{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,1]],"date-time":"2026-02-01T06:28:15Z","timestamp":1769927295012,"version":"3.49.0"},"publisher-location":"New York, NY, USA","reference-count":25,"publisher":"ACM","license":[{"start":{"date-parts":[[2010,4,26]],"date-time":"2010-04-26T00:00:00Z","timestamp":1272240000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2010,4,26]]},"DOI":"10.1145\/1772690.1772701","type":"proceedings-article","created":{"date-parts":[[2010,4,27]],"date-time":"2010-04-27T12:45:48Z","timestamp":1272372348000},"page":"91-100","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":108,"title":["Regular expressions considered harmful in client-side XSS filters"],"prefix":"10.1145","author":[{"given":"Daniel","family":"Bates","sequence":"first","affiliation":[{"name":"UC Berkeley, Berkeley, CA, USA"}]},{"given":"Adam","family":"Barth","sequence":"additional","affiliation":[{"name":"UC Berkeley, Berkeley, CA, USA"}]},{"given":"Collin","family":"Jackson","sequence":"additional","affiliation":[{"name":"Carnegie Mellon University, Mountain View, CA, USA"}]}],"member":"320","published-online":{"date-parts":[[2010,4,26]]},"reference":[{"key":"e_1_3_2_1_1_1","doi-asserted-by":"publisher","DOI":"10.17487\/RFC1866"},{"key":"e_1_3_2_1_2_1","unstructured":"Steve Christey and Robert A. Martin. Vulnerability type distributions in cve 2007. http:\/\/cwe.mitre.org\/documents\/vuln-trends\/.  Steve Christey and Robert A. Martin. Vulnerability type distributions in cve 2007. http:\/\/cwe.mitre.org\/documents\/vuln-trends\/."},{"key":"e_1_3_2_1_3_1","unstructured":"Douglas Crockford. ADsafe.  Douglas Crockford. ADsafe."},{"key":"e_1_3_2_1_4_1","unstructured":"Facebook. Fbjs. http: \/\/wiki.developers.facebook.com\/index.php\/FBJS.  Facebook. Fbjs. http: \/\/wiki.developers.facebook.com\/index.php\/FBJS."},{"key":"e_1_3_2_1_5_1","unstructured":"David Flanagan. JavaScript: The Definitive Guide chapter 20.4 The Data-Tainting Security Model. O'Reilly & Associates Inc. second edition January 1997.  David Flanagan. JavaScript: The Definitive Guide chapter 20.4 The Data-Tainting Security Model. O'Reilly & Associates Inc. second edition January 1997."},{"key":"e_1_3_2_1_6_1","unstructured":"Google. Caja: A source-to-source translator for securing JavaScript-based web content. http:\/\/code.google.com\/p\/google-caja\/.  Google. Caja: A source-to-source translator for securing JavaScript-based web content. http:\/\/code.google.com\/p\/google-caja\/."},{"key":"e_1_3_2_1_7_1","unstructured":"Google. V8 benchmark suite. http:\/\/v8.googlecode. com\/svn\/data\/benchmarks\/v5\/run.html.  Google. V8 benchmark suite. http:\/\/v8.googlecode. com\/svn\/data\/benchmarks\/v5\/run.html."},{"key":"e_1_3_2_1_8_1","unstructured":"Robert Hansen. XSS (cross site scripting) cheat sheet. http:\/\/ha.ckers.org\/xss.html.  Robert Hansen. XSS (cross site scripting) cheat sheet. http:\/\/ha.ckers.org\/xss.html."},{"key":"e_1_3_2_1_9_1","unstructured":"Apple Inc. Sunspider. http:\/\/www2.webkit.org\/perf\/sunspider-0.9\/sunspider.html.  Apple Inc. Sunspider. http:\/\/www2.webkit.org\/perf\/sunspider-0.9\/sunspider.html."},{"key":"e_1_3_2_1_10_1","unstructured":"Inferno. Exploiting IE8 UTF-7 XSS vulnerability using local redirection May 2009. http:\/\/securethoughts.com\/2009\/05\/ exploiting-ie8-utf-7-xss-vulnerability-using-local-redirection\/.  Inferno. Exploiting IE8 UTF-7 XSS vulnerability using local redirection May 2009. http:\/\/securethoughts.com\/2009\/05\/ exploiting-ie8-utf-7-xss-vulnerability-using-local-redirection\/."},{"key":"e_1_3_2_1_11_1","doi-asserted-by":"publisher","DOI":"10.1145\/1141277.1141357"},{"key":"e_1_3_2_1_12_1","unstructured":"Eric Lawrence. IE8 security part VII: Clickjacking defenses. http:\/\/blogs.msdn.com\/ie\/archive\/2009\/01\/27\/ ie8-security-part-vii-clickjacking-defenses. aspx.  Eric Lawrence. IE8 security part VII: Clickjacking defenses. http:\/\/blogs.msdn.com\/ie\/archive\/2009\/01\/27\/ ie8-security-part-vii-clickjacking-defenses. aspx."},{"key":"e_1_3_2_1_13_1","unstructured":"David Lindsay et al. Chrome gets XSS filters September 2009. http:\/\/sla.ckers.org\/forum\/read.php?13 31377.  David Lindsay et al. Chrome gets XSS filters September 2009. http:\/\/sla.ckers.org\/forum\/read.php?13 31377."},{"key":"e_1_3_2_1_14_1","unstructured":"Giorgio Maone. NoScript. http:\/\/www.noscript.net.  Giorgio Maone. NoScript. http:\/\/www.noscript.net."},{"key":"e_1_3_2_1_15_1","doi-asserted-by":"crossref","unstructured":"Larry Masinter. The \"data\" URL scheme. IETF RFC 2397 August 1998.   Larry Masinter. The \"data\" URL scheme. IETF RFC 2397 August 1998.","DOI":"10.17487\/rfc2397"},{"key":"e_1_3_2_1_16_1","unstructured":"Microsoft. About dynamic properties. http:\/\/msdn.microsoft.com\/en-us\/library\/ms537634(VS.85).aspx.  Microsoft. About dynamic properties. http:\/\/msdn.microsoft.com\/en-us\/library\/ms537634(VS.85).aspx."},{"key":"e_1_3_2_1_17_1","unstructured":"Mitre. CVE-2009-4074.  Mitre. CVE-2009-4074."},{"key":"e_1_3_2_1_18_1","unstructured":"Eduardo Vela Nava and David Lindsay. Our favorite XSS filters\/IDS and how to attack them 2009. Black Hat USA presentation.  Eduardo Vela Nava and David Lindsay. Our favorite XSS filters\/IDS and how to attack them 2009. Black Hat USA presentation."},{"key":"e_1_3_2_1_19_1","unstructured":"Jeremias Reith. Internals of noXSS October 2008. http:\/\/www.noxss.org\/wiki\/Internals.  Jeremias Reith. Internals of noXSS October 2008. http:\/\/www.noxss.org\/wiki\/Internals."},{"key":"e_1_3_2_1_20_1","unstructured":"David Ross. IE 8 XSS filter architecture\/implementation August 2008. http: \/\/blogs.technet.com\/srd\/archive\/2008\/08\/18\/ ie-8-xss-filter-architecture-implementation. aspx.  David Ross. IE 8 XSS filter architecture\/implementation August 2008. http: \/\/blogs.technet.com\/srd\/archive\/2008\/08\/18\/ ie-8-xss-filter-architecture-implementation. aspx."},{"key":"e_1_3_2_1_21_1","unstructured":"Steve. Preventing frame busting and click jacking Februrary 2009. http:\/\/coderrr.wordpress.com\/2009\/02\/13\/ preventing-frame-busting-and-click-jacking-ui-redressing\/.  Steve. Preventing frame busting and click jacking Februrary 2009. http:\/\/coderrr.wordpress.com\/2009\/02\/13\/ preventing-frame-busting-and-click-jacking-ui-redressing\/."},{"key":"e_1_3_2_1_22_1","unstructured":"Andrew van der Stock Jeff Williams and Dave Wichers. OWASP top 10 2007. http:\/\/www.owasp.org\/index.php\/Top_10_2007.  Andrew van der Stock Jeff Williams and Dave Wichers. OWASP top 10 2007. http:\/\/www.owasp.org\/index.php\/Top_10_2007."},{"key":"e_1_3_2_1_23_1","volume-title":"Proceedings of the Network and Distributed System Security Symposium (NDSS)","author":"Vogt Philipp","year":"2007"},{"key":"e_1_3_2_1_24_1","unstructured":"Michal Zalewski. Browser Security Handbook volume 2.  Michal Zalewski. Browser Security Handbook volume 2."},{"key":"e_1_3_2_1_25_1","unstructured":"http:\/\/code.google.com\/p\/browsersec\/wiki\/ Part2#Arbitrary_page_mashups_(UI_redressing).  http:\/\/code.google.com\/p\/browsersec\/wiki\/ Part2#Arbitrary_page_mashups_(UI_redressing)."}],"event":{"name":"WWW '10: The 19th International World Wide Web Conference","location":"Raleigh North Carolina USA","acronym":"WWW '10"},"container-title":["Proceedings of the 19th international conference on World wide web"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/1772690.1772701","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/1772690.1772701","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T20:26:28Z","timestamp":1750278388000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/1772690.1772701"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2010,4,26]]},"references-count":25,"alternative-id":["10.1145\/1772690.1772701","10.1145\/1772690"],"URL":"https:\/\/doi.org\/10.1145\/1772690.1772701","relation":{},"subject":[],"published":{"date-parts":[[2010,4,26]]},"assertion":[{"value":"2010-04-26","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}