{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,26]],"date-time":"2026-02-26T15:33:44Z","timestamp":1772120024529,"version":"3.50.1"},"publisher-location":"New York, NY, USA","reference-count":51,"publisher":"ACM","license":[{"start":{"date-parts":[[2012,10,16]],"date-time":"2012-10-16T00:00:00Z","timestamp":1350345600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2012,10,16]]},"DOI":"10.1145\/2382196.2382276","type":"proceedings-article","created":{"date-parts":[[2012,10,15]],"date-time":"2012-10-15T17:13:12Z","timestamp":1350321192000},"page":"760-771","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":55,"title":["Scriptless attacks"],"prefix":"10.1145","author":[{"given":"Mario","family":"Heiderich","sequence":"first","affiliation":[{"name":"Ruhr-University Bochum, Bochum, Germany"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Marcus","family":"Niemietz","sequence":"additional","affiliation":[{"name":"Ruhr-University Bochum, Bochum, Germany"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Felix","family":"Schuster","sequence":"additional","affiliation":[{"name":"Ruhr-University Bochum, Bochum, Germany"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Thorsten","family":"Holz","sequence":"additional","affiliation":[{"name":"Ruhr-University Bochum, Bochum, Germany"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"J\u00f6rg","family":"Schwenk","sequence":"additional","affiliation":[{"name":"Ruhr-University Bochum, Bochum, Germany"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","published-online":{"date-parts":[[2012,10,16]]},"reference":[{"key":"e_1_3_2_1_1_1","volume-title":"Automated Discovery of Parameter Pollution Vulnerabilities in Web Applications. In Network and Distributed System Security Symposium (NDSS)","author":"Balduzzi M.","year":"2011"},{"key":"e_1_3_2_1_2_1","unstructured":"D. Baron. :visited support allows queries into global history. https:\/\/bugzilla.mozilla.org\/147777 2002.  D. Baron. :visited support allows queries into global history. https:\/\/bugzilla.mozilla.org\/147777 2002."},{"key":"e_1_3_2_1_3_1","doi-asserted-by":"publisher","DOI":"10.1145\/1455770.1455782"},{"key":"e_1_3_2_1_4_1","doi-asserted-by":"publisher","DOI":"10.1145\/1772690.1772701"},{"key":"e_1_3_2_1_5_1","doi-asserted-by":"publisher","DOI":"10.1145\/1866307.1866375"},{"key":"e_1_3_2_1_6_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-70542-0_2"},{"key":"e_1_3_2_1_7_1","doi-asserted-by":"publisher","DOI":"10.1145\/1242572.1242656"},{"key":"e_1_3_2_1_8_1","unstructured":"B. Bos T.c Celik I. Hickson and H. Wium Lie. Generated content automatic numbering and lists. http:\/\/www.w3.org\/TR\/CSS21\/generate.html June 2011.  B. Bos T.c Celik I. Hickson and H. Wium Lie. Generated content automatic numbering and lists. http:\/\/www.w3.org\/TR\/CSS21\/generate.html June 2011."},{"key":"e_1_3_2_1_9_1","unstructured":"Z. Braniecki. CSS allows to check history via :visited. https:\/\/bugzilla.mozilla.org\/224954 2003.  Z. Braniecki. CSS allows to check history via :visited. https:\/\/bugzilla.mozilla.org\/224954 2003."},{"key":"e_1_3_2_1_10_1","volume-title":"USENIX Security Symposium","author":"Brumley D.","year":"2003"},{"key":"e_1_3_2_1_11_1","unstructured":"CERT Coordination Center. Advisory CA-2000-02 Malicious HTML Tags Embedded in Client Web Requests. http:\/\/www.cert.org\/advisories\/CA-2000-02.html 2000.  CERT Coordination Center. Advisory CA-2000-02 Malicious HTML Tags Embedded in Client Web Requests. http:\/\/www.cert.org\/advisories\/CA-2000-02.html 2000."},{"key":"e_1_3_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2010.20"},{"key":"e_1_3_2_1_13_1","volume-title":"USENIX Security Symposium","author":"Curtsinger C.","year":"2011"},{"key":"e_1_3_2_1_14_1","unstructured":"J. Daggett. CSS fonts module level 3. http:\/\/www.w3.org\/TR\/css3-fonts\/ Oct. 2011.  J. Daggett. CSS fonts module level 3. http:\/\/www.w3.org\/TR\/css3-fonts\/ Oct. 2011."},{"key":"e_1_3_2_1_15_1","doi-asserted-by":"publisher","DOI":"10.1145\/352600.352606"},{"key":"e_1_3_2_1_16_1","unstructured":"M. Heiderich. Content exfiltration using scrollbar detection and media queries. http:\/\/html5sec.org\/scrollbar\/test June 2012.  M. Heiderich. Content exfiltration using scrollbar detection and media queries. http:\/\/html5sec.org\/scrollbar\/test June 2012."},{"key":"e_1_3_2_1_17_1","unstructured":"M. Heiderich. Measurement-based content exfiltration using smart scrollbars. http:\/\/html5sec.org\/webkit\/test June 2012.  M. Heiderich. Measurement-based content exfiltration using smart scrollbars. http:\/\/html5sec.org\/webkit\/test June 2012."},{"key":"e_1_3_2_1_18_1","unstructured":"M. Heiderich. Scriptless SVG Keylogger. http:\/\/html5sec.org\/keylogger June 2012.  M. Heiderich. Scriptless SVG Keylogger. http:\/\/html5sec.org\/keylogger June 2012."},{"key":"e_1_3_2_1_19_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-23644-0_15"},{"key":"e_1_3_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.1145\/2046707.2046735"},{"key":"e_1_3_2_1_21_1","unstructured":"D. Huang and C. Jackson. Clickjacking Attacks Unresolved. https:\/\/docs.google.com\/document\/pub?id=1hVcxPeCidZrM5acFH9ZoTYzg1D0VjkG3BDW_oUdn5qc June 2011.  D. Huang and C. Jackson. Clickjacking Attacks Unresolved. https:\/\/docs.google.com\/document\/pub?id=1hVcxPeCidZrM5acFH9ZoTYzg1D0VjkG3BDW_oUdn5qc June 2011."},{"key":"e_1_3_2_1_22_1","doi-asserted-by":"publisher","DOI":"10.1145\/1135777.1135884"},{"key":"e_1_3_2_1_23_1","unstructured":"D. Jackson D. Hyatt C. Marrin S. Galineau and L. D. Baron. CSS animations. http:\/\/dev.w3.org\/csswg\/css3-animations\/ Mar. 2012.  D. Jackson D. Hyatt C. Marrin S. Galineau and L. D. Baron. CSS animations. http:\/\/dev.w3.org\/csswg\/css3-animations\/ Mar. 2012."},{"key":"e_1_3_2_1_24_1","doi-asserted-by":"publisher","DOI":"10.5555\/1888881.1888899"},{"key":"e_1_3_2_1_25_1","doi-asserted-by":"publisher","DOI":"10.1145\/1866307.1866339"},{"key":"e_1_3_2_1_26_1","doi-asserted-by":"publisher","DOI":"10.1145\/1242572.1242654"},{"key":"e_1_3_2_1_27_1","volume-title":"University of Passau","author":"Johns M.","year":"2009"},{"key":"e_1_3_2_1_28_1","doi-asserted-by":"publisher","DOI":"10.1109\/ACSAC.2008.36"},{"key":"e_1_3_2_1_29_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICSE.2009.5070521"},{"key":"e_1_3_2_1_30_1","doi-asserted-by":"publisher","DOI":"10.1145\/1141277.1141357"},{"key":"e_1_3_2_1_31_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2009.33"},{"key":"e_1_3_2_1_32_1","doi-asserted-by":"publisher","DOI":"10.1145\/1135777.1135854"},{"key":"e_1_3_2_1_33_1","unstructured":"G. Maone. NoScript :: Firefox add-ons. https:\/\/addons.mozilla.org\/de\/firefox\/addon\/722\/ July 2010.  G. Maone. NoScript :: Firefox add-ons. https:\/\/addons.mozilla.org\/de\/firefox\/addon\/722\/ July 2010."},{"key":"e_1_3_2_1_34_1","volume-title":"Automatic Generation of XSS and SQL Injection Attacks With Goal-directed Model Checking. In USENIX Security Symposium","author":"Martin M.","year":"2008"},{"key":"e_1_3_2_1_35_1","volume-title":"Document Structure Integrity: A Robust Basis for Cross-site Scripting Defense. In Network and Distributed System Security Symposium (NDSS)","author":"Nadji Y.","year":"2009"},{"key":"e_1_3_2_1_36_1","unstructured":"OWASP. Top Ten Project. https:\/\/www.owasp.org\/index.php\/Category:OWASP\\_Top\\_Ten\\_Project Jan. 2012.  OWASP. Top Ten Project. https:\/\/www.owasp.org\/index.php\/Category:OWASP\\_Top\\_Ten\\_Project Jan. 2012."},{"key":"e_1_3_2_1_37_1","doi-asserted-by":"publisher","DOI":"10.1007\/11663812_7"},{"key":"e_1_3_2_1_38_1","doi-asserted-by":"publisher","DOI":"10.1145\/1653662.1653687"},{"key":"e_1_3_2_1_39_1","unstructured":"J. Ruderman. CSS on a:visited can load an image and\/or reveal if visitor been to a site. https:\/\/bugzilla.mozilla.org\/57351 2000.  J. Ruderman. CSS on a:visited can load an image and\/or reveal if visitor been to a site. https:\/\/bugzilla.mozilla.org\/57351 2000."},{"key":"e_1_3_2_1_40_1","volume-title":"Web 2.0 Security and Privacy (W2SP) Workshop","author":"Rydstedt G.","year":"2010"},{"key":"e_1_3_2_1_42_1","volume-title":"Timing Analysis of Keystrokes and Timing Attacks on SSH. In USENIX Security Symposium","author":"Song D. X.","year":"2001"},{"key":"e_1_3_2_1_43_1","doi-asserted-by":"publisher","DOI":"10.1145\/1772690.1772784"},{"key":"e_1_3_2_1_44_1","volume-title":"Network and Distributed System Security Symposium (NDSS)","author":"Van Gundy M.","year":"2009"},{"key":"e_1_3_2_1_45_1","unstructured":"E. Vela. CSS Attribute Reader Proof Of Concept. http:\/\/eaea.sirdarckcat.net\/cssar\/v2\/ Nov. 2009.  E. Vela. CSS Attribute Reader Proof Of Concept. http:\/\/eaea.sirdarckcat.net\/cssar\/v2\/ Nov. 2009."},{"key":"e_1_3_2_1_46_1","volume-title":"Network and Distributed System Security Symposium (NDSS)","author":"Vogt P.","year":"2007"},{"key":"e_1_3_2_1_47_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2011.23"},{"key":"e_1_3_2_1_48_1","doi-asserted-by":"publisher","DOI":"10.5555\/2041225.2041237"},{"key":"e_1_3_2_1_49_1","unstructured":"H. Wium Lie T.c Celik D. Glazman and A. van Kesteren. Media queries. http:\/\/www.w3.org\/TR\/css3-mediaqueries\/ July 2010.  H. Wium Lie T.c Celik D. Glazman and A. van Kesteren. Media queries. http:\/\/www.w3.org\/TR\/css3-mediaqueries\/ July 2010."},{"key":"e_1_3_2_1_50_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2010.21"},{"key":"e_1_3_2_1_51_1","doi-asserted-by":"publisher","DOI":"10.1109\/IWSESS.2009.5068456"},{"key":"e_1_3_2_1_52_1","unstructured":"M. Zalewski. Postcards from the post-XSS world. http:\/\/lcamtuf.coredump.cx\/postxss\/ 2011.  M. Zalewski. Postcards from the post-XSS world. http:\/\/lcamtuf.coredump.cx\/postxss\/ 2011."}],"event":{"name":"CCS'12: the ACM Conference on Computer and Communications Security","location":"Raleigh North Carolina USA","acronym":"CCS'12","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"]},"container-title":["Proceedings of the 2012 ACM conference on Computer and communications security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/2382196.2382276","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/2382196.2382276","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T09:34:48Z","timestamp":1750239288000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/2382196.2382276"}},"subtitle":["stealing the pie without touching the sill"],"short-title":[],"issued":{"date-parts":[[2012,10,16]]},"references-count":51,"alternative-id":["10.1145\/2382196.2382276","10.1145\/2382196"],"URL":"https:\/\/doi.org\/10.1145\/2382196.2382276","relation":{},"subject":[],"published":{"date-parts":[[2012,10,16]]},"assertion":[{"value":"2012-10-16","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}