{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,11,18]],"date-time":"2025-11-18T23:15:15Z","timestamp":1763507715613,"version":"3.41.0"},"publisher-location":"Republic and Canton of Geneva, Switzerland","reference-count":30,"publisher":"International World Wide Web Conferences Steering Committee","license":[{"start":{"date-parts":[[2017,4,3]],"date-time":"2017-04-03T00:00:00Z","timestamp":1491177600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2017,4,3]]},"DOI":"10.1145\/3038912.3052634","type":"proceedings-article","created":{"date-parts":[[2017,4,6]],"date-time":"2017-04-06T13:30:38Z","timestamp":1491485438000},"page":"877-886","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":16,"title":["On the Content Security Policy Violations due to the Same-Origin Policy"],"prefix":"10.1145","author":[{"given":"Doli\u00e8re Francis","family":"Some","sequence":"first","affiliation":[{"name":"Universit\u00e9 C\u00f4te d'Azur &amp; Inria, Sophia Antipolis, France"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Nataliia","family":"Bielova","sequence":"additional","affiliation":[{"name":"Universit\u00e9 C\u00f4te d'Azur &amp; Inria, Sophia Antipolis, France"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Tamara","family":"Rezk","sequence":"additional","affiliation":[{"name":"Universit\u00e9 C\u00f4te d'Azur &amp; Inria, Sophia Antipolis, France"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","published-online":{"date-parts":[[2017,4,3]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"Chrome Platform Status. https:\/\/www.chromestatus.com\/metrics\/feature\/ popularity#DocumentSetDomain."},{"key":"e_1_3_2_1_2_1","unstructured":"CSP violations online. https:\/\/webstats.inria.fr?cspviolations."},{"key":"e_1_3_2_1_3_1","unstructured":"Same Origin Policy. https:\/\/www.w3.org\/Security\/wiki\/Same_Origin_Policy ."},{"key":"e_1_3_2_1_4_1","doi-asserted-by":"publisher","DOI":"10.1145\/2897845.2897899"},{"key":"e_1_3_2_1_5_1","doi-asserted-by":"publisher","DOI":"10.1145\/2976749.2978338"},{"key":"e_1_3_2_1_6_1","doi-asserted-by":"publisher","DOI":"10.1145\/2508859.2516708"},{"key":"e_1_3_2_1_7_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-20550-2_14"},{"key":"e_1_3_2_1_8_1","first-page":"2016","author":"Hidayat A.","year":"2010","unstructured":"A. Hidayat. PhantomJS Headless Browser, 2010--2016.","journal-title":"PhantomJS Headless Browser"},{"key":"e_1_3_2_1_9_1","volume-title":"Web 2.0 Security and Privacy (W2SP","author":"Jackson C.","year":"2008","unstructured":"C. Jackson and A. Barth. Beware of Finer-Grained Origins. In Web 2.0 Security and Privacy (W2SP 2008), 2008."},{"key":"e_1_3_2_1_10_1","volume-title":"CSP Aider: An Automated Recommendation of Content Security Policy for Web Applications","author":"Javed A.","year":"2012","unstructured":"A. Javed. CSP Aider: An Automated Recommendation of Content Security Policy for Web Applications. In IEEE Oakland Web 2.0 Security and Privacy (W2SP'12), 2012."},{"key":"e_1_3_2_1_11_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-39235-1_6"},{"key":"e_1_3_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.5220\/0005650100150025"},{"key":"e_1_3_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.1145\/2976749.2978384"},{"issue":"2","key":"e_1_3_2_1_14_1","first-page":"383","volume":"18","author":"Patil K.","year":"2016","unstructured":"K. Patil and B. Frederik. A Measurement Study of the Content Security Policy on Real-World Applications. I. J. Network Security, 18(2):383--392, 2016.","journal-title":"J. Network Security"},{"key":"e_1_3_2_1_15_1","unstructured":"N. Perriault. CasperJS navigation and scripting tool for PhantomJS 2011--2016."},{"key":"e_1_3_2_1_16_1","volume-title":"Busting frame busting: a study of clickjacking vulnerabilities at popular sites. In in IEEE Oakland Web 2.0 Security and Privacy (W2SP","author":"Rydstedt G.","year":"2010","unstructured":"G. Rydstedt, E. Bursztein, D. Boneh, and C. Jackson. Busting frame busting: a study of clickjacking vulnerabilities at popular sites. In in IEEE Oakland Web 2.0 Security and Privacy (W2SP 2010), 2010."},{"key":"e_1_3_2_1_17_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2010.35"},{"key":"e_1_3_2_1_18_1","unstructured":"D. F. Some N. Bielova and T. Rezk. On the Content Security Policy violations due to the Same-Origin Policy. Technical report. http:\/\/www-sop.inria.fr\/ members\/Nataliia.Bielova\/papers\/CSP-SOP.pdf."},{"key":"e_1_3_2_1_19_1","doi-asserted-by":"publisher","DOI":"10.1145\/1772690.1772784"},{"key":"e_1_3_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.1145\/2535838.2535889"},{"key":"e_1_3_2_1_21_1","unstructured":"A. van Kesteren. Cross Origin Resource Sharing. W3C Recommendation 2014."},{"key":"e_1_3_2_1_22_1","doi-asserted-by":"publisher","DOI":"10.1145\/2976749.2978363"},{"key":"e_1_3_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.1145\/2976749"},{"key":"e_1_3_2_1_24_1","first-page":"212","volume-title":"RAID 2014, Gothenburg, Sweden, September 17-19, 2014. Proceedings","author":"Weissbacher M.","year":"2014","unstructured":"M. Weissbacher, T. Lauinger, and W. K. Robertson. Why Is CSP Failing? Trends and Challenges in CSP Adoption. In Research in Attacks, Intrusions and Defenses - 17th International Symposium, RAID 2014, Gothenburg, Sweden, September 17-19, 2014. Proceedings, pages 212--233, 2014."},{"key":"e_1_3_2_1_25_1","volume-title":"Embedded Enforcement","author":"West M.","year":"2016","unstructured":"M. West. Content Security Policy: Embedded Enforcement, 2016."},{"key":"e_1_3_2_1_26_1","volume-title":"W3C Working Draft","author":"West M.","year":"2016","unstructured":"M. West. Content Security Policy Level 3. W3C Working Draft, 2016."},{"key":"e_1_3_2_1_27_1","volume-title":"A Collection of Interesting Ideas","author":"West M.","year":"2016","unstructured":"M. West. Origin Policy. A Collection of Interesting Ideas, 2016."},{"key":"e_1_3_2_1_28_1","volume-title":"Content Security Policy Level 2. W3C Candidate Recommendation","author":"West M.","year":"2015","unstructured":"M. West, A. Barth, and D. Veditz. Content Security Policy Level 2. W3C Candidate Recommendation, 2015."},{"key":"e_1_3_2_1_29_1","volume-title":"Feature Policy. W3C Draft Community Group Report","author":"West M.","year":"2016","unstructured":"M. West and I. Grigorik. Feature Policy. W3C Draft Community Group Report, 2016."},{"key":"e_1_3_2_1_30_1","doi-asserted-by":"publisher","DOI":"10.1109\/MC.2016.76"}],"event":{"name":"WWW '17: 26th International World Wide Web Conference","sponsor":["IW3C2 International World Wide Web Conference Committee","SIGWEB ACM Special Interest Group on Hypertext, Hypermedia, and Web"],"location":"Perth Australia","acronym":"WWW '17"},"container-title":["Proceedings of the 26th International Conference on World Wide Web"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3038912.3052634","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3038912.3052634","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T04:24:07Z","timestamp":1750220647000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3038912.3052634"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2017,4,3]]},"references-count":30,"alternative-id":["10.1145\/3038912.3052634","10.5555\/3038912"],"URL":"https:\/\/doi.org\/10.1145\/3038912.3052634","relation":{},"subject":[],"published":{"date-parts":[[2017,4,3]]},"assertion":[{"value":"2017-04-03","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}