{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,24]],"date-time":"2026-02-24T18:23:33Z","timestamp":1771957413811,"version":"3.50.1"},"publisher-location":"New York, NY, USA","reference-count":22,"publisher":"ACM","license":[{"start":{"date-parts":[[2010,4,26]],"date-time":"2010-04-26T00:00:00Z","timestamp":1272240000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2010,4,26]]},"DOI":"10.1145\/1772690.1772784","type":"proceedings-article","created":{"date-parts":[[2010,4,27]],"date-time":"2010-04-27T12:45:48Z","timestamp":1272372348000},"page":"921-930","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":121,"title":["Reining in the web with content security policy"],"prefix":"10.1145","author":[{"given":"Sid","family":"Stamm","sequence":"first","affiliation":[{"name":"Mozilla, Mountain View, CA, USA"}]},{"given":"Brandon","family":"Sterne","sequence":"additional","affiliation":[{"name":"Mozilla, Mountain View, CA, USA"}]},{"given":"Gervase","family":"Markham","sequence":"additional","affiliation":[{"name":"Mozilla, Enfield, Middlesex, United Kingdom"}]}],"member":"320","published-online":{"date-parts":[[2010,4,26]]},"reference":[{"key":"e_1_3_2_1_1_1","volume-title":"Blog","author":"Burke J.","year":"2006","unstructured":"J. Burke . Jsonrequest, part 2 (cross domain policy for all) . Blog , March 2006 . URL: http:\/\/tagneto.blogspot.com\/2006\/03\/jsonrequest-part-2-cross-domain-policy.html. J. Burke. Jsonrequest, part 2 (cross domain policy for all). Blog, March 2006. URL: http:\/\/tagneto.blogspot.com\/2006\/03\/jsonrequest-part-2-cross-domain-policy.html."},{"key":"e_1_3_2_1_2_1","volume-title":"January","author":"Cook S.","year":"2003","unstructured":"S. Cook . A web developer's guide to cross-site scripting , January 2003 . http:\/\/www.giac.org\/practical\/GSEC\/Steve_Cook_GSEC. S. Cook. A web developer's guide to cross-site scripting, January 2003. http:\/\/www.giac.org\/practical\/GSEC\/Steve_Cook_GSEC."},{"key":"e_1_3_2_1_3_1","volume-title":"May","author":"M. Corporation","year":"2009","unstructured":"M. Corporation . Bug 493857: Implement content security policy. https:\/\/bugzilla.mozilla.org\/show bug.cgi?id=csp , May 2009 . M. Corporation. Bug 493857: Implement content security policy. https:\/\/bugzilla.mozilla.org\/show bug.cgi?id=csp, May 2009."},{"key":"e_1_3_2_1_4_1","volume-title":"May","author":"M. Corporation","year":"2009","unstructured":"M. Corporation . Content security policy formal specification. https:\/\/wiki.mozilla.org\/Security\/CSP\/Spec , May 2009 . M. Corporation. Content security policy formal specification. https:\/\/wiki.mozilla.org\/Security\/CSP\/Spec, May 2009."},{"key":"e_1_3_2_1_5_1","volume-title":"March","author":"Danchev D.","year":"2008","unstructured":"D. Danchev . Mass iframe injectable attacks , March 2008 . http:\/\/ddanchev.blogspot.com\/2008\/03\/massive-iframe-seo-poisoning-attack.html. D. Danchev. Mass iframe injectable attacks, March 2008. http:\/\/ddanchev.blogspot.com\/2008\/03\/massive-iframe-seo-poisoning-attack.html."},{"key":"e_1_3_2_1_6_1","unstructured":"J. Grossman. Whitehat website security statistics report. Whitepaper WhiteHat http:\/\/www.whitehatsec.com\/home\/assets\/WPstats0808.pdf August 2008.  J. Grossman. Whitehat website security statistics report. Whitepaper WhiteHat http:\/\/www.whitehatsec.com\/home\/assets\/WPstats0808.pdf August 2008."},{"key":"e_1_3_2_1_7_1","volume-title":"Proceedings of the 16th Annual Network and Distributed System Security Symposium (NDSS)","author":"Gundy M. V.","year":"2009","unstructured":"M. V. Gundy and H. Chen . Noncespaces: Using randomization to enforce information flow tracking and thwart cross-site scripting attacks . In Proceedings of the 16th Annual Network and Distributed System Security Symposium (NDSS) , San Diego, CA , Feb. 8-11, 2009 . M. V. Gundy and H. Chen. Noncespaces: Using randomization to enforce information flow tracking and thwart cross-site scripting attacks. In Proceedings of the 16th Annual Network and Distributed System Security Symposium (NDSS), San Diego, CA, Feb. 8-11, 2009."},{"key":"e_1_3_2_1_8_1","doi-asserted-by":"publisher","DOI":"10.1145\/1315245.1315298"},{"key":"e_1_3_2_1_9_1","unstructured":"C. Jackson A. Bortz D. Boneh and J. C. Mitchell. Stanford safecache. http:\/\/www.safecache.com.  C. Jackson A. Bortz D. Boneh and J. C. Mitchell. Stanford safecache. http:\/\/www.safecache.com."},{"key":"e_1_3_2_1_10_1","unstructured":"C. Jackson A. Bortz D. Boneh and J. C. Mitchell. Stanford safehistory. http:\/\/www.safehistory.com.  C. Jackson A. Bortz D. Boneh and J. C. Mitchell. Stanford safehistory. http:\/\/www.safehistory.com."},{"key":"e_1_3_2_1_11_1","doi-asserted-by":"publisher","DOI":"10.1145\/1135777.1135884"},{"key":"e_1_3_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.1145\/1135777.1135854"},{"key":"e_1_3_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.1145\/1242572.1242654"},{"key":"e_1_3_2_1_14_1","doi-asserted-by":"publisher","DOI":"10.1109\/SECCOMW.2006.359531"},{"key":"e_1_3_2_1_15_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-03549-4_15"},{"key":"e_1_3_2_1_16_1","first-page":"1","volume-title":"SS'07: Proceedings of 16th USENIX Security Symposium on USENIX Security Symposium","author":"Moshchuk A.","year":"2007","unstructured":"A. Moshchuk , T. Bragin , D. Deville , S. D. Gribble , and H. M. Levy . Spyproxy: execution-based detection of malicious web content . In SS'07: Proceedings of 16th USENIX Security Symposium on USENIX Security Symposium , pages 1 -- 16 , Berkeley, CA, USA , 2007 . USENIX Association. A. Moshchuk, T. Bragin, D. Deville, S. D. Gribble, and H. M. Levy. Spyproxy: execution-based detection of malicious web content. In SS'07: Proceedings of 16th USENIX Security Symposium on USENIX Security Symposium, pages 1--16, Berkeley, CA, USA, 2007. USENIX Association."},{"key":"e_1_3_2_1_17_1","doi-asserted-by":"publisher","DOI":"10.1145\/1455770.1455783"},{"key":"e_1_3_2_1_18_1","first-page":"61","volume-title":"OSDI '06: Proceedings of the 7th symposium on Operating systems design and implementation","author":"Reis C.","year":"2006","unstructured":"C. Reis , J. Dunagan , H. J. Wang , O. Dubrovsky , and S. Esmeir . Browsershield: vulnerability-driven filtering of dynamic html . In OSDI '06: Proceedings of the 7th symposium on Operating systems design and implementation , pages 61 -- 74 , Berkeley, CA, USA , 2006 . USENIX Association. C. Reis, J. Dunagan, H. J. Wang, O. Dubrovsky, and S. Esmeir. Browsershield: vulnerability-driven filtering of dynamic html. In OSDI '06: Proceedings of the 7th symposium on Operating systems design and implementation, pages 61--74, Berkeley, CA, USA, 2006. USENIX Association."},{"key":"e_1_3_2_1_19_1","volume-title":"Sixth Workshop on Hot Topics in Networks (HotNets) 2007","author":"Reis C.","year":"2007","unstructured":"C. Reis , S. D. Gribble , and H. M. Levy . Architectural principles for safe web programs . In Sixth Workshop on Hot Topics in Networks (HotNets) 2007 , Atlanta, Georgia , November 2007 . C. Reis, S. D. Gribble, and H. M. Levy. Architectural principles for safe web programs. In Sixth Workshop on Hot Topics in Networks (HotNets) 2007, Atlanta, Georgia, November 2007."},{"key":"e_1_3_2_1_20_1","unstructured":"J. Ruderman. In Mozilla Documentation August 2001. URL: http:\/\/www.mozilla.org\/projects\/security\/components\/same-origin.html.  J. Ruderman. In Mozilla Documentation August 2001. URL: http:\/\/www.mozilla.org\/projects\/security\/components\/same-origin.html."},{"key":"e_1_3_2_1_21_1","volume-title":"February","author":"C.","year":"2008","unstructured":"W3 C. Access control for cross-site requests. Technical report , February 2008 . http:\/\/www.w3.org\/TR\/access-control\/. W3C. Access control for cross-site requests. Technical report, February 2008. http:\/\/www.w3.org\/TR\/access-control\/."},{"key":"e_1_3_2_1_22_1","doi-asserted-by":"publisher","DOI":"10.1145\/1294261.1294263"}],"event":{"name":"WWW '10: The 19th International World Wide Web Conference","location":"Raleigh North Carolina USA","acronym":"WWW '10"},"container-title":["Proceedings of the 19th international conference on World wide web"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/1772690.1772784","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/1772690.1772784","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T11:39:34Z","timestamp":1750246774000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/1772690.1772784"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2010,4,26]]},"references-count":22,"alternative-id":["10.1145\/1772690.1772784","10.1145\/1772690"],"URL":"https:\/\/doi.org\/10.1145\/1772690.1772784","relation":{},"subject":[],"published":{"date-parts":[[2010,4,26]]},"assertion":[{"value":"2010-04-26","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}