{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,28]],"date-time":"2026-04-28T10:15:27Z","timestamp":1777371327631,"version":"3.51.4"},"publisher-location":"New York, NY, USA","reference-count":59,"publisher":"ACM","license":[{"start":{"date-parts":[[2015,10,12]],"date-time":"2015-10-12T00:00:00Z","timestamp":1444608000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"name":"National Research Foundation-Prime Minister's office, Republic of Singapore","award":["NRF2014NCR-NCR001-21"],"award-info":[{"award-number":["NRF2014NCR-NCR001-21"]}]},{"DOI":"10.13039\/100002418","name":"Intel Corporation","doi-asserted-by":"publisher","id":[{"id":"10.13039\/100002418","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2015,10,12]]},"DOI":"10.1145\/2810103.2813710","type":"proceedings-article","created":{"date-parts":[[2015,10,6]],"date-time":"2015-10-06T15:22:12Z","timestamp":1444144932000},"page":"1542-1557","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":13,"title":["The SICILIAN Defense"],"prefix":"10.1145","author":[{"given":"Pratik","family":"Soni","sequence":"first","affiliation":[{"name":"National University of Singapore, Singapore, Singapore"}]},{"given":"Enrico","family":"Budianto","sequence":"additional","affiliation":[{"name":"National University of Singapore, Singapore, Singapore"}]},{"given":"Prateek","family":"Saxena","sequence":"additional","affiliation":[{"name":"National University of Singapore, Singapore, Singapore"}]}],"member":"320","published-online":{"date-parts":[[2015,10,12]]},"reference":[{"key":"e_1_3_2_1_1_1","volume-title":"Xss-fp: Browser fingerprinting using html parser quirks. arXiv preprint arXiv:1211.4812","author":"Abgrall E.","year":"2012","unstructured":"E. Abgrall , Y. L. Traon , M. Monperrus , S. Gombault , M. Heiderich , and A. Ribault . Xss-fp: Browser fingerprinting using html parser quirks. arXiv preprint arXiv:1211.4812 , 2012 . E. Abgrall, Y. L. Traon, M. Monperrus, S. Gombault, M. Heiderich, and A. Ribault. Xss-fp: Browser fingerprinting using html parser quirks. arXiv preprint arXiv:1211.4812, 2012."},{"key":"e_1_3_2_1_2_1","doi-asserted-by":"publisher","DOI":"10.1109\/CSF.2010.27"},{"key":"e_1_3_2_1_3_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-40203-6_41"},{"key":"e_1_3_2_1_4_1","doi-asserted-by":"publisher","DOI":"10.5555\/2362793.2362816"},{"key":"e_1_3_2_1_5_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2008.22"},{"key":"e_1_3_2_1_6_1","doi-asserted-by":"publisher","DOI":"10.1145\/1772690.1772701"},{"key":"e_1_3_2_1_7_1","unstructured":"F. Braun D. Akhawe J. Weinberger and M. West. Subresource integrity. https:\/\/rawgithub.com\/w3c\/webappsec\/master\/specs\/subresourceintegrity\/index.html.  F. Braun D. Akhawe J. Weinberger and M. West. Subresource integrity. https:\/\/rawgithub.com\/w3c\/webappsec\/master\/specs\/subresourceintegrity\/index.html."},{"key":"e_1_3_2_1_8_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-11379-1_8"},{"key":"e_1_3_2_1_9_1","doi-asserted-by":"publisher","DOI":"10.1145\/2414456.2414460"},{"key":"e_1_3_2_1_10_1","volume-title":"Proceedings of the 19th NDSS Symposium","author":"Cao Y.","year":"2012","unstructured":"Y. Cao , V. Yegneswaran , P. Porras , and Y. Chen . Pathcutter: Severing the self-propagation path of xss javascript worms in social web networks . In Proceedings of the 19th NDSS Symposium , 2012 . Y. Cao, V. Yegneswaran, P. Porras, and Y. Chen. Pathcutter: Severing the self-propagation path of xss javascript worms in social web networks. In Proceedings of the 19th NDSS Symposium, 2012."},{"key":"e_1_3_2_1_11_1","volume-title":"USENIX Security Symposium","author":"Dahse J.","year":"2014","unstructured":"J. Dahse and T. Holz . Static detection of second-order vulnerabilities in web applications . In USENIX Security Symposium , 2014 . J. Dahse and T. Holz. Static detection of second-order vulnerabilities in web applications. In USENIX Security Symposium, 2014."},{"key":"e_1_3_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.1145\/953049.800955"},{"key":"e_1_3_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.1145\/2508859.2516743"},{"key":"e_1_3_2_1_14_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICECCS.2013.35"},{"key":"e_1_3_2_1_15_1","doi-asserted-by":"publisher","DOI":"10.1145\/2508859.2516708"},{"key":"e_1_3_2_1_16_1","doi-asserted-by":"publisher","DOI":"10.5555\/2818754.2818797"},{"key":"e_1_3_2_1_17_1","doi-asserted-by":"publisher","DOI":"10.1145\/565816.503301"},{"key":"e_1_3_2_1_18_1","unstructured":"Google. Content security policy (csp). https:\/\/goo.gl\/Y7u2ee.  Google. Content security policy (csp). https:\/\/goo.gl\/Y7u2ee."},{"key":"e_1_3_2_1_19_1","doi-asserted-by":"publisher","DOI":"10.1145\/1526709.1526785"},{"key":"e_1_3_2_1_20_1","volume-title":"Proceedings of the 16th Network and Distributed System Security Symposium Symposium","author":"Gundy M. V.","year":"2009","unstructured":"M. V. Gundy and H. Chen . Noncespaces: Using randomization to enforce information flow tracking and thwart cross-site scripting attacks . In Proceedings of the 16th Network and Distributed System Security Symposium Symposium , 2009 . M. V. Gundy and H. Chen. Noncespaces: Using randomization to enforce information flow tracking and thwart cross-site scripting attacks. In Proceedings of the 16th Network and Distributed System Security Symposium Symposium, 2009."},{"key":"e_1_3_2_1_21_1","doi-asserted-by":"publisher","DOI":"10.1145\/2660267.2660326"},{"key":"e_1_3_2_1_22_1","doi-asserted-by":"publisher","DOI":"10.1145\/2554850.2554909"},{"key":"e_1_3_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.1145\/2508859.2516723"},{"key":"e_1_3_2_1_24_1","unstructured":"A. Hidayat. http:\/\/esprima.org.  A. Hidayat. http:\/\/esprima.org."},{"key":"e_1_3_2_1_25_1","volume-title":"Proceedings of the 20th USENIX conference on Security. USENIX Association","author":"Hooimeijer P.","year":"2011","unstructured":"P. Hooimeijer , B. Livshits , D. Molnar , P. Saxena , and M. Veanes . Fast and precise sanitizer analysis with bek . In Proceedings of the 20th USENIX conference on Security. USENIX Association , 2011 . P. Hooimeijer, B. Livshits, D. Molnar, P. Saxena, and M. Veanes. Fast and precise sanitizer analysis with bek. In Proceedings of the 20th USENIX conference on Security. USENIX Association, 2011."},{"key":"e_1_3_2_1_26_1","unstructured":"Internet Archive. https:\/\/archive.org\/index.php.  Internet Archive. https:\/\/archive.org\/index.php."},{"key":"e_1_3_2_1_27_1","doi-asserted-by":"publisher","DOI":"10.1145\/1367497.1367569"},{"key":"e_1_3_2_1_28_1","unstructured":"Jeremiah Grossman and Matt Johansen. https:\/\/goo.gl\/kwgWPm.  Jeremiah Grossman and Matt Johansen. https:\/\/goo.gl\/kwgWPm."},{"key":"e_1_3_2_1_29_1","doi-asserted-by":"publisher","DOI":"10.1145\/1242572.1242654"},{"key":"e_1_3_2_1_30_1","unstructured":"jQuery. Update on jquery.com compromises. http:\/\/goo.gl\/uFcPKM\/.  jQuery. Update on jquery.com compromises. http:\/\/goo.gl\/uFcPKM\/."},{"key":"e_1_3_2_1_31_1","doi-asserted-by":"publisher","DOI":"10.1145\/2508859.2516703"},{"key":"e_1_3_2_1_32_1","volume-title":"Stickler: Defending against malicious cdns in an unmodified browser","author":"Levy A.","year":"2015","unstructured":"A. Levy , H. Corrigan-Gibbs , and D. Boneh . Stickler: Defending against malicious cdns in an unmodified browser . 2015 . A. Levy, H. Corrigan-Gibbs, and D. Boneh. Stickler: Defending against malicious cdns in an unmodified browser. 2015."},{"key":"e_1_3_2_1_33_1","unstructured":"R. Lipton. Fingerprinting sets. http:\/\/goo.gl\/tx7pWq.  R. Lipton. Fingerprinting sets. http:\/\/goo.gl\/tx7pWq."},{"key":"e_1_3_2_1_34_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2009.33"},{"key":"e_1_3_2_1_35_1","volume-title":"CRYPTO","author":"Merkle R. C.","year":"1989","unstructured":"R. C. Merkle . A certified digital signature . In CRYPTO , 1989 . R. C. Merkle. A certified digital signature. In CRYPTO, 1989."},{"key":"e_1_3_2_1_36_1","unstructured":"Mozilla. https:\/\/developer.mozilla.org\/en-US\/docs\/Web\/XPath.  Mozilla. https:\/\/developer.mozilla.org\/en-US\/docs\/Web\/XPath."},{"key":"e_1_3_2_1_37_1","unstructured":"Mozilla. Http strict transport security. https:\/\/developer.mozilla.org\/en-US\/docs\/Web\/Security\/HTTP_strict_transport_security\/.  Mozilla. Http strict transport security. https:\/\/developer.mozilla.org\/en-US\/docs\/Web\/Security\/HTTP_strict_transport_security\/."},{"key":"e_1_3_2_1_38_1","unstructured":"Mozilla. Signing a xpi. https:\/\/goo.gl\/Ffls5r.  Mozilla. Signing a xpi. https:\/\/goo.gl\/Ffls5r."},{"key":"e_1_3_2_1_39_1","volume-title":"Proceedings of the 16th Network and Distributed System Security Symposium","author":"Nadji Y.","year":"2009","unstructured":"Y. Nadji , P. Saxena , and D. Song . Document structure integrity: A robust basis for cross-site scripting defense . In Proceedings of the 16th Network and Distributed System Security Symposium , 2009 . Y. Nadji, P. Saxena, and D. Song. Document structure integrity: A robust basis for cross-site scripting defense. In Proceedings of the 16th Network and Distributed System Security Symposium, 2009."},{"key":"e_1_3_2_1_40_1","doi-asserted-by":"publisher","DOI":"10.1145\/2382196.2382274"},{"key":"e_1_3_2_1_41_1","unstructured":"OWASP. Xss filter evasion cheat sheet. https:\/\/goo.gl\/Iq60U0.  OWASP. Xss filter evasion cheat sheet. https:\/\/goo.gl\/Iq60U0."},{"key":"e_1_3_2_1_42_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-25937-4_24"},{"key":"e_1_3_2_1_43_1","volume-title":"Proceedings of the 17th Network and Distributed System Security Symposium","author":"Saxena P.","year":"2010","unstructured":"P. Saxena , S. Hanna , P. Poosankam , and D. Song . Flax: Systematic discovery of client-side validation vulnerabilities in rich web applications . In Proceedings of the 17th Network and Distributed System Security Symposium , 2010 . P. Saxena, S. Hanna, P. Poosankam, and D. Song. Flax: Systematic discovery of client-side validation vulnerabilities in rich web applications. In Proceedings of the 17th Network and Distributed System Security Symposium, 2010."},{"key":"e_1_3_2_1_44_1","doi-asserted-by":"publisher","DOI":"10.1145\/2046707.2046776"},{"key":"e_1_3_2_1_45_1","unstructured":"Security Affairs. Afghanistan cdn network compromised by chinese hackers. http:\/\/goo.gl\/Kh8zqN.  Security Affairs. Afghanistan cdn network compromised by chinese hackers. http:\/\/goo.gl\/Kh8zqN."},{"key":"e_1_3_2_1_46_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2010.35"},{"key":"e_1_3_2_1_47_1","unstructured":"Softpedia. Exploit kit dropped through akamai content delivery network. http:\/\/goo.gl\/1UgGgT.  Softpedia. Exploit kit dropped through akamai content delivery network. http:\/\/goo.gl\/1UgGgT."},{"key":"e_1_3_2_1_48_1","volume-title":"Proceedings of the 20th Network and Distributed System Security Symposium","author":"Son S.","year":"2013","unstructured":"S. Son and V. Shmatikov . The postman always rings twice: Attacking and defending postmessage in html5 websites . In Proceedings of the 20th Network and Distributed System Security Symposium , 2013 . S. Son and V. Shmatikov. The postman always rings twice: Attacking and defending postmessage in html5 websites. In Proceedings of the 20th Network and Distributed System Security Symposium, 2013."},{"key":"e_1_3_2_1_49_1","volume-title":"Proceedings of the 23rd USENIX security symposium.","author":"Stock B.","unstructured":"B. Stock , S. Lekies , T. Mueller , P. Spiegel , and M. Johns . Precise client-side protection against dom-based cross-site scripting . In Proceedings of the 23rd USENIX security symposium. B. Stock, S. Lekies, T. Mueller, P. Spiegel, and M. Johns. Precise client-side protection against dom-based cross-site scripting. In Proceedings of the 23rd USENIX security symposium."},{"key":"e_1_3_2_1_50_1","volume-title":"Proceedings of the 14th Network and Distributed System Security Symposium","author":"Vogt P.","year":"2007","unstructured":"P. Vogt , F. Nentwich , N. Jovanovic , E. Kirda , C. Kruegel , and G. Vigna . Cross site scripting prevention with dynamic data tainting and static analysis . In Proceedings of the 14th Network and Distributed System Security Symposium , 2007 . P. Vogt, F. Nentwich, N. Jovanovic, E. Kirda, C. Kruegel, and G. Vigna. Cross site scripting prevention with dynamic data tainting and static analysis. In Proceedings of the 14th Network and Distributed System Security Symposium, 2007."},{"key":"e_1_3_2_1_51_1","unstructured":"W3C. All standards and drafts. http:\/\/www.w3.org\/TR\/.  W3C. All standards and drafts. http:\/\/www.w3.org\/TR\/."},{"key":"e_1_3_2_1_52_1","unstructured":"W3C. Content security policy 2.0. http:\/\/www.w3.org\/TR\/CSP2\/.  W3C. Content security policy 2.0. http:\/\/www.w3.org\/TR\/CSP2\/."},{"key":"e_1_3_2_1_53_1","unstructured":"W3C. Subresource integrity. http:\/\/www.w3.org\/TR\/SRI\/.  W3C. Subresource integrity. http:\/\/www.w3.org\/TR\/SRI\/."},{"key":"e_1_3_2_1_54_1","doi-asserted-by":"publisher","DOI":"10.1145\/586110.586145"},{"key":"e_1_3_2_1_55_1","doi-asserted-by":"publisher","DOI":"10.1007\/11863908_17"},{"key":"e_1_3_2_1_56_1","doi-asserted-by":"publisher","DOI":"10.5555\/2041225.2041237"},{"key":"e_1_3_2_1_57_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-11379-1_11"},{"key":"e_1_3_2_1_58_1","first-page":"321","volume-title":"USENIX Annual Technical Conference","author":"Wendlandt D.","year":"2008","unstructured":"D. Wendlandt , D. G. Andersen , and A. Perrig . Perspectives: Improving ssh-style host authentication with multi-path probing . In USENIX Annual Technical Conference , pages 321 -- 334 , 2008 . D. Wendlandt, D. G. Andersen, and A. Perrig. Perspectives: Improving ssh-style host authentication with multi-path probing. In USENIX Annual Technical Conference, pages 321--334, 2008."},{"key":"e_1_3_2_1_59_1","doi-asserted-by":"publisher","DOI":"10.4018\/978-1-59904-804-8.ch013"}],"event":{"name":"CCS'15: The 22nd ACM Conference on Computer and Communications Security","location":"Denver Colorado USA","acronym":"CCS'15","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"]},"container-title":["Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/2810103.2813710","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/2810103.2813710","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T05:48:25Z","timestamp":1750225705000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/2810103.2813710"}},"subtitle":["Signature-based Whitelisting of Web JavaScript"],"short-title":[],"issued":{"date-parts":[[2015,10,12]]},"references-count":59,"alternative-id":["10.1145\/2810103.2813710","10.1145\/2810103"],"URL":"https:\/\/doi.org\/10.1145\/2810103.2813710","relation":{},"subject":[],"published":{"date-parts":[[2015,10,12]]},"assertion":[{"value":"2015-10-12","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}