{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,10,16]],"date-time":"2025-10-16T03:49:48Z","timestamp":1760586588113,"version":"3.41.0"},"publisher-location":"New York, NY, USA","reference-count":43,"publisher":"ACM","license":[{"start":{"date-parts":[[2011,10,17]],"date-time":"2011-10-17T00:00:00Z","timestamp":1318809600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2011,10,17]]},"DOI":"10.1145\/2046707.2046735","type":"proceedings-article","created":{"date-parts":[[2011,10,18]],"date-time":"2011-10-18T13:02:00Z","timestamp":1318942920000},"page":"239-250","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":10,"title":["Crouching tiger - hidden payload"],"prefix":"10.1145","author":[{"given":"Mario","family":"Heiderich","sequence":"first","affiliation":[{"name":"Chair for Network and Data Security, Horst G\u00f6rtz Institute for IT Security, Ruhr-University Bochum, Bochum, Germany"}]},{"given":"Tilman","family":"Frosch","sequence":"additional","affiliation":[{"name":"Chair for Network and Data Security, Horst G\u00f6rtz Institute for IT Security, Ruhr-University Bochum, Bochum, Germany"}]},{"given":"Meiko","family":"Jensen","sequence":"additional","affiliation":[{"name":"Chair for Network and Data Security, Horst G\u00f6rtz Institute for IT Security, Ruhr-University Bochum, Bochum, Germany"}]},{"given":"Thorsten","family":"Holz","sequence":"additional","affiliation":[{"name":"Chair for System Security, Horst G\u00f6rtz Institute for IT Security, Ruhr-University Bochum, Bochum, Germany"}]}],"member":"320","published-online":{"date-parts":[[2011,10,17]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"National vulnerability database (NVD) (CVE-2007--1765). http:\/\/web.nvd.nist.gov\/view\/vuln\/detail?vulnId=CVE-2007--1765 Mar. 2007.  National vulnerability database (NVD) (CVE-2007--1765). http:\/\/web.nvd.nist.gov\/view\/vuln\/detail?vulnId=CVE-2007--1765 Mar. 2007."},{"key":"e_1_3_2_1_2_1","unstructured":"National vulnerability database (NVD) (CVE-2008--3702). http:\/\/web.nvd.nist.gov\/view\/vuln\/detail?vulnId=CVE-2008--3702 Aug. 2008.  National vulnerability database (NVD) (CVE-2008--3702). http:\/\/web.nvd.nist.gov\/view\/vuln\/detail?vulnId=CVE-2008--3702 Aug. 2008."},{"volume-title":"Fonts - SVG 1.1","year":"2010","key":"e_1_3_2_1_3_1"},{"key":"e_1_3_2_1_4_1","unstructured":"National vulnerability database (NVD) (CVE-2010--3113). http:\/\/web.nvd.nist.gov\/view\/vuln\/detail?vulnId=cve-2010--3113 Aug. 2010.  National vulnerability database (NVD) (CVE-2010--3113). http:\/\/web.nvd.nist.gov\/view\/vuln\/detail?vulnId=cve-2010--3113 Aug. 2010."},{"volume-title":"Scalable vector graphics (SVG) 1.1","year":"2010","key":"e_1_3_2_1_5_1"},{"key":"e_1_3_2_1_6_1","unstructured":"Svgpurifier: inaccurately converted images. http:\/\/svgpurifier.nds.rub.de\/ May 2011.  Svgpurifier: inaccurately converted images. http:\/\/svgpurifier.nds.rub.de\/ May 2011."},{"key":"e_1_3_2_1_7_1","unstructured":"Adobe Systems Inc. Illustrator 10 XML Extensions Guide Sept. 2001.  Adobe Systems Inc. Illustrator 10 XML Extensions Guide Sept. 2001."},{"key":"e_1_3_2_1_8_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2007.24"},{"key":"e_1_3_2_1_9_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2009.3"},{"key":"e_1_3_2_1_10_1","unstructured":"A. Barth C. Jackson C. Reis and Google Chrome Team. The Security Architecture of the Chromium Browser 2008. http:\/\/seclab.stanford.edu\/websec\/chromium\/.  A. Barth C. Jackson C. Reis and Google Chrome Team. The Security Architecture of the Chromium Browser 2008. http:\/\/seclab.stanford.edu\/websec\/chromium\/."},{"key":"e_1_3_2_1_11_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-70542-0_2"},{"key":"e_1_3_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.1145\/1653662.1653713"},{"volume-title":"USENIX Workshop on Large-Scale Exploits and Emergent Threats (LEET)","year":"2010","author":"Checkoway S.","key":"e_1_3_2_1_13_1"},{"key":"e_1_3_2_1_14_1","unstructured":"J. Clark. XSL transformations (XSLT). http:\/\/www.w3.org\/TR\/xslt Nov. 1999.  J. Clark. XSL transformations (XSLT). http:\/\/www.w3.org\/TR\/xslt Nov. 1999."},{"key":"e_1_3_2_1_15_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2006.4"},{"key":"e_1_3_2_1_16_1","unstructured":"A. Dabirsiaghi. The OWASP AntiSamy project. http:\/\/code.google.com\/p\/owaspantisamy\/ Apr. 2011.  A. Dabirsiaghi. The OWASP AntiSamy project. http:\/\/code.google.com\/p\/owaspantisamy\/ Apr. 2011."},{"key":"e_1_3_2_1_17_1","unstructured":"E. Dahlstr\u00f6m. SVG and HTML. http:\/\/dev.w3.org\/SVG\/proposals\/svg-html\/svg-html-proposal.html July 2008.  E. Dahlstr\u00f6m. SVG and HTML. http:\/\/dev.w3.org\/SVG\/proposals\/svg-html\/svg-html-proposal.html July 2008."},{"key":"e_1_3_2_1_18_1","first-page":"29","volume-title":"UK","author":"Damiani E.","year":"2002"},{"key":"e_1_3_2_1_19_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2008.19"},{"volume-title":"Symposium on Network and Distributed System Security (NDSS)","year":"2009","author":"Gundy M. V.","key":"e_1_3_2_1_20_1"},{"key":"e_1_3_2_1_21_1","unstructured":"U. Harnhammar. kses - PHP HTML\/XHTML filter. http:\/\/sourceforge.net\/projects\/kses\/ Mar. 2010.  U. Harnhammar. kses - PHP HTML\/XHTML filter. http:\/\/sourceforge.net\/projects\/kses\/ Mar. 2010."},{"key":"e_1_3_2_1_22_1","unstructured":"M. Heiderich. Opera SVG AII testcase. http:\/\/heideri.ch\/opera\/ 2011.  M. Heiderich. Opera SVG AII testcase. http:\/\/heideri.ch\/opera\/ 2011."},{"key":"e_1_3_2_1_23_1","unstructured":"M. Heiderich. SVG chameleon via XSLT - HTML5 Security Cheatsheet. http:\/\/html5sec.org\/#125 Mar. 2011.  M. Heiderich. SVG chameleon via XSLT - HTML5 Security Cheatsheet. http:\/\/html5sec.org\/#125 Mar. 2011."},{"key":"e_1_3_2_1_24_1","unstructured":"M. Heiderich and T. Frosch. SVGpurifier smoketest. http:\/\/heideri.ch\/svgpurifier\/SVGPurifier\/ Apr. 2011.  M. Heiderich and T. Frosch. SVGpurifier smoketest. http:\/\/heideri.ch\/svgpurifier\/SVGPurifier\/ Apr. 2011."},{"key":"e_1_3_2_1_25_1","unstructured":"I. Hickson. HTML standard - the map element. http:\/\/whatwg.org\/specs\/web-apps\/current-work\/multipage\/the-map-element%.html#svg-0 Apr. 2011.  I. Hickson. HTML standard - the map element. http:\/\/whatwg.org\/specs\/web-apps\/current-work\/multipage\/the-map-element%.html#svg-0 Apr. 2011."},{"key":"e_1_3_2_1_26_1","doi-asserted-by":"publisher","DOI":"10.1145\/1866307.1866376"},{"volume-title":"University of Passau","year":"2009","author":"Johns M.","key":"e_1_3_2_1_27_1"},{"key":"e_1_3_2_1_28_1","doi-asserted-by":"publisher","DOI":"10.1145\/1315245.1315254"},{"key":"e_1_3_2_1_29_1","doi-asserted-by":"publisher","DOI":"10.1145\/1141277.1141357"},{"key":"e_1_3_2_1_30_1","unstructured":"E. Lawrence. Same origin policy part 1: No peeking. http:\/\/blogs.msdn.com\/b\/ieinternals\/archive\/2009\/08\/28\/explaining-same-%origin-policy-part-1-deny-read.aspx Aug. 2009.  E. Lawrence. Same origin policy part 1: No peeking. http:\/\/blogs.msdn.com\/b\/ieinternals\/archive\/2009\/08\/28\/explaining-same-%origin-policy-part-1-deny-read.aspx Aug. 2009."},{"volume-title":"Automatic Generation of XSS and SQL Injection Attacks with Goal-directed Model Checking. In USENIX Security Symposium","year":"2008","author":"Martin M.","key":"e_1_3_2_1_31_1"},{"key":"e_1_3_2_1_32_1","doi-asserted-by":"publisher","DOI":"10.1145\/1653662.1653725"},{"key":"e_1_3_2_1_33_1","doi-asserted-by":"publisher","DOI":"10.1109\/CSE.2009.41"},{"key":"e_1_3_2_1_34_1","doi-asserted-by":"publisher","DOI":"10.3844\/jcssp.2006.171.179"},{"key":"e_1_3_2_1_35_1","doi-asserted-by":"publisher","DOI":"10.1109\/CNSR.2005.31"},{"volume-title":"Document Structure Integrity: A Robust Basis for Cross-site Scripting Defense. In Symposium on Network and Distributed System Security (NDSS)","year":"2009","author":"Nadji Y.","key":"e_1_3_2_1_36_1"},{"key":"e_1_3_2_1_37_1","unstructured":"S. Patnaik. htmLawed. http:\/\/www.bioinformatics.org\/phplabware\/internal_utilities\/htmLawed\/.  S. Patnaik. htmLawed. http:\/\/www.bioinformatics.org\/phplabware\/internal_utilities\/htmLawed\/."},{"key":"e_1_3_2_1_38_1","doi-asserted-by":"publisher","DOI":"10.1145\/1533057.1533067"},{"key":"e_1_3_2_1_39_1","doi-asserted-by":"publisher","DOI":"10.1007\/11663812_7"},{"volume-title":"Cross-Site Scripting Prevention with Dynamic Data Tainting and Static Analysis. In Symposium on Network and Distributed System Security (NDSS)","year":"2007","author":"Vogt P.","key":"e_1_3_2_1_40_1"},{"volume-title":"The Multi-Principal OS Construction of the Gazelle Web Browser. In USENIX Security Symposium","year":"2009","author":"Wang H. J.","key":"e_1_3_2_1_41_1"},{"key":"e_1_3_2_1_42_1","doi-asserted-by":"publisher","DOI":"10.1145\/1368088.1368112"},{"key":"e_1_3_2_1_43_1","unstructured":"E. Z. Yang. HTML Purifier. http:\/\/htmlpurifier.org\/ Mar. 2011.  E. Z. Yang. HTML Purifier. http:\/\/htmlpurifier.org\/ Mar. 2011."}],"event":{"name":"CCS'11: the ACM Conference on Computer and Communications Security","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"],"location":"Chicago Illinois USA","acronym":"CCS'11"},"container-title":["Proceedings of the 18th ACM conference on Computer and communications security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/2046707.2046735","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/2046707.2046735","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T09:48:42Z","timestamp":1750240122000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/2046707.2046735"}},"subtitle":["security risks of scalable vectors graphics"],"short-title":[],"issued":{"date-parts":[[2011,10,17]]},"references-count":43,"alternative-id":["10.1145\/2046707.2046735","10.1145\/2046707"],"URL":"https:\/\/doi.org\/10.1145\/2046707.2046735","relation":{},"subject":[],"published":{"date-parts":[[2011,10,17]]},"assertion":[{"value":"2011-10-17","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}