{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,6,19]],"date-time":"2025-06-19T05:05:57Z","timestamp":1750309557351,"version":"3.41.0"},"publisher-location":"New York, NY, USA","reference-count":37,"publisher":"ACM","license":[{"start":{"date-parts":[[2025,4,22]],"date-time":"2025-04-22T00:00:00Z","timestamp":1745280000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by-nc\/4.0\/"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2025,4,28]]},"DOI":"10.1145\/3696410.3714878","type":"proceedings-article","created":{"date-parts":[[2025,4,22]],"date-time":"2025-04-22T22:47:11Z","timestamp":1745362031000},"page":"3171-3182","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":0,"title":["Beast in the Cage: A Fine-grained and Object-oriented Permission System to Confine JavaScript Operations on the Web"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0000-0001-8292-8483","authenticated-orcid":false,"given":"Rui","family":"Zhao","sequence":"first","affiliation":[{"name":"University of Nebraska at Omaha, Omaha, USA"}]}],"member":"320","published-online":{"date-parts":[[2025,4,22]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"Which states will consider ccpa-like consumer privacy bills in 2022? https:\/\/www.bytebacklaw.com\/2022\/01\/which-states-will-consider-ccpa-likeconsumer-privacy-bills-in-2022 2022."},{"key":"e_1_3_2_1_2_1","volume-title":"https:\/\/gdpr-info.eu\/","author":"General","year":"2023","unstructured":"General data protection regulation (gdpr). https:\/\/gdpr-info.eu\/, 2023."},{"key":"e_1_3_2_1_3_1","volume-title":"A research-oriented top sites ranking hardened against manipulation. https:\/\/tranco-list.eu\/","author":"Tranco","year":"2023","unstructured":"Tranco: A research-oriented top sites ranking hardened against manipulation. https:\/\/tranco-list.eu\/, 2023."},{"key":"e_1_3_2_1_4_1","doi-asserted-by":"publisher","DOI":"10.1109\/CNS.2016.7860481"},{"key":"e_1_3_2_1_5_1","doi-asserted-by":"publisher","DOI":"10.1145\/3366423.3380092"},{"key":"e_1_3_2_1_6_1","volume-title":"Proceedings of the IEEE Security and Privacy","author":"Chen L.","year":"2013","unstructured":"L. Chen, Y. Zhou, and D. Evans. Redactdom: Preventing sensitive data leaking through embedded scripts (poster). In Proceedings of the IEEE Security and Privacy, 2013."},{"key":"e_1_3_2_1_7_1","doi-asserted-by":"publisher","DOI":"10.1145\/3243734.3243823"},{"key":"e_1_3_2_1_8_1","doi-asserted-by":"publisher","DOI":"10.1145\/2382196.2382275"},{"key":"e_1_3_2_1_9_1","doi-asserted-by":"publisher","DOI":"10.1145\/3308558.3313521"},{"key":"e_1_3_2_1_10_1","volume-title":"Proceedings of the USENIX Conference on Annual Technical Conference","author":"Ingram L.","year":"2012","unstructured":"L. Ingram and M.Walfish. Treehouse: Javascript sandboxes to helpweb developers help themselves. In Proceedings of the USENIX Conference on Annual Technical Conference, 2012."},{"key":"e_1_3_2_1_11_1","doi-asserted-by":"publisher","DOI":"10.1145\/3339252.3339257"},{"key":"e_1_3_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICDCS.2010.71"},{"key":"e_1_3_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.1145\/1242572.1242654"},{"key":"e_1_3_2_1_14_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2023.24305"},{"key":"e_1_3_2_1_15_1","first-page":"641","volume-title":"Proceedings of the USENIX Security Symposium","author":"Kapravelos A.","year":"2014","unstructured":"A. Kapravelos, C. Grier, N. Chachra, C. Kruegel, G. Vigna, and V. Paxson. Hulk: Eliciting malicious behavior in browser extensions. In Proceedings of the USENIX Security Symposium, pages 641--654, 2014."},{"key":"e_1_3_2_1_16_1","volume-title":"Proceedings of the USENIX Conference on Security","author":"Louw M. T.","year":"2010","unstructured":"M. T. Louw, K. T. Ganesh, and V. N. Venkatakrishnan. Adjail: Practical enforcement of confidentiality and integrity policies on web advertisements. In Proceedings of the USENIX Conference on Security, 2010."},{"key":"e_1_3_2_1_17_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2022.24382"},{"key":"e_1_3_2_1_18_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2010.36"},{"key":"e_1_3_2_1_19_1","doi-asserted-by":"publisher","DOI":"10.1145\/2382196.2382274"},{"key":"e_1_3_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.1145\/3372297.3423343"},{"key":"e_1_3_2_1_21_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICDCS.2011.87"},{"key":"e_1_3_2_1_22_1","doi-asserted-by":"publisher","DOI":"10.1145\/2509136.2509542"},{"key":"e_1_3_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.1145\/3338906.3338969"},{"key":"e_1_3_2_1_24_1","first-page":"1813","volume-title":"Proceedings of the USENIX Security Symposium","author":"Senol A.","year":"2022","unstructured":"A. Senol, G. Acar, M. Humbert, and F. Z. Borgesius. Leaky forms: A study of email and password exfiltration before form submission. In Proceedings of the USENIX Security Symposium, pages 1813--1830, 2022."},{"key":"e_1_3_2_1_25_1","doi-asserted-by":"publisher","DOI":"10.1145\/3460120.3484578"},{"key":"e_1_3_2_1_26_1","first-page":"20","volume-title":"Are you sure you want to contact us? quantifying the leakage of pii via website contact forms","author":"Starov O.","year":"2016","unstructured":"O. Starov, P. Gill, and N. Nikiforakis. Are you sure you want to contact us? quantifying the leakage of pii via website contact forms. pages 20--33, 2016."},{"key":"e_1_3_2_1_27_1","first-page":"131","volume-title":"Proceedings of the USENIX Conference on Operating Systems Design and Implementation","author":"Stefan D.","year":"2014","unstructured":"D. Stefan, E. Z. Yang, P. Marchenko, A. Russo, D. Herman, B. Karp, and D. Mazi\u00e8res. Protecting users by confining javascript with cowl. In Proceedings of the USENIX Conference on Operating Systems Design and Implementation, page 131--146, 2014."},{"key":"e_1_3_2_1_28_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2015.17"},{"key":"e_1_3_2_1_29_1","doi-asserted-by":"publisher","DOI":"10.1145\/2818000.2818019"},{"key":"e_1_3_2_1_30_1","doi-asserted-by":"publisher","DOI":"10.1145\/3460120.3484535"},{"key":"e_1_3_2_1_31_1","doi-asserted-by":"publisher","DOI":"10.1109\/TDSC.2021.3081867"},{"key":"e_1_3_2_1_32_1","doi-asserted-by":"publisher","DOI":"10.1145\/3576915.3623217"},{"key":"e_1_3_2_1_33_1","volume-title":"Proceedings of the International World Wide Web Conference","author":"Xing X.","year":"2015","unstructured":"X. Xing, W. Meng, U. Weinsberg, A. Sheth, B. Lee, R. Perdisci, and W. Lee. Unraveling the relationship between ad-injecting browser extensions and malvertising. In Proceedings of the International World Wide Web Conference, 2015."},{"key":"e_1_3_2_1_34_1","doi-asserted-by":"publisher","DOI":"10.1145\/1526709.1526838"},{"key":"e_1_3_2_1_35_1","doi-asserted-by":"publisher","DOI":"10.1145\/3368089.3409747"},{"key":"e_1_3_2_1_36_1","doi-asserted-by":"publisher","DOI":"10.1145\/2736277.2741134"},{"key":"e_1_3_2_1_37_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2015.57"}],"event":{"name":"WWW '25: The ACM Web Conference 2025","sponsor":["SIGWEB ACM Special Interest Group on Hypertext, Hypermedia, and Web"],"location":"Sydney NSW Australia","acronym":"WWW '25"},"container-title":["Proceedings of the ACM on Web Conference 2025"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3696410.3714878","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3696410.3714878","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,19]],"date-time":"2025-06-19T01:18:53Z","timestamp":1750295933000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3696410.3714878"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,4,22]]},"references-count":37,"alternative-id":["10.1145\/3696410.3714878","10.1145\/3696410"],"URL":"https:\/\/doi.org\/10.1145\/3696410.3714878","relation":{},"subject":[],"published":{"date-parts":[[2025,4,22]]},"assertion":[{"value":"2025-04-22","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}