{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,12,18]],"date-time":"2025-12-18T14:23:31Z","timestamp":1766067811081,"version":"3.44.0"},"publisher-location":"New York, NY, USA","reference-count":119,"publisher":"ACM","license":[{"start":{"date-parts":[[2024,10,24]],"date-time":"2024-10-24T00:00:00Z","timestamp":1729728000000},"content-version":"vor","delay-in-days":366,"URL":"http:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"DOI":"10.13039\/100000001","name":"NSF (National Science Foundation)","doi-asserted-by":"publisher","award":["2210137, 2335798, 1908021, 1916499, and 2145616"],"award-info":[{"award-number":["2210137, 2335798, 1908021, 1916499, and 2145616"]}],"id":[{"id":"10.13039\/100000001","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2023,10,24]]},"DOI":"10.1145\/3618257.3624804","type":"proceedings-article","created":{"date-parts":[[2023,10,23]],"date-time":"2023-10-23T00:19:52Z","timestamp":1698020392000},"page":"162-180","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":4,"title":["A Longitudinal Study of Vulnerable Client-side Resources and Web Developers' Updating Behaviors"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0009-0001-1931-1373","authenticated-orcid":false,"given":"Kyungchan","family":"Lim","sequence":"first","affiliation":[{"name":"University of Tennessee, Knoxville, Knoxville, TN, USA"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-0021-2850","authenticated-orcid":false,"given":"Yonghwi","family":"Kwon","sequence":"additional","affiliation":[{"name":"University of Maryland, College Park, MD, USA"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-9033-990X","authenticated-orcid":false,"given":"Doowon","family":"Kim","sequence":"additional","affiliation":[{"name":"University of Tennessee, Knoxville, Knoxville, TN, USA"}]}],"member":"320","published-online":{"date-parts":[[2023,10,24]]},"reference":[{"key":"e_1_3_2_1_1_1","volume-title":"ECMA-262","year":"1997","unstructured":"1997. ECMA-262, 1st edition, June 1997. https:\/\/www.ecma-international.org\/ wp-content\/uploads\/ECMA-262_1st _edition_ june_1997.pdf. (Accessed on 05\/26\/2023).","edition":"1"},{"issue":"0","key":"e_1_3_2_1_2_1","first-page":"124","article-title":"CVE-2008-4401","volume":"9","year":"2008","unstructured":"2008. CVE-2008-4401: ActionScript in Adobe Flash Player 9.0.124.0 and earlier does not require user interaction in conjunction with (1) the F. https: \/\/www.cvedetails.com\/cve\/CVE-2008--4401\/. (Accessed on 05\/26\/2023).","journal-title":"ActionScript in Adobe Flash Player"},{"key":"e_1_3_2_1_3_1","unstructured":"2011. CVE-2011-0577: Unspecified vulnerability in Adobe Flash Player be- fore 10.2.152.26 allows remote attackers to execute arbitrary code. https: \/\/www.cvedetails.com\/cve\/CVE-2011-0577\/. (Accessed on 05\/26\/2023)."},{"key":"e_1_3_2_1_4_1","unstructured":"2011. CVE-2011-0578: Adobe Flash Player before 10.2.152.26 allows attackers to execute arbitrary code or cause a denial of service (memory co. https:\/\/ www.cvedetails.com\/cve\/CVE-2011-0578\/. (Accessed on 05\/26\/2023)."},{"key":"e_1_3_2_1_5_1","unstructured":"2011. CVE-2011-0607: Adobe Flash Player before 10.2.152.26 allows attackers to execute arbitrary code or cause a denial of service. https:\/\/www.cvedetails.com\/ cve\/CVE-2011-0607\/. (Accessed on 05\/26\/2023)."},{"key":"e_1_3_2_1_6_1","unstructured":"2011. CVE-2011-0608 : Adobe Flash Player before 10.2.152.26 allows attackers to execute arbitrary code or cause a denial of service. https:\/\/www.cvedetails.com\/ cve\/CVE-2011-0608\/. (Accessed on 05\/26\/2023)."},{"key":"e_1_3_2_1_7_1","unstructured":"2011. jQuery 1.2 Released | Official jQuery Blog. https:\/\/blog.jquery.com\/2007\/ 09\/10\/jquery-1-2-released\/#jQuery_ 1.1 _Compatibility_Plugin. (Accessed on 05\/26\/2023)."},{"key":"e_1_3_2_1_8_1","unstructured":"2012. CVE-2012-5054: Integer overflow in the copyRawDataTo method in the Matrix3D class in Adobe Flash Player before 11.4.402.265 allows remo. https:\/\/www.cvedetails.com\/cve\/CVE-2012--5054\/. (Accessed on 05\/26\/2023)."},{"key":"e_1_3_2_1_9_1","unstructured":"2013. Cross-site Scripting (XSS) in jquery-migrate | Snyk. https:\/\/ security.snyk.io\/vuln\/npm:jquery-migrate:20130419. (Accessed on 05\/26\/2023)."},{"key":"e_1_3_2_1_10_1","unstructured":"2013. JS Bin - Collaborative JavaScript Debugging. https:\/\/jsbin.com\/UQEgAsO\/ 3\/edit?html output. (Accessed on 05\/26\/2023)."},{"key":"e_1_3_2_1_11_1","unstructured":"2013. XSS \u00b7 Issue #36 \u00b7 jquery\/jquery-migrate. https:\/\/github.com\/jquery\/jquery- migrate\/issues\/36. (Accessed on 05\/26\/2023)."},{"key":"e_1_3_2_1_12_1","unstructured":"2014. CVE-2014-0510 : Heap-based buffer overflow in Adobe Flash Player 12.0.0.77 allows remote attackers to execute arbitrary code and bypass. https: \/\/www.cvedetails.com\/cve\/CVE-2014-0510\/. (Accessed on 05\/26\/2023)."},{"issue":"4","key":"e_1_3_2_1_13_1","first-page":"2","volume":"1","year":"2014","unstructured":"2014. Full Disclosure: XSS Reflected JQuery 1.4.2 - Create object option in runtime client-side. https:\/\/seclists.org\/fulldisclosure\/2014\/Sep\/10. (Accessed on 05\/26\/2023).","journal-title":"Full Disclosure: XSS Reflected JQuery"},{"key":"e_1_3_2_1_14_1","unstructured":"2014. Scanning Alexa Top 100 000 for JavaScript libraries with known vulerabil- ities. https:\/\/erlend.oftedal.no\/blog\/static-142.html. (Accessed on 05\/26\/2023)."},{"key":"e_1_3_2_1_15_1","unstructured":"2015. XSS Vulnerability on closeText option of Dialog jQuery UI \u00b7 Issue #281 \u00b7 jquery\/api.jqueryui.com. https:\/\/github.com\/jquery\/api.jqueryui.com\/issues\/ 281. (Accessed on 05\/26\/2023)."},{"issue":"0","key":"e_1_3_2_1_16_1","first-page":"0","article-title":"CVE-2016-1019","volume":"21","year":"2016","unstructured":"2016. CVE-2016-1019: Adobe Flash Player 21.0.0.197 and earlier allows remote attackers to cause a denial of service (application crash) or po. https: \/\/www.cvedetails.com\/cve\/CVE-2016-1019\/. (Accessed on 05\/26\/2023).","journal-title":"Adobe Flash Player"},{"key":"e_1_3_2_1_17_1","unstructured":"2016. swfobject\/swfobject: An open source Javascript framework for detecting the Adobe Flash Player plugin and embedding Flash (swf) files. https: \/\/github.com\/swfobject\/swfobject. (Accessed on 05\/26\/2023)."},{"key":"e_1_3_2_1_18_1","unstructured":"2017. 77% of 433 000 Sites Use Vulnerable JavaScript Libraries. https:\/\/snyk.io\/ blog\/77-percent-of-sites-still-vulnerable\/. (Accessed on 05\/26\/2023)."},{"key":"e_1_3_2_1_19_1","unstructured":"2017. CVE-2017-3083: Adobe Flash Player versions 25.0.0.171 and earlier have an exploitable use after free vulnerability in the Primetime SDK. https: \/\/www.cvedetails.com\/cve\/CVE-2017--3083\/. (Accessed on 05\/26\/2023)."},{"key":"e_1_3_2_1_20_1","unstructured":"2017. CVE-2017-3084: Adobe Flash Player versions 25.0.0.171 and earlier have an exploitable use after free vulnerability in the advertising m. https: \/\/www.cvedetails.com\/cve\/CVE-2017--3084\/. (Accessed on 05\/26\/2023)."},{"key":"e_1_3_2_1_21_1","unstructured":"2017. Flash Player is no longer available - Google Chrome Help. https:\/\/ support.google.com\/chrome\/answer\/6258784?hl=en. (Accessed on 05\/26\/2023)."},{"key":"e_1_3_2_1_22_1","unstructured":"2017. JS Bin - Collaborative JavaScript Debugging. https:\/\/jsbin.com\/qalekeroke\/ edit?html output. (Accessed on 05\/26\/2023)."},{"key":"e_1_3_2_1_23_1","unstructured":"2018. CVE-2012-6708: jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differen. https: \/\/www.cvedetails.com\/cve\/CVE-2012-6708\/?q=CVE-2012-6708. (Accessed on 05\/26\/2023)."},{"key":"e_1_3_2_1_24_1","unstructured":"2018. CVE-2015-9251: jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed wi. https:\/\/ www.cvedetails.com\/cve\/CVE-2015-9251\/. (Accessed on 05\/26\/2023)."},{"key":"e_1_3_2_1_25_1","unstructured":"2018. JS Bin - Collaborative JavaScript Debugging. https:\/\/jsbin.com\/palokaxina\/ edit?html output. (Accessed on 05\/26\/2023)."},{"key":"e_1_3_2_1_26_1","unstructured":"2018. JS Bin - Collaborative JavaScript Debugging. https:\/\/jsbin.com\/ xeminoniku\/edit?html output. (Accessed on 05\/26\/2023)."},{"key":"e_1_3_2_1_27_1","unstructured":"2019. Compatibility Issue with JQuery 3.4.x | WebDataRocks. https:\/\/www.webdatarocks.com\/question\/compatibility-issue-with-jquery-3-4-x-2\/. (Accessed on 05\/26\/2023)."},{"key":"e_1_3_2_1_28_1","unstructured":"2019. CVE-2019--11358 : jQuery before 3.4.0 as used in Drupal Backdrop CMS and other products mishandles jQuery.extend(true {} ...) becaus. https: \/\/www.cvedetails.com\/cve\/CVE-2019--11358\/. (Accessed on 05\/26\/2023)."},{"key":"e_1_3_2_1_29_1","unstructured":"2020. Cross-site Scripting (XSS) in jquery | CVE-2020-7656 | Snyk. https: \/\/security.snyk.io\/vuln\/SNYK-JS-JQUERY-569619. (Accessed on 05\/26\/2023)."},{"key":"e_1_3_2_1_30_1","unstructured":"2020. CVE-2020--11022: In jQuery versions greater than or equal to 1.2 and before 3.5.0 passing HTML from untrusted sources - even after sanit. https: \/\/www.cvedetails.com\/cve\/CVE-2020-11022\/. (Accessed on 05\/26\/2023)."},{"key":"e_1_3_2_1_31_1","unstructured":"2020. CVE-2020--11022: In jQuery versions greater than or equal to 1.2 and before 3.5.0 passing HTML from untrusted sources - even after sanit. https: \/\/www.cvedetails.com\/cve\/CVE-2020-11022\/. (Accessed on 05\/26\/2023)."},{"key":"e_1_3_2_1_32_1","unstructured":"2020. CVE-2020-11023: In jQuery versions greater than or equal to 1.0.3 and before 3.5.0 passing HTML containing elements from. https: \/\/www.cvedetails.com\/cve\/CVE-2020-11023\/. (Accessed on 05\/26\/2023)."},{"key":"e_1_3_2_1_33_1","unstructured":"2020. Safari 14 and flash player - Apple Community. https:\/\/ discussions.apple.com\/thread\/251900220. (Accessed on 05\/26\/2023)."},{"key":"e_1_3_2_1_34_1","unstructured":"2021. Compatibility issues with latest jQuery 3.5.1. https:\/\/datatables.net\/ forums\/discussion\/67375\/compatibility-issues-with-latest-jquery-3-5-1. (Accessed on 05\/26\/2023)."},{"key":"e_1_3_2_1_35_1","unstructured":"2021. CVE-2020-27511: An issue was discovered in the stripTags and unescapeHTML components in Prototype 1.7.3 where an attacker can cause a Re. https:\/\/www.cvedetails.com\/cve\/CVE-2020--27511\/?q=CVE-2020--27511. (Accessed on 05\/26\/2023)."},{"key":"e_1_3_2_1_36_1","unstructured":"2021. End of support for Adobe Flash | Firefox Help. https:\/\/support.mozilla.org\/ en-US\/kb\/end-support-adobe-flash. (Accessed on 05\/26\/2023)."},{"key":"e_1_3_2_1_37_1","unstructured":"2021. Update on Adobe Flash Player End of Support - Microsoft Edge Blog. https:\/\/blogs.windows.com\/msedgedev\/2020\/09\/04\/update-adobe-flash-end-support\/. (Accessed on 05\/26\/2023)."},{"key":"e_1_3_2_1_38_1","unstructured":"2021. Vulnerable Javascript Library. https:\/\/beaglesecurity.com\/blog\/ vulnerability\/vulnerable-javascript-library.html. (Accessed on 05\/26\/2023)."},{"key":"e_1_3_2_1_39_1","unstructured":"2022. Commits \u00b7 js-cookie\/js-cookie. https:\/\/github.com\/js-cookie\/js-cookie\/ commits\/main. (Accessed on 05\/26\/2023)."},{"key":"e_1_3_2_1_40_1","unstructured":"2022. CVE - CVE. https:\/\/cve.mitre.org\/index.html. (Accessed on 05\/26\/2023)."},{"key":"e_1_3_2_1_41_1","unstructured":"2022. CVE security vulnerability database. Security vulnerabilities exploits references and more. https:\/\/www.cvedetails.com\/index.php. (Accessed on 05\/26\/2023)."},{"key":"e_1_3_2_1_42_1","unstructured":"2022. Digital 2022: Global Overview Report - DataReportal - Global Digital Insights. https:\/\/datareportal.com\/reports\/digital-2022-global-overview-report. (Accessed on 05\/26\/2023)."},{"key":"e_1_3_2_1_43_1","unstructured":"2022. HTML attribute: crossorigin - HTML: HyperText Markup Language | MDN. https:\/\/developer.mozilla.org\/en-US\/docs\/Web\/HTML\/Attributes\/ crossorigin. (Accessed on 05\/26\/2023)."},{"key":"e_1_3_2_1_44_1","unstructured":"2022. js-cookie\/js-cookie: A simple lightweight JavaScript API for handling browser cookies. https:\/\/github.com\/js-cookie\/js-cookie. (Accessed on 05\/26\/2023)."},{"key":"e_1_3_2_1_45_1","unstructured":"2022. NVD - Vulnerabilities. https:\/\/nvd.nist.gov\/vuln. (Accessed on 05\/26\/2023)."},{"key":"e_1_3_2_1_46_1","unstructured":"2022. Request.credentials - Web APIs | MDN. https:\/\/developer.mozilla.org\/en- US\/docs\/Web\/API\/Request\/credentials. (Accessed on 05\/26\/2023)."},{"key":"e_1_3_2_1_47_1","unstructured":"2023. Browser Support | jQuery. https:\/\/jquery.com\/browser-support\/. (Accessed on 05\/26\/2023)."},{"key":"e_1_3_2_1_48_1","unstructured":"2023. jQuery vs Bootstrap - What Is The Difference? - Remarkable Coder. https:\/\/remarkablecoder.com\/jquery-vs-bootstrap. (Accessed on 05\/26\/2023)."},{"volume-title":"UPDATE: Adobe Flash Player end of support on","year":"2020","key":"e_1_3_2_1_49_1","unstructured":"2023. UPDATE: Adobe Flash Player end of support on December 31, 2020 - Microsoft Lifecycle | Microsoft Learn. https:\/\/learn.microsoft.com\/en-us\/lifecycle\/ announcements\/update-adobe-flash-support. (Accessed on 05\/26\/2023)."},{"key":"e_1_3_2_1_50_1","unstructured":"2023. Vulnerability DB | Snyk. https:\/\/security.snyk.io\/vuln. (Accessed on 05\/26\/2023)."},{"key":"e_1_3_2_1_51_1","unstructured":"2023. wappalyzer\/wappalyzer: Identify technology on websites. (Accessed on 05\/26\/2023)."},{"key":"e_1_3_2_1_52_1","unstructured":"360. 2023. 360 Browser. https:\/\/browser.360.cn\/ee\/mac\/index.html. (Accessed on 05\/26\/2023)."},{"key":"e_1_3_2_1_53_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2016.25"},{"key":"e_1_3_2_1_54_1","unstructured":"Adguard. 2023. AdguardFilters\/specific.txt at master \u00b7 AdguardTeam\/Ad- guardFilters. https:\/\/github.com\/AdguardTeam\/AdguardFilters\/blob\/master\/ SpywareFilter\/sections\/specific.txt. (Accessed on 05\/26\/2023)."},{"key":"e_1_3_2_1_55_1","unstructured":"Adobe. 2017. Control access to scripts | Host web page. https:\/\/helpx.adobe.com\/ flash\/kb\/control-access-scripts-host-web.html. (Accessed on 05\/26\/2023)."},{"key":"e_1_3_2_1_56_1","unstructured":"Adobe. 2021. Adobe Flash Player End of Life. https:\/\/www.adobe.com\/products\/ flashplayer\/end-of-life.html. (Accessed on 05\/26\/2023)."},{"key":"e_1_3_2_1_57_1","unstructured":"Adobe. 2021. Create HTML5 Canvas documents in Animate. https:\/\/helpx.adobe.com\/animate\/using\/creating-publishing-html5-canvas-document.html. (Accessed on 05\/26\/2023)."},{"key":"e_1_3_2_1_58_1","unstructured":"Adobe. 2022. Best practices to convert\/publish existing Flash-based projects to HTML5 in Captivate. https:\/\/helpx.adobe.com\/captivate\/kb\/best-practices- convert-flash-html5-captivate.html. (Accessed on 05\/26\/2023)."},{"key":"e_1_3_2_1_59_1","unstructured":"National Security Agency. 2019. CSA - CONTINUED USE OF ADOBE FLASH INVITES COMPROMISE.PDF. https:\/\/media.defense.gov\/2019\/Sep\/25\/2002186834\/-1\/-1\/0\/CSA%20-%20CONTINUED%20USE%20OF%20ADOBE% 20FLASH%20INVITES%20COMPROMISE.PDF. (Accessed on 05\/26\/2023)."},{"key":"e_1_3_2_1_60_1","doi-asserted-by":"publisher","DOI":"10.1145\/2420950.2420952"},{"key":"e_1_3_2_1_61_1","doi-asserted-by":"publisher","DOI":"10.1109\/EATIS.2016.7520140"},{"key":"e_1_3_2_1_62_1","doi-asserted-by":"publisher","DOI":"10.1145\/1455770.1455782"},{"key":"e_1_3_2_1_63_1","unstructured":"Bootstrap. 2023. Bootstrap \u00b7 The most popular HTML CSS and JS library in the world. https:\/\/getbootstrap.com\/. (Accessed on 05\/26\/2023)."},{"key":"e_1_3_2_1_64_1","doi-asserted-by":"publisher","DOI":"10.1049\/iet-ifs.2016.0621"},{"key":"e_1_3_2_1_65_1","unstructured":"cdnjs. 2023. cdnjs - The #1 free and open source CDN built to make life easier for developers. https:\/\/cdnjs.com\/. (Accessed on 05\/26\/2023)."},{"key":"e_1_3_2_1_66_1","unstructured":"Chromium. 2021. Flash Roadmap. https:\/\/www.chromium.org\/flash- roadmap\/#TOC-Flash-Support-Removed-from-Chromium-Target:-Chrome-87-Dec-2020-. (Accessed on 05\/26\/2023)."},{"volume-title":"Passive and Active Measurement","author":"Demir Nurullah","key":"e_1_3_2_1_67_1","unstructured":"Nurullah Demir, Tobias Urban, Kevin Wittek, and Norbert Pohlmann. 2021. Our (in)Secure Web: Understanding Update Behavior of Websites and Its Impact on Security. In Passive and Active Measurement. Springer International Publishing, Cham, 76--92."},{"key":"e_1_3_2_1_68_1","volume-title":"USENIX Security Symposium. 869--885","author":"Dong Ying","year":"2019","unstructured":"Ying Dong, Wenbo Guo, Yueqi Chen, Xinyu Xing, Yuqing Zhang, and Gang Wang. 2019. Towards the Detection of Inconsistencies in Public Security Vul- nerability Reports.. In USENIX Security Symposium. 869--885."},{"key":"e_1_3_2_1_69_1","doi-asserted-by":"publisher","DOI":"10.1145\/2899475.2899498"},{"key":"e_1_3_2_1_70_1","doi-asserted-by":"publisher","DOI":"10.1109\/MC.2006.66"},{"volume-title":"News from the Lab Archive","year":"2004","key":"e_1_3_2_1_71_1","unstructured":"F-Secure. 2011. News from the Lab Archive: January 2004 to September 2015. https:\/\/archive.f-secure.com\/weblog\/archives\/00002226.html. (Accessed on 05\/26\/2023)."},{"key":"e_1_3_2_1_72_1","unstructured":"GitHub. 2021. Update regex for striptags method to prevent regex dos by jwestbrook \u00b7 Pull Request #349 \u00b7 prototypejs\/prototype. https:\/\/github.com\/ prototypejs\/prototype\/pull\/349. (Accessed on 05\/26\/2023)."},{"key":"e_1_3_2_1_73_1","unstructured":"Google. 2017. Saying goodbye to Flash in Chrome. https:\/\/www.blog.google\/ products\/chrome\/saying-goodbye-flash-chrome\/. (Accessed on 05\/26\/2023)."},{"key":"e_1_3_2_1_74_1","doi-asserted-by":"publisher","DOI":"10.2991\/mecae-17.2017.27"},{"key":"e_1_3_2_1_75_1","unstructured":"Isotope. 2023. Isotope - Filter & sort magical layouts. https:\/\/ isotope.metafizzy.co\/. (Accessed on 05\/26\/2023)."},{"key":"e_1_3_2_1_76_1","unstructured":"jQuery. 2023. jQuery. https:\/\/jquery.com\/. (Accessed on 05\/26\/2023)."},{"key":"e_1_3_2_1_77_1","unstructured":"jquery cookie. 2015. carhartl\/jquery-cookie: No longer maintained super-seded by JS Cookie:. https:\/\/github.com\/carhartl\/jquery-cookie. (Accessed on 05\/26\/2023)."},{"key":"e_1_3_2_1_78_1","unstructured":"jquery migrate. 2023. jquery\/jquery-migrate: A development tool to help migrate away from APIs and features that have been or will be removed from jQuery core. https:\/\/github.com\/jquery\/jquery-migrate. (Accessed on 05\/26\/2023)."},{"key":"e_1_3_2_1_79_1","unstructured":"jQuery UI. 2023. jQuery UI. https:\/\/jqueryui.com\/. (Accessed on 05\/26\/2023)."},{"key":"e_1_3_2_1_80_1","unstructured":"jsDelivr. 2023. jsDelivr - A free fast and reliable CDN for open source. https: \/\/www.jsdelivr.com\/. (Accessed on 05\/26\/2023)."},{"key":"e_1_3_2_1_81_1","unstructured":"Gregg Keizer. 2011. RSA hackers exploited Flash zero-day bug | Computerworld. https:\/\/www.computerworld.com\/article\/2507619\/rsa-hackers- exploited-flash-zero-day-bug.html. (Accessed on 05\/26\/2023)."},{"key":"e_1_3_2_1_82_1","volume-title":"Thou shalt not depend on me: Analysing the use of outdated javascript libraries on the web. arXiv preprint arXiv:1811.00918","author":"Lauinger Tobias","year":"2018","unstructured":"Tobias Lauinger, Abdelberi Chaabane, Sajjad Arshad, William Robertson, Christo Wilson, and Engin Kirda. 2018. Thou shalt not depend on me: Analysing the use of outdated javascript libraries on the web. arXiv preprint arXiv:1811.00918 (2018)."},{"key":"e_1_3_2_1_83_1","doi-asserted-by":"publisher","DOI":"10.1145\/2508859.2516703"},{"key":"e_1_3_2_1_84_1","volume-title":"25th USENIX Security Symposium (USENIX Security 16). USENIX Association, Austin, TX. https:\/\/www.usenix.org\/ conference\/usenixsecurity16\/technical-sessions\/presentation\/lerner","author":"Lerner Ada","year":"2016","unstructured":"Ada Lerner, Anna Kornfeld Simpson, Tadayoshi Kohno, and Franziska Roesner. 2016. Internet Jones and the Raiders of the Lost Trackers: An Archaeological Study of Web Tracking from 1996 to 2016. In 25th USENIX Security Symposium (USENIX Security 16). USENIX Association, Austin, TX. https:\/\/www.usenix.org\/ conference\/usenixsecurity16\/technical-sessions\/presentation\/lerner"},{"volume-title":"2021 IEEE 46th Con- ference on Local Computer Networks (LCN). 81--89. https:\/\/doi.org\/10.1109\/ LCN52139.2021.9524885","author":"Marquardt Fabian","key":"e_1_3_2_1_85_1","unstructured":"Fabian Marquardt and Lennart Buhl. 2021. D\u00e9j\u00e0 Vu? Client-Side Fingerprinting and Version Detection of Web Application Software. In 2021 IEEE 46th Con- ference on Local Computer Networks (LCN). 81--89. https:\/\/doi.org\/10.1109\/ LCN52139.2021.9524885"},{"key":"e_1_3_2_1_86_1","unstructured":"Modernizr. 2023. Modernizr: the feature detection library for HTML5\/CSS3. https:\/\/modernizr.com\/. (Accessed on 05\/26\/2023)."},{"key":"e_1_3_2_1_87_1","unstructured":"Moment. 2023. Moment.js | Home. https:\/\/momentjs.com\/. (Accessed on 05\/26\/2023)."},{"key":"e_1_3_2_1_88_1","unstructured":"Mozilla. 2021. End of support for Adobe Flash | Firefox Help. https: \/\/support.mozilla.org\/en-US\/kb\/end-support-adobe-flash. (Accessed on 05\/26\/2023)."},{"key":"e_1_3_2_1_89_1","unstructured":"Mozilla. 2022. Subresource Integrity - Web security | MDN. https:\/\/ developer.mozilla.org\/en-US\/docs\/Web\/Security\/Subresource_Integrity. (Accessed on 05\/26\/2023)."},{"key":"e_1_3_2_1_90_1","doi-asserted-by":"publisher","DOI":"10.1145\/2382196.2382274"},{"key":"e_1_3_2_1_91_1","unstructured":"NIST. 2018. NVD - CVE-2018--9206. https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2018-9206. (Accessed on 05\/26\/2023)."},{"key":"e_1_3_2_1_92_1","doi-asserted-by":"publisher","DOI":"10.1109\/ESEM.2013.18"},{"key":"e_1_3_2_1_93_1","unstructured":"Polyfill. 2023. Polyfill.io. https:\/\/polyfill.io\/v3\/. (Accessed on 05\/26\/2023)."},{"key":"e_1_3_2_1_94_1","unstructured":"Popper. 2023. Tooltip & Popover Positioning Engine. https:\/\/popper.js.org\/. (Accessed on 05\/26\/2023)."},{"key":"e_1_3_2_1_95_1","unstructured":"Prototype. 2015. Prototype JavaScript framework: a foundation for ambitious web applications. http:\/\/prototypejs.org\/. (Accessed on 05\/26\/2023)."},{"key":"e_1_3_2_1_96_1","volume-title":"A Survey of Web Technologies Used in Indonesia Local Governments. SISFO Vol 7 No 3 7","author":"Rakhmawati Nur Aini","year":"2018","unstructured":"Nur Aini Rakhmawati, Sayekti Harits, Deny Hermansyah, and Muhammad Ar- iful Furqon. 2018. A Survey of Web Technologies Used in Indonesia Local Governments. SISFO Vol 7 No 3 7 (2018)."},{"key":"e_1_3_2_1_97_1","unstructured":"RequireJS. 2018. RequireJS. https:\/\/requirejs.org\/. (Accessed on 05\/26\/2023)."},{"key":"e_1_3_2_1_98_1","doi-asserted-by":"publisher","DOI":"10.1145\/1809028.1806598"},{"key":"e_1_3_2_1_99_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2020.23046"},{"key":"e_1_3_2_1_100_1","volume-title":"FLAX: Systematic Discovery of Client-side Validation Vulnerabilities in Rich Web Applications.. In NDSS.","author":"Saxena Prateek","year":"2010","unstructured":"Prateek Saxena, Steve Hanna, Pongsin Poosankam, and Dawn Song. 2010. FLAX: Systematic Discovery of Client-side Validation Vulnerabilities in Rich Web Applications.. In NDSS."},{"key":"e_1_3_2_1_101_1","unstructured":"IMQ Minded Security. 2013. IMQ Minded Security Blog: \"jQuery Migrate\"' is a Sink too?! https:\/\/blog.mindedsecurity.com\/2013\/04\/jquery-migrate-is-sink- too.html. (Accessed on 09\/05\/2023)."},{"key":"e_1_3_2_1_102_1","unstructured":"Statcounter. 2023. Browser Market Share Worldwide. https: \/\/gs.statcounter.com\/browser-market-share\/desktop\/worldwide. (Accessed on 05\/26\/2023)."},{"key":"e_1_3_2_1_103_1","unstructured":"statista. 2023. Internet usage worldwide - statistics & facts. https:\/\/ www.statista.com\/topics\/1145\/internet-usage-worldwide\/. (Accessed on 05\/26\/2023)."},{"key":"e_1_3_2_1_104_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2021.24028"},{"key":"e_1_3_2_1_105_1","volume-title":"How the Web Tangled Itself: Uncovering the History of Client-Side Web (In)Security. In 26th USENIX Security Symposium (USENIX Security 17)","author":"Stock Ben","year":"2017","unstructured":"Ben Stock, Martin Johns, Marius Steffens, and Michael Backes. 2017. How the Web Tangled Itself: Uncovering the History of Client-Side Web (In)Security. In 26th USENIX Security Symposium (USENIX Security 17). USENIX Association, Vancouver, BC, 971--987. https:\/\/www.usenix.org\/conference\/ usenixsecurity17\/technical-sessions\/presentation\/stock"},{"key":"e_1_3_2_1_106_1","volume-title":"The Uncontrolled Web: Measuring Security Governance on the Web. IEICE Transactions on Infor- mation and Systems 104, 11","author":"Takata Yuta","year":"2021","unstructured":"Yuta Takata, Hiroshi Kumagai, and Masaki Kamizono. 2021. The Uncontrolled Web: Measuring Security Governance on the Web. IEICE Transactions on Infor- mation and Systems 104, 11 (2021), 1828--1838."},{"key":"e_1_3_2_1_107_1","unstructured":"Underscore. 2022. Underscore.js. https:\/\/underscorejs.org\/. (Accessed on 05\/26\/2023)."},{"key":"e_1_3_2_1_108_1","unstructured":"Semantic Versioning. 2023. Semantic Versioning 2.0.0. https:\/\/semver.org\/. (Accessed on 05\/26\/2023)."},{"key":"e_1_3_2_1_109_1","volume-title":"NDSS","volume":"2007","author":"Vogt Philipp","year":"2007","unstructured":"Philipp Vogt, Florian Nentwich, Nenad Jovanovic, Engin Kirda, Christopher Kruegel, and Giovanni Vigna. 2007. Cross site scripting prevention with dynamic data tainting and static analysis.. In NDSS, Vol. 2007. 12."},{"key":"e_1_3_2_1_110_1","unstructured":"W3. 2016. Subresource Integrity. https:\/\/www.w3.org\/TR\/SRI\/#cross-origin-data-leakage. (Accessed on 05\/26\/2023)."},{"key":"e_1_3_2_1_111_1","unstructured":"W3.org. 2023. HTML Standard. https:\/\/html.spec.whatwg.org\/multipage\/iframe-embed-object.html#the-object-element. (Accessed on 05\/26\/2023)."},{"key":"e_1_3_2_1_112_1","unstructured":"Whatwg. 2023. HTML Standard. https:\/\/html.spec.whatwg.org\/multipage\/urls-and-fetching.html#cors-settings-attributes. (Accessed on 05\/26\/2023)."},{"key":"e_1_3_2_1_113_1","unstructured":"WordPress. 2022. Enable jQuery Migrate Helper - WordPress plugin. https:\/\/wordpress.org\/plugins\/enable-jquery-migrate-helper\/. (Accessed on 05\/26\/2023)."},{"key":"e_1_3_2_1_114_1","unstructured":"WordPress. 2022. Enable jQuery Migrate Helper - WordPress plugin. https: \/\/wordpress.org\/plugins\/enable-jquery-migrate-helper\/#description. (Accessed on 05\/26\/2023)."},{"key":"e_1_3_2_1_115_1","unstructured":"WordPress. 2023. Configuring Automatic Background Updates. https: \/\/wordpress.org\/support\/article\/configuring-automatic-background-updates\/. (Accessed on 05\/26\/2023)."},{"key":"e_1_3_2_1_116_1","volume-title":"Proc. Oakland.","author":"Wu Qiushi","year":"2021","unstructured":"Qiushi Wu and Kangjie Lu. 2021. On the feasibility of stealthily introducing vulnerabilities in open-source software via hypocrite commits. In Proc. Oakland."},{"key":"e_1_3_2_1_117_1","doi-asserted-by":"publisher","DOI":"10.1145\/1526709.1526838"},{"key":"e_1_3_2_1_118_1","unstructured":"ZDNET. 2018. Zero-day in popular jQuery plugin actively exploited for at least three years | ZDNET. https:\/\/www.zdnet.com\/article\/zero-day-in-popular-jquery-plugin-actively-exploited-for-at-least-three-years\/. (Accessed on 05\/26\/2023)."},{"key":"e_1_3_2_1_119_1","unstructured":"ZDNET. 2021. Flash version distributed in China after EOL is installing adware | ZDNET. https:\/\/www.zdnet.com\/article\/flash-version-distributed-in-china- after-eol-is-installing-adware\/. (Accessed on 05\/26\/2023)."}],"event":{"name":"IMC '23: ACM Internet Measurement Conference","sponsor":["SIGCOMM ACM Special Interest Group on Data Communication"],"location":"Montreal QC Canada","acronym":"IMC '23"},"container-title":["Proceedings of the 2023 ACM on Internet Measurement Conference"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3618257.3624804","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3618257.3624804","content-type":"application\/pdf","content-version":"vor","intended-application":"syndication"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3618257.3624804","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,8,22]],"date-time":"2025-08-22T13:15:53Z","timestamp":1755868553000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3618257.3624804"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023,10,24]]},"references-count":119,"alternative-id":["10.1145\/3618257.3624804","10.1145\/3618257"],"URL":"https:\/\/doi.org\/10.1145\/3618257.3624804","relation":{},"subject":[],"published":{"date-parts":[[2023,10,24]]},"assertion":[{"value":"2023-10-24","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}