{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,6,19]],"date-time":"2025-06-19T04:31:19Z","timestamp":1750307479884,"version":"3.41.0"},"publisher-location":"New York, NY, USA","reference-count":28,"publisher":"ACM","license":[{"start":{"date-parts":[[2010,10,4]],"date-time":"2010-10-04T00:00:00Z","timestamp":1286150400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2010,10,4]]},"DOI":"10.1145\/1866307.1866376","type":"proceedings-article","created":{"date-parts":[[2010,10,5]],"date-time":"2010-10-05T14:38:23Z","timestamp":1286289503000},"page":"619-629","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":17,"title":["Protecting browsers from cross-origin CSS attacks"],"prefix":"10.1145","author":[{"given":"Lin-Shung","family":"Huang","sequence":"first","affiliation":[{"name":"Carnegie Mellon University, Mountain View, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Zack","family":"Weinberg","sequence":"additional","affiliation":[{"name":"Carnegie Mellon University, Mountain View, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Chris","family":"Evans","sequence":"additional","affiliation":[{"name":"Google, Mountain View, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Collin","family":"Jackson","sequence":"additional","affiliation":[{"name":"Carnegie Mellon University, Mountain View, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","published-online":{"date-parts":[[2010,10,4]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"]]Alexa. Top Sites. http:\/\/www.alexa.com\/topsites.  ]]Alexa. Top Sites. http:\/\/www.alexa.com\/topsites."},{"key":"e_1_3_2_1_2_1","volume-title":"HTTP state management mechanism","author":"Barth A.","year":"2010","unstructured":"]] A. Barth . HTTP state management mechanism , 2010 . https:\/\/datatracker.ietf.org\/doc\/draft-ietf-httpstate-cookie\/. ]]A. Barth. HTTP state management mechanism, 2010. https:\/\/datatracker.ietf.org\/doc\/draft-ietf-httpstate-cookie\/."},{"key":"e_1_3_2_1_3_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2009.3"},{"key":"e_1_3_2_1_4_1","doi-asserted-by":"publisher","DOI":"10.1145\/1455770.1455782"},{"key":"e_1_3_2_1_5_1","volume-title":"WorldWideWeb: Proposal for a HyperText Project","author":"Berners-Lee T.","year":"1990","unstructured":"]] T. Berners-Lee . WorldWideWeb: Proposal for a HyperText Project , 1990 . http:\/\/www.w3.org\/Proposal.html. ]]T. Berners-Lee. WorldWideWeb: Proposal for a HyperText Project, 1990. http:\/\/www.w3.org\/Proposal.html."},{"key":"e_1_3_2_1_6_1","doi-asserted-by":"publisher","DOI":"10.1145\/1653662.1653713"},{"key":"e_1_3_2_1_7_1","volume-title":"Web 2.0 Security and Privacy","author":"Close T.","year":"2008","unstructured":"]] T. Close . Web-key: Mashing with permission . In Web 2.0 Security and Privacy , 2008 . ]]T. Close. Web-key: Mashing with permission. In Web 2.0 Security and Privacy, 2008."},{"key":"e_1_3_2_1_8_1","volume-title":"The application\/json media type for JavaScript Object Notation (JSON)","author":"Crockford D.","year":"2006","unstructured":"]] D. Crockford . The application\/json media type for JavaScript Object Notation (JSON) , 2006 . http:\/\/tools.ietf.org\/html\/rfc4627. ]]D. Crockford. The application\/json media type for JavaScript Object Notation (JSON), 2006. http:\/\/tools.ietf.org\/html\/rfc4627."},{"key":"e_1_3_2_1_9_1","unstructured":"]]Fortify. JavaScript Hijacking Vulnerability Detected. http:\/\/www.fortify.com\/advisory.jsp.  ]]Fortify. JavaScript Hijacking Vulnerability Detected. http:\/\/www.fortify.com\/advisory.jsp."},{"key":"e_1_3_2_1_10_1","volume-title":"HTTP authentication","author":"Franks J.","year":"1999","unstructured":"]] J. Franks , P. M. Hallam-Baker , J. L. Hostetler , S. D. Lawrence , and P. J. Leach . HTTP authentication , 1999 . http:\/\/www.ietf.org\/rfc\/rfc2617.txt. ]]J. Franks, P. M. Hallam-Baker, J. L. Hostetler, S. D. Lawrence, and P. J. Leach. HTTP authentication, 1999. http:\/\/www.ietf.org\/rfc\/rfc2617.txt."},{"key":"e_1_3_2_1_11_1","volume-title":"Google Desktop Exposed: Exploiting an Internet Explorer vulnerability to phish user information","author":"Gillon M.","year":"2005","unstructured":"]] M. Gillon . Google Desktop Exposed: Exploiting an Internet Explorer vulnerability to phish user information , 2005 . http:\/\/www.hacker.co.il\/security\/ie\/css_import.html. ]]M. Gillon. Google Desktop Exposed: Exploiting an Internet Explorer vulnerability to phish user information, 2005. http:\/\/www.hacker.co.il\/security\/ie\/css_import.html."},{"key":"e_1_3_2_1_12_1","volume-title":"UTF-7: A Mail-Safe Transformation Format of Unicode","author":"Goldsmith D.","year":"1997","unstructured":"]] D. Goldsmith and M. Davis . UTF-7: A Mail-Safe Transformation Format of Unicode , 1997 . http:\/\/tools.ietf.org\/html\/rfc2152. ]]D. Goldsmith and M. Davis. UTF-7: A Mail-Safe Transformation Format of Unicode, 1997. http:\/\/tools.ietf.org\/html\/rfc2152."},{"volume-title":"GreyMagic Security Advisory GM#004-IE","year":"2002","key":"e_1_3_2_1_13_1","unstructured":"]]GreyMagic Software. GreyMagic Security Advisory GM#004-IE , 2002 . http:\/\/www.greymagic.com\/ security\/advisories\/gm004-ie\/. ]]GreyMagic Software. GreyMagic Security Advisory GM#004-IE, 2002. http:\/\/www.greymagic.com\/ security\/advisories\/gm004-ie\/."},{"key":"e_1_3_2_1_14_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2008.19"},{"key":"e_1_3_2_1_15_1","volume-title":"WebKit, an open source web browser engine","author":"Hyatt D.","year":"2005","unstructured":"]] D. Hyatt , W. Bastian , WebKit, an open source web browser engine , 2005 --2010. http:\/\/webkit.org\/. ]]D. Hyatt, W. Bastian, et al. WebKit, an open source web browser engine, 2005--2010. http:\/\/webkit.org\/."},{"key":"e_1_3_2_1_17_1","doi-asserted-by":"publisher","DOI":"10.1145\/1135777.1135884"},{"key":"e_1_3_2_1_18_1","volume-title":"HTTP state management mechanism","author":"Kristol D. M.","year":"1997","unstructured":"]] D. M. Kristol and L. Montulli . HTTP state management mechanism , 1997 . http:\/\/www.ietf.org\/rfc\/rfc2109.txt. ]]D. M. Kristol and L. Montulli. HTTP state management mechanism, 1997. http:\/\/www.ietf.org\/rfc\/rfc2109.txt."},{"key":"e_1_3_2_1_19_1","unstructured":"]]E. Lawrence. IE8 Security Part V: Comprehensive Protection. http:\/\/blogs.msdn.com\/ie\/archive\/2008\/07\/02\/ie8-security-part-v-comprehensive-protection.aspx.  ]]E. Lawrence. IE8 Security Part V: Comprehensive Protection. http:\/\/blogs.msdn.com\/ie\/archive\/2008\/07\/02\/ie8-security-part-v-comprehensive-protection.aspx."},{"key":"e_1_3_2_1_21_1","doi-asserted-by":"publisher","DOI":"10.1145\/1455770.1455783"},{"volume-title":"CSSXSS attack on mixi post key","year":"2008","key":"e_1_3_2_1_22_1","unstructured":"]]ofk. CSSXSS attack on mixi post key , 2008 . http:\/\/d.hatena.ne.jp\/ofk\/20081111\/1226407593. ]]ofk. CSSXSS attack on mixi post key, 2008. http:\/\/d.hatena.ne.jp\/ofk\/20081111\/1226407593."},{"key":"e_1_3_2_1_23_1","unstructured":"]]J. Ruderman. JavaScript Security: Same Origin. http:\/\/www.mozilla.org\/projects\/security\/components\/same-origin.html.  ]]J. Ruderman. JavaScript Security: Same Origin. http:\/\/www.mozilla.org\/projects\/security\/components\/same-origin.html."},{"key":"e_1_3_2_1_24_1","doi-asserted-by":"publisher","DOI":"10.1145\/1772690.1772784"},{"key":"e_1_3_2_1_25_1","volume-title":"Cross-origin resource sharing (editor","author":"van Kesteren A.","year":"2010","unstructured":"]] A. van Kesteren Cross-origin resource sharing (editor 's draft), 2010 . http:\/\/dev.w3.org\/2006\/waf\/access-control\/. ]]A. van Kesteren et al. Cross-origin resource sharing (editor's draft), 2010. http:\/\/dev.w3.org\/2006\/waf\/access-control\/."},{"key":"e_1_3_2_1_26_1","unstructured":"]]W3C. CSS syntax and basic data types. http:\/\/www.w3.org\/TR\/CSS2\/syndata.html.  ]]W3C. CSS syntax and basic data types. http:\/\/www.w3.org\/TR\/CSS2\/syndata.html."},{"key":"e_1_3_2_1_27_1","unstructured":"]]W3C. Document Object Model CSS. http:\/\/www.w3.org\/TR\/DOM-Level-2-Style\/css.html.  ]]W3C. Document Object Model CSS. http:\/\/www.w3.org\/TR\/DOM-Level-2-Style\/css.html."},{"key":"e_1_3_2_1_28_1","unstructured":"]]W3C. HTML 4.01 Specification. http:\/\/www.w3.org\/TR\/html4\/.  ]]W3C. HTML 4.01 Specification. http:\/\/www.w3.org\/TR\/html4\/."},{"key":"e_1_3_2_1_29_1","doi-asserted-by":"publisher","DOI":"10.5555\/1855768.1855794"},{"key":"e_1_3_2_1_30_1","unstructured":"]]E. Z. Yang. HTML Purifier 2006--2010. http:\/\/htmlpurifier.org.  ]]E. Z. Yang. HTML Purifier 2006--2010. http:\/\/htmlpurifier.org."}],"event":{"name":"CCS '10: 17th ACM Conference on Computer and Communications Security 2010","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"],"location":"Chicago Illinois USA","acronym":"CCS '10"},"container-title":["Proceedings of the 17th ACM conference on Computer and communications security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/1866307.1866376","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/1866307.1866376","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T12:08:59Z","timestamp":1750248539000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/1866307.1866376"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2010,10,4]]},"references-count":28,"alternative-id":["10.1145\/1866307.1866376","10.1145\/1866307"],"URL":"https:\/\/doi.org\/10.1145\/1866307.1866376","relation":{},"subject":[],"published":{"date-parts":[[2010,10,4]]},"assertion":[{"value":"2010-10-04","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}