{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,11,21]],"date-time":"2025-11-21T18:00:05Z","timestamp":1763748005954,"version":"3.41.0"},"publisher-location":"New York, NY, USA","reference-count":38,"publisher":"ACM","license":[{"start":{"date-parts":[[2019,7,2]],"date-time":"2019-07-02T00:00:00Z","timestamp":1562025600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"name":"Bundesministerium f\u00fcr Bildung und Forschung","award":["16KIS0345"],"award-info":[{"award-number":["16KIS0345"]}]},{"DOI":"10.13039\/501100001659","name":"Deutsche Forschungsgemeinschaft","doi-asserted-by":"publisher","award":["EXC 2092 CASA - 390781972"],"award-info":[{"award-number":["EXC 2092 CASA - 390781972"]}],"id":[{"id":"10.13039\/501100001659","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2019,7,2]]},"DOI":"10.1145\/3321705.3329841","type":"proceedings-article","created":{"date-parts":[[2019,7,9]],"date-time":"2019-07-09T12:53:20Z","timestamp":1562676800000},"page":"391-402","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":16,"title":["ScriptProtect"],"prefix":"10.1145","author":[{"given":"Marius","family":"Musch","sequence":"first","affiliation":[{"name":"TU Braunschweig, Braunschweig, Germany"}]},{"given":"Marius","family":"Steffens","sequence":"additional","affiliation":[{"name":"CISPA Helmholtz Center for Information Security, Saarbr\u00fccken, Germany"}]},{"given":"Sebastian","family":"Roth","sequence":"additional","affiliation":[{"name":"CISPA Helmholtz Center for Information Security, Saarbr\u00fccken, Germany"}]},{"given":"Ben","family":"Stock","sequence":"additional","affiliation":[{"name":"CISPA Helmholtz Center for Information Security, Saarbr\u00fccken, Germany"}]},{"given":"Martin","family":"Johns","sequence":"additional","affiliation":[{"name":"TU Braunschweig, Braunschweig, Germany"}]}],"member":"320","published-online":{"date-parts":[[2019,7,2]]},"reference":[{"key":"e_1_3_2_1_1_1","doi-asserted-by":"publisher","DOI":"10.1145\/2420950.2420952"},{"key":"e_1_3_2_1_2_1","doi-asserted-by":"publisher","DOI":"10.1145\/1772690.1772701"},{"key":"e_1_3_2_1_3_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-70542-0_2"},{"key":"e_1_3_2_1_4_1","doi-asserted-by":"publisher","DOI":"10.1145\/2976749.2978338"},{"key":"e_1_3_2_1_5_1","unstructured":"cure53. 2018. DOMPurify Github Repository. https:\/\/github.com\/cure53\/DOMPurify  cure53. 2018. DOMPurify Github Repository. https:\/\/github.com\/cure53\/DOMPurify"},{"key":"e_1_3_2_1_6_1","unstructured":"Stefano Di Paola. 2012. DominatorPro: Securing Next Generation of Web Applications. https:\/\/dominator.mindedsecurity.com\/.  Stefano Di Paola. 2012. DominatorPro: Securing Next Generation of Web Applications. https:\/\/dominator.mindedsecurity.com\/."},{"key":"e_1_3_2_1_7_1","unstructured":"Mozilla Foundation. 2019. Public Suffix List. https:\/\/publicsuffix.org\/  Mozilla Foundation. 2019. Public Suffix List. https:\/\/publicsuffix.org\/"},{"key":"e_1_3_2_1_8_1","volume-title":"Explainer: Trusted Types for DOM Manipulation. https:\/\/github.com\/WICG\/trusted-types.","author":"Web Incubator Community Group","year":"2017","unstructured":"Web Incubator Community Group . 2017 a. Explainer: Trusted Types for DOM Manipulation. https:\/\/github.com\/WICG\/trusted-types. Web Incubator Community Group. 2017a. Explainer: Trusted Types for DOM Manipulation. https:\/\/github.com\/WICG\/trusted-types."},{"key":"e_1_3_2_1_9_1","unstructured":"Web Incubator Community Group. 2017b. Support application-specific sanitizers \/ type builders. https:\/\/github.com\/WICG\/trusted-types\/issues\/32.  Web Incubator Community Group. 2017b. Support application-specific sanitizers \/ type builders. https:\/\/github.com\/WICG\/trusted-types\/issues\/32."},{"key":"e_1_3_2_1_10_1","doi-asserted-by":"crossref","unstructured":"Mario Heiderich Christopher Sp\"ath and J\u00f6rg Schwenk. 2017. DOMPurify: Client-Side Protection Against XSS and Markup Injection. In ESORICS.  Mario Heiderich Christopher Sp\"ath and J\u00f6rg Schwenk. 2017. DOMPurify: Client-Side Protection Against XSS and Markup Injection. In ESORICS.","DOI":"10.1007\/978-3-319-66399-9_7"},{"key":"e_1_3_2_1_11_1","volume-title":"Treehouse: Javascript Sandboxes to Help Web Developers Help Themselves.. In USENIX ATC.","author":"Ingram Lon","year":"2012","unstructured":"Lon Ingram and Michael Walfish . 2012 . Treehouse: Javascript Sandboxes to Help Web Developers Help Themselves.. In USENIX ATC. Lon Ingram and Michael Walfish. 2012. Treehouse: Javascript Sandboxes to Help Web Developers Help Themselves.. In USENIX ATC."},{"key":"e_1_3_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.1145\/1242572.1242654"},{"key":"e_1_3_2_1_13_1","volume-title":"DOM based cross site scripting or XSS of the third kind","author":"Klein Amit","year":"2005","unstructured":"Amit Klein . 2005. DOM based cross site scripting or XSS of the third kind . Web Application Security Consortium , Articles ( 2005 ). Amit Klein. 2005. DOM based cross site scripting or XSS of the third kind. Web Application Security Consortium, Articles (2005)."},{"key":"e_1_3_2_1_14_1","doi-asserted-by":"crossref","unstructured":"Tobias Lauinger Abdelberi Chaabane Sajjad Arshad William Robertson Christo Wilson and Engin Kirda. 2017. Thou Shalt Not Depend on Me: Analysing the Use of Outdated JavaScript Libraries on the Web. In NDSS.  Tobias Lauinger Abdelberi Chaabane Sajjad Arshad William Robertson Christo Wilson and Engin Kirda. 2017. Thou Shalt Not Depend on Me: Analysing the Use of Outdated JavaScript Libraries on the Web. In NDSS.","DOI":"10.14722\/ndss.2017.23414"},{"key":"e_1_3_2_1_15_1","doi-asserted-by":"publisher","DOI":"10.1145\/3133956.3134091"},{"key":"e_1_3_2_1_16_1","doi-asserted-by":"publisher","DOI":"10.1145\/2508859.2516703"},{"key":"e_1_3_2_1_17_1","doi-asserted-by":"crossref","unstructured":"William Melicher Anupam Das Mashmood Sharif Lujo Bauer and Limin Jia. 2018. Riding out DOMsday: Toward Detecting and Preventing DOM Cross-Site Scripting. In NDSS.  William Melicher Anupam Das Mashmood Sharif Lujo Bauer and Limin Jia. 2018. Riding out DOMsday: Toward Detecting and Preventing DOM Cross-Site Scripting. In NDSS.","DOI":"10.14722\/ndss.2018.23309"},{"key":"e_1_3_2_1_18_1","unstructured":"Benedik Meurer and Yang Guo. 2018. Zero-cost async stack traces. https:\/\/bit.ly\/v8-zero-cost-async-stack-traces  Benedik Meurer and Yang Guo. 2018. Zero-cost async stack traces. https:\/\/bit.ly\/v8-zero-cost-async-stack-traces"},{"key":"e_1_3_2_1_19_1","doi-asserted-by":"crossref","unstructured":"Leo A Meyerovich and Benjamin Livshits. 2010. ConScript: Specifying and enforcing fine-grained security policies for Javascript in the browser. In Oakland.  Leo A Meyerovich and Benjamin Livshits. 2010. ConScript: Specifying and enforcing fine-grained security policies for Javascript in the browser. In Oakland.","DOI":"10.1109\/SP.2010.36"},{"key":"e_1_3_2_1_20_1","volume-title":"Safe active content in sanitized JavaScript. Google","author":"Miller Mark S","year":"2008","unstructured":"Mark S Miller , Mike Samuel , Ben Laurie , Ihab Awad , and Mike Stay . 2008. Safe active content in sanitized JavaScript. Google , Inc., Tech. Rep ( 2008 ). Mark S Miller, Mike Samuel, Ben Laurie, Ihab Awad, and Mike Stay. 2008. Safe active content in sanitized JavaScript. Google, Inc., Tech. Rep (2008)."},{"key":"e_1_3_2_1_21_1","doi-asserted-by":"publisher","DOI":"10.1145\/2382196.2382274"},{"key":"e_1_3_2_1_22_1","doi-asserted-by":"publisher","DOI":"10.1145\/2786805.2786821"},{"key":"e_1_3_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.1145\/2414456.2414458"},{"key":"e_1_3_2_1_24_1","doi-asserted-by":"publisher","DOI":"10.1145\/1533057.1533067"},{"key":"e_1_3_2_1_25_1","volume-title":"FLAX: Systematic Discovery of Client-side Validation Vulnerabilities in Rich Web Applications.. In NDSS.","author":"Saxena Prateek","year":"2010","unstructured":"Prateek Saxena , Steve Hanna , Pongsin Poosankam , and Dawn Song . 2010 . FLAX: Systematic Discovery of Client-side Validation Vulnerabilities in Rich Web Applications.. In NDSS. Prateek Saxena, Steve Hanna, Pongsin Poosankam, and Dawn Song. 2010. FLAX: Systematic Discovery of Client-side Validation Vulnerabilities in Rich Web Applications.. In NDSS."},{"key":"e_1_3_2_1_26_1","doi-asserted-by":"publisher","DOI":"10.1145\/3133956.3133966"},{"key":"e_1_3_2_1_27_1","unstructured":"Sooel Son and Vitaly Shmatikov. 2013. The Postman Always Rings Twice: Attacking and Defending postMessage in HTML5 Websites. In NDSS.  Sooel Son and Vitaly Shmatikov. 2013. The Postman Always Rings Twice: Attacking and Defending postMessage in HTML5 Websites. In NDSS."},{"key":"e_1_3_2_1_28_1","doi-asserted-by":"crossref","unstructured":"Marius Steffens Christian Rossow Martin Johns and Ben Stock. 2019. Don't Trust The Locals: Investigating the Prevalence of Persistent Client-Side Cross-Site Scripting in the Wild.. In NDSS.  Marius Steffens Christian Rossow Martin Johns and Ben Stock. 2019. Don't Trust The Locals: Investigating the Prevalence of Persistent Client-Side Cross-Site Scripting in the Wild.. In NDSS.","DOI":"10.14722\/ndss.2019.23009"},{"key":"e_1_3_2_1_29_1","unstructured":"Ben Stock Martin Johns Marius Steffens and Michael Backes. 2017. How the Web Tangled Itself: Uncovering the History of Client-Side Web (In) Security. In USENIX Security.   Ben Stock Martin Johns Marius Steffens and Michael Backes. 2017. How the Web Tangled Itself: Uncovering the History of Client-Side Web (In) Security. In USENIX Security."},{"key":"e_1_3_2_1_30_1","unstructured":"Ben Stock Sebastian Lekies Tobias Mueller Patrick Spiegel and Martin Johns. 2014. Precise Client-side Protection against DOM-based Cross-Site Scripting. In USENIX Security.   Ben Stock Sebastian Lekies Tobias Mueller Patrick Spiegel and Martin Johns. 2014. Precise Client-side Protection against DOM-based Cross-Site Scripting. In USENIX Security."},{"key":"e_1_3_2_1_31_1","doi-asserted-by":"publisher","DOI":"10.1145\/2810103.2813625"},{"key":"e_1_3_2_1_32_1","volume-title":"Karthik Thotta Ganesh, and VN Venkatakrishnan","author":"Louw Mike Ter","year":"2010","unstructured":"Mike Ter Louw , Karthik Thotta Ganesh, and VN Venkatakrishnan . 2010 . AdJail: Practical Enforcement of Confidentiality and Integrity Policies on Web Advertisements.. In USENIX Security . Mike Ter Louw, Karthik Thotta Ganesh, and VN Venkatakrishnan. 2010. AdJail: Practical Enforcement of Confidentiality and Integrity Policies on Web Advertisements.. In USENIX Security."},{"key":"e_1_3_2_1_33_1","volume-title":"Blueprint: Robust prevention of cross-site scripting attacks for existing browsers. In Oakland.","author":"Louw Mike Ter","year":"2009","unstructured":"Mike Ter Louw and VN Venkatakrishnan . 2009 . Blueprint: Robust prevention of cross-site scripting attacks for existing browsers. In Oakland. Mike Ter Louw and VN Venkatakrishnan. 2009. Blueprint: Robust prevention of cross-site scripting attacks for existing browsers. In Oakland."},{"key":"e_1_3_2_1_34_1","doi-asserted-by":"publisher","DOI":"10.1145\/2076732.2076775"},{"key":"e_1_3_2_1_35_1","unstructured":"Philipp Vogt Florian Nentwich Nenad Jovanovic Engin Kirda Christopher Kruegel and Giovanni Vigna. 2007. Cross Site Scripting Prevention with Dynamic Data Tainting and Static Analysis. In NDSS.  Philipp Vogt Florian Nentwich Nenad Jovanovic Engin Kirda Christopher Kruegel and Giovanni Vigna. 2007. Cross Site Scripting Prevention with Dynamic Data Tainting and Static Analysis. In NDSS."},{"key":"e_1_3_2_1_36_1","unstructured":"W3C. 2010. Same Origin Policy. https:\/\/www.w3.org\/Security\/wiki\/Same_Origin_Policy.  W3C. 2010. Same Origin Policy. https:\/\/www.w3.org\/Security\/wiki\/Same_Origin_Policy."},{"key":"e_1_3_2_1_37_1","doi-asserted-by":"publisher","DOI":"10.1145\/2976749.2978363"},{"key":"e_1_3_2_1_38_1","unstructured":"Michael Weissbacher William K Robertson Engin Kirda Christopher Kruegel and Giovanni Vigna. 2015. ZigZag: Automatically Hardening Web Applications Against Client-side Validation Vulnerabilities. In USENIX Security.   Michael Weissbacher William K Robertson Engin Kirda Christopher Kruegel and Giovanni Vigna. 2015. ZigZag: Automatically Hardening Web Applications Against Client-side Validation Vulnerabilities. In USENIX Security."}],"event":{"name":"Asia CCS '19: ACM Asia Conference on Computer and Communications Security","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"],"location":"Auckland New Zealand","acronym":"Asia CCS '19"},"container-title":["Proceedings of the 2019 ACM Asia Conference on Computer and Communications Security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3321705.3329841","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3321705.3329841","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T23:54:39Z","timestamp":1750204479000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3321705.3329841"}},"subtitle":["Mitigating Unsafe Third-Party JavaScript Practices"],"short-title":[],"issued":{"date-parts":[[2019,7,2]]},"references-count":38,"alternative-id":["10.1145\/3321705.3329841","10.1145\/3321705"],"URL":"https:\/\/doi.org\/10.1145\/3321705.3329841","relation":{},"subject":[],"published":{"date-parts":[[2019,7,2]]},"assertion":[{"value":"2019-07-02","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}