-asserted-by":"publisher","DOI":"10.1145\/1060745.1060761"},{"key":"e_1_3_2_1_35_1","unstructured":"24\n    ways: Don't be eval(). http:\/\/24ways.org\/2005\/dont-be-eval.  24 ways: Don't be eval(). http:\/\/24ways.org\/2005\/dont-be-eval."},{"key":"e_1_3_2_1_36_1","unstructured":"Alexa Top Sites. http:\/\/www.alexa.com\/browse?CategoryID=1.  Alexa Top Sites. http:\/\/www.alexa.com\/browse?CategoryID=1."},{"key":"e_1_3_2_1_37_1","unstructured":"CERT Advisory CA-2000-02 Malicious HTML Tags Embedded in Client Web Requests. http:\/\/www.cert.org\/advisories\/CA-2000-02.html.  CERT Advisory CA-2000-02 Malicious HTML Tags Embedded in Client Web Requests. http:\/\/www.cert.org\/advisories\/CA-2000-02.html."},{"key":"e_1_3_2_1_38_1","unstructured":"Cross-site scripting. http:\/\/en.wikipedia.org\/wiki\/Cross-site_scripting.  Cross-site scripting. http:\/\/en.wikipedia.org\/wiki\/Cross-site_scripting."},{"key":"e_1_3_2_1_39_1","unstructured":"eval -- MDC. http:\/\/developer.mozilla.org\/en\/ Core_JavaScript_1.5_Reference\/Global_Functions\/eval.  eval -- MDC. http:\/\/developer.mozilla.org\/en\/ Core_JavaScript_1.5_Reference\/Global_Functions\/eval."},{"key":"e_1_3_2_1_40_1","unstructured":"JavaScript. http:\/\/en.wikipedia.org\/wiki\/JavaScript.  JavaScript. http:\/\/en.wikipedia.org\/wiki\/JavaScript."},{"key":"e_1_3_2_1_41_1","unstructured":"JSAPI reference -- MDC. http:\/\/developer.mozilla.org\/en\/JSAPI_Reference.  JSAPI reference -- MDC. http:\/\/developer.mozilla.org\/en\/JSAPI_Reference."},{"key":"e_1_3_2_1_42_1","unstructured":"JSON in JavaScript. http:\/\/www.json.org\/js.html.  JSON in JavaScript. http:\/\/www.json.org\/js.html."},{"key":"e_1_3_2_1_43_1","unstructured":"JSPrincipals -- MDC. http:\/\/developer.mozilla.org\/en\/JSPrincipals.  JSPrincipals -- MDC. http:\/\/developer.mozilla.org\/en\/JSPrincipals."},{"key":"e_1_3_2_1_44_1","unstructured":"MSDN\n  : innerHTML property. http:\/\/msdn.microsoft.com \/en-us\/library\/ms533897(VS.85).aspx.  MSDN: innerHTML property. http:\/\/msdn.microsoft.com \/en-us\/library\/ms533897(VS.85).aspx."},{"key":"e_1_3_2_1_45_1","unstructured":"Same origin policy. http:\/\/en.wikipedia.org\/wiki\/Same_origin_policy.  Same origin policy. http:\/\/en.wikipedia.org\/wiki\/Same_origin_policy."},{"key":"e_1_3_2_1_46_1","unstructured":"SANS Top-20 2007 Security Risks (2007 Annual Update). http:\/\/www.sans.org\/top20\/2007\/.  SANS Top-20 2007 Security Risks (2007 Annual Update). http:\/\/www.sans.org\/top20\/2007\/."},{"key":"e_1_3_2_1_47_1","unstructured":"SpiderMonkey (JavaScript-C) Engine. http:\/\/www.mozilla.org\/js\/spidermonkey\/.  SpiderMonkey (JavaScript-C) Engine. http:\/\/www.mozilla.org\/js\/spidermonkey\/."},{"volume-title":"April","year":"2008","key":"e_1_3_2_1_48_1","unstructured":"Symantec Internet security threat report volume XIII : April , 2008 . http:\/\/www.symantec.com\/ business\/theme.jsp?themeid=threatreport. Symantec Internet security threat report volume XIII: April, 2008. http:\/\/www.symantec.com\/ business\/theme.jsp?themeid=threatreport."},{"key":"e_1_3_2_1_49_1","unstructured":"Unobtrusive Javascript. http:\/\/www.onlinetools.org\/articles\/unobtrusivejavascript\/.  Unobtrusive Javascript. http:\/\/www.onlinetools.org\/articles\/unobtrusivejavascript\/."},{"key":"e_1_3_2_1_50_1","unstructured":"XMLHttpRequest. http:\/\/www.w3.org\/TR\/XMLHttpRequest\/.  XMLHttpRequest. http:\/\/www.w3.org\/TR\/XMLHttpRequest\/."}],"event":{"name":"WWW '09: The 18th International World Wide Web Conference","sponsor":["SIGWEB ACM Special Interest Group on Hypertext, Hypermedia, and Web","ACM Association for Computing Machinery"],"location":"Madrid Spain","acronym":"WWW '09"},"container-title":["Proceedings of the 18th international conference on World wide web"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/1526709.1526838","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/1526709.1526838","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T13:29:47Z","timestamp":1750253387000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/1526709.1526838"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2009,4,20]]},"references-count":50,"alternative-id":["10.1145\/1526709.1526838","10.1145\/1526709"],"URL":"https:\/\/doi.org\/10.1145\/1526709.1526838","relation":{},"subject":[],"published":{"date-parts":[[2009,4,20]]},"assertion":[{"value":"2009-04-20","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}