{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,12,30]],"date-time":"2025-12-30T08:45:31Z","timestamp":1767084331534,"version":"3.41.0"},"publisher-location":"New York, NY, USA","reference-count":68,"publisher":"ACM","license":[{"start":{"date-parts":[[2022,10,26]],"date-time":"2022-10-26T00:00:00Z","timestamp":1666742400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"name":"National Science Foundation (NSF)","award":["1651661"],"award-info":[{"award-number":["1651661"]}]},{"name":"National Science Foundation (NSF)","award":["1703644"],"award-info":[{"award-number":["1703644"]}]},{"name":"DARPA","award":["HR001118C0060"],"award-info":[{"award-number":["HR001118C0060"]}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2022,10,26]]},"DOI":"10.1145\/3545948.3545992","type":"proceedings-article","created":{"date-parts":[[2022,10,17]],"date-time":"2022-10-17T11:21:49Z","timestamp":1666005709000},"page":"431-445","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":3,"title":["Context-Auditor: Context-sensitive Content Injection Mitigation"],"prefix":"10.1145","author":[{"given":"Faezeh","family":"Kalantari","sequence":"first","affiliation":[{"name":"Arizona State University, United States of America"}]},{"given":"Mehrnoosh","family":"Zaeifi","sequence":"additional","affiliation":[{"name":"Arizona State University, United States of America"}]},{"given":"Tiffany","family":"Bao","sequence":"additional","affiliation":[{"name":"Arizona State University, United States of America"}]},{"given":"Ruoyu","family":"Wang","sequence":"additional","affiliation":[{"name":"Arizona State University, United States of America"}]},{"given":"Yan","family":"Shoshitaishvili","sequence":"additional","affiliation":[{"name":"Arizona State University, United States of America"}]},{"given":"Adam","family":"Doup\u00e9","sequence":"additional","affiliation":[{"name":"Arizona State University, United States of America"}]}],"member":"320","published-online":{"date-parts":[[2022,10,26]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"2019. DETECTED BY RIPS MISSED BY OTHERS. https:\/\/www.ripstech.com\/product\/reports\/.  2019. DETECTED BY RIPS MISSED BY OTHERS. https:\/\/www.ripstech.com\/product\/reports\/."},{"key":"e_1_3_2_1_2_1","unstructured":"2019. ECMAScript 2019. https:\/\/tc39.github.io\/ecma262\/.  2019. ECMAScript 2019. https:\/\/tc39.github.io\/ecma262\/."},{"key":"e_1_3_2_1_3_1","unstructured":"2019. XSS Filter Evasion Cheat Sheet. https:\/\/www.owasp.org\/index.php\/XSS_Filter_Evasion_Cheat_Sheet.  2019. XSS Filter Evasion Cheat Sheet. https:\/\/www.owasp.org\/index.php\/XSS_Filter_Evasion_Cheat_Sheet."},{"key":"e_1_3_2_1_4_1","unstructured":"2021. Bash(1) General Command Manual. http:\/\/man7.org\/linux\/man-pages\/man1\/bash.1.html.  2021. Bash(1) General Command Manual. http:\/\/man7.org\/linux\/man-pages\/man1\/bash.1.html."},{"key":"e_1_3_2_1_5_1","unstructured":"2021. Content Security Policy. https:\/\/www.w3.org\/TR\/CSP3\/.  2021. Content Security Policy. https:\/\/www.w3.org\/TR\/CSP3\/."},{"key":"e_1_3_2_1_6_1","unstructured":"2021. CSS Syntax Module Level 3. https:\/\/www.w3.org\/TR\/css-syntax-3\/.  2021. CSS Syntax Module Level 3. https:\/\/www.w3.org\/TR\/css-syntax-3\/."},{"key":"e_1_3_2_1_7_1","unstructured":"2022. Context-Auditor\u2019s Code and Data. https:\/\/github.com\/Context-Auditor.  2022. Context-Auditor\u2019s Code and Data. https:\/\/github.com\/Context-Auditor."},{"key":"e_1_3_2_1_8_1","unstructured":"2022. Firing Range. https:\/\/public-firing-range.appspot.com\/.  2022. Firing Range. https:\/\/public-firing-range.appspot.com\/."},{"key":"e_1_3_2_1_9_1","unstructured":"2022. HTML Living Standard. https:\/\/html.spec.whatwg.org\/.  2022. HTML Living Standard. https:\/\/html.spec.whatwg.org\/."},{"key":"e_1_3_2_1_10_1","unstructured":"2022. Mitmproxy: An interactive HTTPS proxy. https:\/\/mitmproxy.org\/.  2022. Mitmproxy: An interactive HTTPS proxy. https:\/\/mitmproxy.org\/."},{"key":"e_1_3_2_1_11_1","unstructured":"2022. Mitmproxy based devtools extension. http:\/\/dutzi.github.io\/tamper\/.  2022. Mitmproxy based devtools extension. http:\/\/dutzi.github.io\/tamper\/."},{"key":"e_1_3_2_1_12_1","unstructured":"2022. Open Bug Bounty Free bug bounty program and coordinated vulnerability disclosure. https:\/\/openbugbounty.org.  2022. Open Bug Bounty Free bug bounty program and coordinated vulnerability disclosure. https:\/\/openbugbounty.org."},{"key":"e_1_3_2_1_13_1","unstructured":"2022. Open Source Web Application Firewall. http:\/\/www.modsecurity.org.  2022. Open Source Web Application Firewall. http:\/\/www.modsecurity.org."},{"key":"e_1_3_2_1_14_1","unstructured":"2022. Open Source Web Application Security Scanner. http:\/\/w3af.org\/.  2022. Open Source Web Application Security Scanner. http:\/\/w3af.org\/."},{"key":"e_1_3_2_1_15_1","unstructured":"2022. OWASP ModSecurity Core Rule Set. https:\/\/owasp.org\/www-project-modsecurity-core-rule-set\/.  2022. OWASP ModSecurity Core Rule Set. https:\/\/owasp.org\/www-project-modsecurity-core-rule-set\/."},{"key":"e_1_3_2_1_16_1","unstructured":"2022. Selenium WebDriver. https:\/\/www.selenium.dev\/documentation\/webdriver\/.  2022. Selenium WebDriver. https:\/\/www.selenium.dev\/documentation\/webdriver\/."},{"key":"e_1_3_2_1_17_1","unstructured":"Amazon. 2020. Alexa Top Websites. https:\/\/www.alexa.com\/topsites.  Amazon. 2020. Alexa Top Websites. https:\/\/www.alexa.com\/topsites."},{"key":"e_1_3_2_1_18_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2008.22"},{"key":"e_1_3_2_1_19_1","doi-asserted-by":"crossref","unstructured":"Daniel Bates Adam Barth and Collin Jackson. 2010. Regular expressions considered harmful in client-side XSS filters. In WWW.  Daniel Bates Adam Barth and Collin Jackson. 2010. Regular expressions considered harmful in client-side XSS filters. In WWW.","DOI":"10.1145\/1772690.1772701"},{"key":"e_1_3_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-70542-0_2"},{"key":"e_1_3_2_1_22_1","unstructured":"Ahmet\u00a0Salih Buyukkayhan Can Gemicioglu Tobias Lauinger Alina Oprea William Robertson and Engin Kirda. 2020. What\u2019s in an Exploit? An Empirical Analysis of Reflected Server XSS Exploitation Techniques. In RAID.  Ahmet\u00a0Salih Buyukkayhan Can Gemicioglu Tobias Lauinger Alina Oprea William Robertson and Engin Kirda. 2020. What\u2019s in an Exploit? An Empirical Analysis of Reflected Server XSS Exploitation Techniques. In RAID."},{"key":"e_1_3_2_1_23_1","doi-asserted-by":"crossref","unstructured":"Stefano Calzavara Alvise Rabitti and Michele Bugliesi. 2016. Content security problems? evaluating the effectiveness of content security policy in the wild. In CCS.  Stefano Calzavara Alvise Rabitti and Michele Bugliesi. 2016. Content security problems? evaluating the effectiveness of content security policy in the wild. In CCS.","DOI":"10.1145\/2976749.2978338"},{"key":"e_1_3_2_1_24_1","unstructured":"Adam Doup\u00e9 Weidong Cui Mariusz\u00a0H Jakubowski Marcus Peinado Christopher Kruegel and Giovanni Vigna. 2013. deDacota: toward preventing server-side XSS via automatic code and data separation. In CCS.  Adam Doup\u00e9 Weidong Cui Mariusz\u00a0H Jakubowski Marcus Peinado Christopher Kruegel and Giovanni Vigna. 2013. deDacota: toward preventing server-side XSS via automatic code and data separation. In CCS."},{"key":"e_1_3_2_1_25_1","unstructured":"K. Fernandez and D. Pagkalos. 2012. Cross site scripting (XSS) attacks information and archive. http:\/\/xssed.com.  K. Fernandez and D. Pagkalos. 2012. Cross site scripting (XSS) attacks information and archive. http:\/\/xssed.com."},{"key":"e_1_3_2_1_26_1","unstructured":"Firefox. 2022. NoScript. https:\/\/noscript.net\/.  Firefox. 2022. NoScript. https:\/\/noscript.net\/."},{"key":"e_1_3_2_1_27_1","unstructured":"Nick Galbreath. 2018. libinjection. https:\/\/github.com\/client9\/libinjection.  Nick Galbreath. 2018. libinjection. https:\/\/github.com\/client9\/libinjection."},{"key":"e_1_3_2_1_28_1","doi-asserted-by":"crossref","unstructured":"Hackerone. 2021. Hacker-Powered Security Report: Industry Insights \u201921. https:\/\/www.hackerone.com\/resources\/reporting\/hacker-powered-security-report-industry-insights-21.  Hackerone. 2021. Hacker-Powered Security Report: Industry Insights \u201921. https:\/\/www.hackerone.com\/resources\/reporting\/hacker-powered-security-report-industry-insights-21.","DOI":"10.1016\/S1353-4858(21)00140-9"},{"key":"e_1_3_2_1_29_1","volume-title":"Wasp: Protecting web applications using positive tainting and syntax-aware evaluation","author":"Halfond William","year":"2008","unstructured":"William Halfond , Alex Orso , and Pete Manolios . 2008 . Wasp: Protecting web applications using positive tainting and syntax-aware evaluation . IEEE transactions on Software Engineering 34, 1 (2008). William Halfond, Alex Orso, and Pete Manolios. 2008. Wasp: Protecting web applications using positive tainting and syntax-aware evaluation. IEEE transactions on Software Engineering 34, 1 (2008)."},{"key":"e_1_3_2_1_30_1","doi-asserted-by":"crossref","unstructured":"Mario Heiderich Marcus Niemietz Felix Schuster Thorsten Holz and J\u00f6rg Schwenk. 2012. Scriptless attacks: stealing the pie without touching the sill. In CCS.  Mario Heiderich Marcus Niemietz Felix Schuster Thorsten Holz and J\u00f6rg Schwenk. 2012. Scriptless attacks: stealing the pie without touching the sill. In CCS.","DOI":"10.1145\/2382196.2382276"},{"key":"e_1_3_2_1_31_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-66399-9_7"},{"key":"e_1_3_2_1_32_1","doi-asserted-by":"crossref","unstructured":"Yao-Wen Huang Fang Yu Christian Hang Chung-Hung Tsai Der-Tsai Lee and Sy-Yen Kuo. 2004. Securing web application code by static analysis and runtime protection. In WWW.  Yao-Wen Huang Fang Yu Christian Hang Chung-Hung Tsai Der-Tsai Lee and Sy-Yen Kuo. 2004. Securing web application code by static analysis and runtime protection. In WWW.","DOI":"10.1145\/988672.988679"},{"key":"e_1_3_2_1_33_1","doi-asserted-by":"publisher","DOI":"10.1145\/1244002.1244071"},{"key":"e_1_3_2_1_34_1","volume-title":"Xssds: Server-side detection of cross-site scripting attacks. In ACSAC.","author":"Johns Martin","year":"2008","unstructured":"Martin Johns , Bj\u00f6rn Engelmann , and Joachim Posegga . 2008 . Xssds: Server-side detection of cross-site scripting attacks. In ACSAC. Martin Johns, Bj\u00f6rn Engelmann, and Joachim Posegga. 2008. Xssds: Server-side detection of cross-site scripting attacks. In ACSAC."},{"key":"e_1_3_2_1_35_1","unstructured":"Martin Johns and Stephan Pfistner. 2018. End-to-end taint tracking for detection and mitigation of injection vulnerabilities in web applications. US Patent 10 129 285.  Martin Johns and Stephan Pfistner. 2018. End-to-end taint tracking for detection and mitigation of injection vulnerabilities in web applications. US Patent 10 129 285."},{"key":"e_1_3_2_1_36_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2006.29"},{"key":"e_1_3_2_1_37_1","doi-asserted-by":"crossref","unstructured":"Zifeng Kang Song Li and Yinzhi Cao. 2022. Probe the Proto: Measuring Client-Side Prototype Pollution Vulnerabilities of One Million Real-world Websites. (2022).  Zifeng Kang Song Li and Yinzhi Cao. 2022. Probe the Proto: Measuring Client-Side Prototype Pollution Vulnerabilities of One Million Real-world Websites. (2022).","DOI":"10.14722\/ndss.2022.24308"},{"key":"e_1_3_2_1_38_1","unstructured":"Soheil Khodayari and Giancarlo Pellegrino. 2021. {JAW}: Studying Client-side {CSRF} with Hybrid Property Graphs and Declarative Traversals. In USENIX Security.  Soheil Khodayari and Giancarlo Pellegrino. 2021. {JAW}: Studying Client-side {CSRF} with Hybrid Property Graphs and Declarative Traversals. In USENIX Security."},{"key":"e_1_3_2_1_39_1","doi-asserted-by":"crossref","unstructured":"Lukas Knittel Christian Mainka Marcus Niemietz Dominik\u00a0Trevor No\u00df and J\u00f6rg Schwenk. 2021. XSinator. com: From a Formal Model to the Automatic Evaluation of Cross-Site Leaks in Web Browsers. In CCS.  Lukas Knittel Christian Mainka Marcus Niemietz Dominik\u00a0Trevor No\u00df and J\u00f6rg Schwenk. 2021. XSinator. com: From a Formal Model to the Automatic Evaluation of Cross-Site Leaks in Web Browsers. In CCS.","DOI":"10.1145\/3460120.3484739"},{"key":"e_1_3_2_1_40_1","doi-asserted-by":"crossref","unstructured":"Sebastian Lekies Krzysztof Kotowicz Samuel Gro\u00df Eduardo\u00a0A Vela\u00a0Nava and Martin Johns. 2017. Code-reuse attacks for the web: Breaking cross-site scripting mitigations via script gadgets. In CCS.  Sebastian Lekies Krzysztof Kotowicz Samuel Gro\u00df Eduardo\u00a0A Vela\u00a0Nava and Martin Johns. 2017. Code-reuse attacks for the web: Breaking cross-site scripting mitigations via script gadgets. In CCS.","DOI":"10.1145\/3133956.3134091"},{"key":"e_1_3_2_1_41_1","doi-asserted-by":"crossref","unstructured":"Sebastian Lekies Ben Stock and Martin Johns. 2013. 25 million flows later: large-scale detection of DOM-based XSS. In CCS.  Sebastian Lekies Ben Stock and Martin Johns. 2013. 25 million flows later: large-scale detection of DOM-based XSS. In CCS.","DOI":"10.1145\/2508859.2516703"},{"key":"e_1_3_2_1_42_1","volume-title":"Towards fully automatic placement of security sanitizers and declassifiers. Acm Sigplan Notices 48, 1","author":"Livshits Benjamin","year":"2013","unstructured":"Benjamin Livshits and Stephen Chong . 2013. Towards fully automatic placement of security sanitizers and declassifiers. Acm Sigplan Notices 48, 1 ( 2013 ). Benjamin Livshits and Stephen Chong. 2013. Towards fully automatic placement of security sanitizers and declassifiers. Acm Sigplan Notices 48, 1 (2013)."},{"key":"e_1_3_2_1_43_1","volume-title":"Blueprint: Robust Prevention of Cross-site Scripting Attacks for Existing Browsers. In IEEE Symposium on Security and Privacy.","author":"Louw Mike\u00a0Ter","year":"2009","unstructured":"Mike\u00a0Ter Louw and V.\u00a0 N. Venkatakrishnan . 2009 . Blueprint: Robust Prevention of Cross-site Scripting Attacks for Existing Browsers. In IEEE Symposium on Security and Privacy. Mike\u00a0Ter Louw and V.\u00a0N. Venkatakrishnan. 2009. Blueprint: Robust Prevention of Cross-site Scripting Attacks for Existing Browsers. In IEEE Symposium on Security and Privacy."},{"key":"e_1_3_2_1_44_1","doi-asserted-by":"crossref","unstructured":"Meng Luo Pierre Laperdrix Nima Honarmand and Nick Nikiforakis. 2019. Time does not heal all wounds: A longitudinal analysis of security-mechanism support in mobile browsers. In NDSS.  Meng Luo Pierre Laperdrix Nima Honarmand and Nick Nikiforakis. 2019. Time does not heal all wounds: A longitudinal analysis of security-mechanism support in mobile browsers. In NDSS.","DOI":"10.14722\/ndss.2019.23149"},{"key":"e_1_3_2_1_45_1","doi-asserted-by":"crossref","unstructured":"William Melicher Anupam Das Mahmood Sharif Lujo Bauer and Limin Jia. 2018. Riding out DOMsday: Toward Detecting and Preventing DOM Cross-Site Scripting. In NDSS.  William Melicher Anupam Das Mahmood Sharif Lujo Bauer and Limin Jia. 2018. Riding out DOMsday: Toward Detecting and Preventing DOM Cross-Site Scripting. In NDSS.","DOI":"10.14722\/ndss.2018.23309"},{"key":"e_1_3_2_1_46_1","unstructured":"MITRE. 2021. 2021 CWE Top 25 Most Dangerous Software Weaknesses.  MITRE. 2021. 2021 CWE Top 25 Most Dangerous Software Weaknesses."},{"key":"e_1_3_2_1_47_1","doi-asserted-by":"publisher","DOI":"10.1007\/0-387-25660-1_20"},{"key":"e_1_3_2_1_48_1","doi-asserted-by":"publisher","DOI":"10.1145\/3140549.3140559"},{"key":"e_1_3_2_1_49_1","unstructured":"OWASP. 2021. OWASP Top 10. https:\/\/owasp.org\/Top10\/  OWASP. 2021. OWASP Top 10. https:\/\/owasp.org\/Top10\/"},{"key":"e_1_3_2_1_50_1","doi-asserted-by":"crossref","unstructured":"Riccardo Pelizzi and R Sekar. 2012. Protection usability and improvements in reflected XSS filters. In ASIACCS.  Riccardo Pelizzi and R Sekar. 2012. Protection usability and improvements in reflected XSS filters. In ASIACCS.","DOI":"10.1145\/2414456.2414458"},{"key":"e_1_3_2_1_51_1","unstructured":"portswigger. 2021. Hunting nonce-based CSP bypasses with dynamic analysis. https:\/\/portswigger.net\/research\/hunting-nonce-based-csp-bypasses-with-dynamic-analysis.  portswigger. 2021. Hunting nonce-based CSP bypasses with dynamic analysis. https:\/\/portswigger.net\/research\/hunting-nonce-based-csp-bypasses-with-dynamic-analysis."},{"key":"e_1_3_2_1_52_1","doi-asserted-by":"crossref","unstructured":"Victor Prokhorenko Kim-Kwang\u00a0Raymond Choo and Helen Ashman. 2016. Context-oriented web application protection model. Appl. Math. Comput. 285(2016).  Victor Prokhorenko Kim-Kwang\u00a0Raymond Choo and Helen Ashman. 2016. Context-oriented web application protection model. Appl. Math. Comput. 285(2016).","DOI":"10.1016\/j.amc.2016.03.026"},{"key":"e_1_3_2_1_53_1","author":"Ptacek H","year":"1998","unstructured":"Thomas\u00a0 H Ptacek and Timothy\u00a0N Newsham. 1998 . Insertion, evasion, and denial of service: Eluding network intrusion detection. Technical Report. Secure Networks inc Calgary Alberta. Thomas\u00a0H Ptacek and Timothy\u00a0N Newsham. 1998. Insertion, evasion, and denial of service: Eluding network intrusion detection. Technical Report. Secure Networks inc Calgary Alberta.","journal-title":"Newsham."},{"key":"e_1_3_2_1_54_1","doi-asserted-by":"publisher","DOI":"10.1145\/2133375.2133377"},{"key":"e_1_3_2_1_55_1","doi-asserted-by":"publisher","DOI":"10.1145\/2046707.2046776"},{"key":"e_1_3_2_1_56_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2010.26"},{"key":"e_1_3_2_1_57_1","unstructured":"Anatoly Shusterman Ayush Agarwal Sioli O\u2019Connell Daniel Genkin Yossi Oren and Yuval Yarom. 2021. Prime+Probe 1 JavaScript 0: Overcoming Browser-based Side-Channel Defenses. In USENIX Security.  Anatoly Shusterman Ayush Agarwal Sioli O\u2019Connell Daniel Genkin Yossi Oren and Yuval Yarom. 2021. Prime+Probe 1 JavaScript 0: Overcoming Browser-based Side-Channel Defenses. In USENIX Security."},{"key":"e_1_3_2_1_58_1","doi-asserted-by":"crossref","unstructured":"Sooel Son Kathryn\u00a0S McKinley and Vitaly Shmatikov. 2013. Diglossia: detecting code injection attacks with precision and efficiency. In CCS.  Sooel Son Kathryn\u00a0S McKinley and Vitaly Shmatikov. 2013. Diglossia: detecting code injection attacks with precision and efficiency. In CCS.","DOI":"10.1145\/2508859.2516696"},{"key":"e_1_3_2_1_59_1","doi-asserted-by":"crossref","unstructured":"Marius Steffens Christian Rossow Martin Johns and Ben Stock. 2019. Don\u2019t Trust The Locals: Investigating the Prevalence of Persistent Client-Side Cross-Site Scripting in the Wild.. In NDSS.  Marius Steffens Christian Rossow Martin Johns and Ben Stock. 2019. Don\u2019t Trust The Locals: Investigating the Prevalence of Persistent Client-Side Cross-Site Scripting in the Wild.. In NDSS.","DOI":"10.14722\/ndss.2019.23009"},{"key":"e_1_3_2_1_60_1","volume-title":"Pmforce: Systematically analyzing postmessage handlers at scale. In CCS.","author":"Steffens Marius","year":"2020","unstructured":"Marius Steffens and Ben Stock . 2020 . Pmforce: Systematically analyzing postmessage handlers at scale. In CCS. Marius Steffens and Ben Stock. 2020. Pmforce: Systematically analyzing postmessage handlers at scale. In CCS."},{"key":"e_1_3_2_1_61_1","unstructured":"Ben Stock Sebastian Lekies Tobias Mueller Patrick Spiegel Martin Johns F\u00a0A\u00a0U Erlangen-nuremberg Sebastian Lekies Tobias Mueller Patrick Spiegel and Martin Johns. 2014. Precise Client-side Protection against DOM-based Cross-Site Scripting. In USENIX Security.  Ben Stock Sebastian Lekies Tobias Mueller Patrick Spiegel Martin Johns F\u00a0A\u00a0U Erlangen-nuremberg Sebastian Lekies Tobias Mueller Patrick Spiegel and Martin Johns. 2014. Precise Client-side Protection against DOM-based Cross-Site Scripting. In USENIX Security."},{"key":"e_1_3_2_1_62_1","doi-asserted-by":"crossref","unstructured":"Avinash Sudhodanan Soheil Khodayari and Juan Caballero. 2020. Cross-origin state inference (COSI) attacks: Leaking web site states through xs-leaks. In NDSS.  Avinash Sudhodanan Soheil Khodayari and Juan Caballero. 2020. Cross-origin state inference (COSI) attacks: Leaking web site states through xs-leaks. In NDSS.","DOI":"10.14722\/ndss.2020.24278"},{"key":"e_1_3_2_1_63_1","unstructured":"Port Swigger. 2022. Cross-site scripting (XSS) cheat sheet. https:\/\/portswigger.net\/web-security\/cross-site-scripting\/cheat-sheet.  Port Swigger. 2022. Cross-site scripting (XSS) cheat sheet. https:\/\/portswigger.net\/web-security\/cross-site-scripting\/cheat-sheet."},{"key":"e_1_3_2_1_64_1","unstructured":"US-CERT. 2000. CERT Advisory CA-2000-02 Malicious HTML Tags Embedded in Client Web Requests. https:\/\/resources.sei.cmu.edu\/asset_files\/WhitePaper\/2000_019_001_496188.pdf.  US-CERT. 2000. CERT Advisory CA-2000-02 Malicious HTML Tags Embedded in Client Web Requests. https:\/\/resources.sei.cmu.edu\/asset_files\/WhitePaper\/2000_019_001_496188.pdf."},{"key":"e_1_3_2_1_65_1","unstructured":"Philipp Vogt Florian Nentwich Nenad Jovanovic Engin Kirda Christopher Kruegel and Giovanni Vigna. 2007. Cross Site Scripting Prevention with Dynamic Data Tainting and Static Analysis. In NDSS.  Philipp Vogt Florian Nentwich Nenad Jovanovic Engin Kirda Christopher Kruegel and Giovanni Vigna. 2007. Cross Site Scripting Prevention with Dynamic Data Tainting and Static Analysis. In NDSS."},{"key":"e_1_3_2_1_66_1","unstructured":"W3C. 2021. Trusted Types. https:\/\/w3c.github.io\/webappsec-trusted-types\/dist\/spec\/.  W3C. 2021. Trusted Types. https:\/\/w3c.github.io\/webappsec-trusted-types\/dist\/spec\/."},{"key":"e_1_3_2_1_67_1","unstructured":"Chrome web store. 2022. NoScript Chrome Extension. https:\/\/chrome.google.com\/webstore\/detail\/noscript\/doojmbjmlfjjnbmnoijecmcbfeoakpjm?hl=en.  Chrome web store. 2022. NoScript Chrome Extension. https:\/\/chrome.google.com\/webstore\/detail\/noscript\/doojmbjmlfjjnbmnoijecmcbfeoakpjm?hl=en."},{"key":"e_1_3_2_1_68_1","unstructured":"Yichen Xie and Alex Aiken. 2006. Static Detection of Security Vulnerabilities in Scripting Languages.. In USENIX Security.  Yichen Xie and Alex Aiken. 2006. Static Detection of Security Vulnerabilities in Scripting Languages.. In USENIX Security."},{"key":"e_1_3_2_1_69_1","unstructured":"Wei Xu Sandeep Bhatkar and R Sekar. 2006. Taint-enhanced policy enforcement: A practical approach to defeat a wide range of attacks. In USENIX Security.  Wei Xu Sandeep Bhatkar and R Sekar. 2006. Taint-enhanced policy enforcement: A practical approach to defeat a wide range of attacks. In USENIX Security."}],"event":{"name":"RAID 2022: 25th International Symposium on Research in Attacks, Intrusions and Defenses","acronym":"RAID 2022","location":"Limassol Cyprus"},"container-title":["Proceedings of the 25th International Symposium on Research in Attacks, Intrusions and Defenses"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3545948.3545992","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/abs\/10.1145\/3545948.3545992","content-type":"text\/html","content-version":"vor","intended-application":"syndication"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3545948.3545992","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T19:30:17Z","timestamp":1750188617000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3545948.3545992"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2022,10,26]]},"references-count":68,"alternative-id":["10.1145\/3545948.3545992","10.1145\/3545948"],"URL":"https:\/\/doi.org\/10.1145\/3545948.3545992","relation":{},"subject":[],"published":{"date-parts":[[2022,10,26]]},"assertion":[{"value":"2022-10-26","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}