{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,12,22]],"date-time":"2025-12-22T22:27:00Z","timestamp":1766442420720,"version":"3.48.0"},"publisher-location":"New York, NY, USA","reference-count":73,"publisher":"ACM","funder":[{"name":"European Union\u2019s Horizon 2020 research and innovation programme","award":["101019206"],"award-info":[{"award-number":["101019206"]}]},{"DOI":"10.13039\/501100001659","name":"Deutsche Forschungsgemeinschaft","doi-asserted-by":"publisher","award":["390781972"],"award-info":[{"award-number":["390781972"]}],"id":[{"id":"10.13039\/501100001659","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2025,11,19]]},"DOI":"10.1145\/3719027.3765117","type":"proceedings-article","created":{"date-parts":[[2025,11,22]],"date-time":"2025-11-22T23:37:25Z","timestamp":1763854645000},"page":"3042-3056","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":0,"title":["In the DOM We Trust: Exploring the Hidden Dangers of Reading from the DOM on the Web"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0009-0002-3840-9533","authenticated-orcid":false,"given":"Jan","family":"Drescher","sequence":"first","affiliation":[{"name":"Technische Universit\u00e4t Braunschweig, Braunschweig, Germany"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0009-0000-4263-2258","authenticated-orcid":false,"given":"Sepehr","family":"Mirzaei","sequence":"additional","affiliation":[{"name":"CISPA Helmholtz Center for Information Security, Saarbr\u00fccken, Germany"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0009-0006-1052-4774","authenticated-orcid":false,"given":"Soheil","family":"Khodayari","sequence":"additional","affiliation":[{"name":"CISPA Helmholtz Center for Information Security, Saarbr\u00fccken, Germany"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-8468-8516","authenticated-orcid":false,"given":"David","family":"Klein","sequence":"additional","affiliation":[{"name":"Technische Universit\u00e4t Braunschweig, Braunschweig, Germany"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-1538-5033","authenticated-orcid":false,"given":"Thomas","family":"Barber","sequence":"additional","affiliation":[{"name":"SAP SE, Karlsruhe, Germany"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-2574-5060","authenticated-orcid":false,"given":"Martin","family":"Johns","sequence":"additional","affiliation":[{"name":"Technische Universit\u00e4t Braunschweig, Braunschweig, Germany"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0009-0007-6223-8945","authenticated-orcid":false,"given":"Giancarlo","family":"Pellegrino","sequence":"additional","affiliation":[{"name":"CISPA Helmholtz Center for Information Security, Saabr\u00fccken, Germany"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","published-online":{"date-parts":[[2025,11,22]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"2018. Client-Side CSRF. https:\/\/www.facebook.com\/notes\/facebook-bug-bounty\/client-side-csrf\/2056804174333798\/."},{"key":"e_1_3_2_1_2_1","unstructured":"2023. Google Security Research POCs. https:\/\/github.com\/google\/security-research-pocs\/tree\/master\/script-gadgets."},{"key":"e_1_3_2_1_3_1","unstructured":"2024. js-xss: Sanitize untrusted HTML (to prevent XSS) with a configuration specified by a whitelist. (2024). https:\/\/github.com\/leizongmin\/js-xss."},{"key":"e_1_3_2_1_4_1","volume-title":"https:\/\/portswigger.net\/kb\/issues\/00501003 _ lin k-manipulation-reflected","author":"Manipulation Link","year":"2024","unstructured":"2024. Link Manipulation. (2024). https:\/\/portswigger.net\/kb\/issues\/00501003 _ lin k-manipulation-reflected."},{"key":"e_1_3_2_1_5_1","unstructured":"2025. 13.2.6.1: Creating and inserting nodes. (2025). https:\/\/html.spec.whatwg.o rg\/#creating-and-inserting-nodes."},{"key":"e_1_3_2_1_6_1","unstructured":"2025. 17. Calculating a selector\u2019s specificity. (2025). https:\/\/www.w3.org\/TR\/se lectors-4\/#specificity-rules."},{"volume-title":"ACM CCS 2025. (2025","year":"2025","key":"e_1_3_2_1_7_1","unstructured":"2025. ACM CCS 2025. (2025). https:\/\/www.sigsac.org\/ccs\/CCS2025\/."},{"key":"e_1_3_2_1_8_1","unstructured":"2025. Cross Site Scripting (XSS) Prevention Cheat Sheet. (2025). https:\/\/cheats heetseries.owasp.org\/cheatsheets\/Cross _ Site _Scripting_ Prevention _Cheat_ Sheet.html."},{"key":"e_1_3_2_1_9_1","unstructured":"2025. Cross-Site WebSocket Hijacking. https:\/\/portswigger.net\/web-security\/websockets\/cross-site-websocket-hijacking"},{"key":"e_1_3_2_1_10_1","unstructured":"2025. Document: evaluate() method. (2025). https:\/\/developer.mozilla.org\/en-US\/docs\/Web\/API\/Document\/evaluate."},{"key":"e_1_3_2_1_11_1","unstructured":"2025. Document Object Model (DOM). https:\/\/developer.mozilla.org\/en-US\/docs\/Web\/API\/Document_Object_Model."},{"key":"e_1_3_2_1_12_1","unstructured":"2025. DOM Based XSS Prevention Cheat Sheet. (2025). https:\/\/cheatsheetseries.owasp.org\/cheatsheets\/DOM_based_XSS_Prevention_Cheat_Sheet.html."},{"key":"e_1_3_2_1_13_1","volume-title":"https:\/\/developer.mozilla.org\/en-US\/docs\/Web\/API\/ Encoding_API","author":"Encoding","year":"2025","unstructured":"2025. Encoding API. (2025). https:\/\/developer.mozilla.org\/en-US\/docs\/Web\/API\/ Encoding_API."},{"key":"e_1_3_2_1_14_1","volume-title":"https: \/\/github.com\/whatwg\/html\/issues\/6235","author":"Escape","year":"2025","unstructured":"2025. Escape \"<\" and \">\" in attributes when serializing HTML. (2025). https: \/\/github.com\/whatwg\/html\/issues\/6235."},{"key":"e_1_3_2_1_15_1","volume-title":"https:\/\/developer.mozilla.org\/en-US\/docs\/Web\/API\/EventTarget","author":"Interface EventTarget","year":"2025","unstructured":"2025. EventTarget Interface. (2025). https:\/\/developer.mozilla.org\/en-US\/docs\/Web\/API\/EventTarget."},{"key":"e_1_3_2_1_16_1","unstructured":"2025. HTML Living Standard. (2025). https:\/\/html.spec.whatwg.org\/."},{"key":"e_1_3_2_1_17_1","volume-title":"https:\/\/developer.mozilla.org\/en-US\/docs\/We b\/JavaScript\/Reference","author":"Reference JavaScript","year":"2025","unstructured":"2025. JavaScript Reference. (2025). https:\/\/developer.mozilla.org\/en-US\/docs\/We b\/JavaScript\/Reference."},{"key":"e_1_3_2_1_18_1","unstructured":"2025. Playwright browser automation framework. https:\/\/playwright.dev\/."},{"key":"e_1_3_2_1_19_1","unstructured":"2025. Project Foxhound. https:\/\/github.com\/SAP\/project-foxhound."},{"key":"e_1_3_2_1_20_1","unstructured":"2025. sanitize-html: Clean up user-submitted HTML preserving whitelisted elements and attributes. (2025). https:\/\/github.com\/apostrophecms\/sanitize-html."},{"key":"e_1_3_2_1_21_1","volume-title":"https:\/\/www.w3.org\/TR\/selectors-4\/","author":"Selectors Level","year":"2025","unstructured":"2025. Selectors Level 4. (2025). https:\/\/www.w3.org\/TR\/selectors-4\/."},{"key":"e_1_3_2_1_22_1","unstructured":"2025. The DOM Living Standard. (2025). https:\/\/dom.spec.whatwg.org\/."},{"key":"e_1_3_2_1_23_1","unstructured":"2025. W3C Standards and Drafts. (2025). https:\/\/www.w3.org\/TR\/."},{"key":"e_1_3_2_1_24_1","volume-title":"https:\/\/spec.whatwg.org\/","author":"Specifications WHATWG","year":"2025","unstructured":"2025. WHATWG Specifications. (2025). https:\/\/spec.whatwg.org\/."},{"key":"e_1_3_2_1_25_1","doi-asserted-by":"publisher","DOI":"10.1109\/CSF.2010.27"},{"volume-title":"Proc. of the ACM Conference on Computer and Communications Security (CCS).","author":"Barth Adam","key":"e_1_3_2_1_26_1","unstructured":"Adam Barth, Collin Jackson, and John C. Mitchell. 2008. Robust defenses for cross-site request forgery. In Proc. of the ACM Conference on Computer and Communications Security (CCS)."},{"key":"e_1_3_2_1_27_1","doi-asserted-by":"publisher","DOI":"10.1145\/3447852.3458718"},{"key":"e_1_3_2_1_28_1","unstructured":"Micha\u0142 Bentkowski. 2019. XSS in GMail's AMP4Email via DOM Clobbering. (2019). https:\/\/research.securitum.com\/xss-in-amp4email-dom-clobbering\/."},{"key":"e_1_3_2_1_29_1","volume-title":"Section 4.2, DOM Clobbering. W3C Draft Community Group Report","author":"Braun Frederik","year":"2024","unstructured":"Frederik Braun, Mario Heiderich, and Daniel Vogelheim. 2024. HTML Sanitizer API, Section 4.2, DOM Clobbering. W3C Draft Community Group Report (2024). https:\/\/wicg.github.io\/sanitizer-api\/."},{"key":"e_1_3_2_1_30_1","volume-title":"USENIX Security Symposium.","author":"Cornelissen Eric","year":"2024","unstructured":"Eric Cornelissen, Mikhail Shcherbakov, and Musard Balliu. 2024. {GHunter}: Universal Prototype Pollution Gadgets in {JavaScript} Runtimes. In USENIX Security Symposium."},{"key":"e_1_3_2_1_31_1","doi-asserted-by":"crossref","unstructured":"Jeremiah Grossman Seth Fogie Robert Hansen Anton Rager and Petko D Petkov. 2007. XSS Attacks: Cross-Site Scripting Exploits and Defense. Syngress.","DOI":"10.1016\/B978-159749154-9\/50005-6"},{"key":"e_1_3_2_1_32_1","doi-asserted-by":"publisher","DOI":"10.1145\/2897845.2897901"},{"key":"e_1_3_2_1_33_1","doi-asserted-by":"publisher","DOI":"10.1145\/2508859.2516723"},{"key":"e_1_3_2_1_34_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-66399-9_7"},{"key":"e_1_3_2_1_35_1","unstructured":"Gareth Heyes. 2024. Using form hijacking to bypass CSP. (2024). https:\/\/portswigger.net\/research\/using-form-hijacking-to-bypass-csp."},{"key":"e_1_3_2_1_36_1","doi-asserted-by":"publisher","DOI":"10.1145\/2338965.2336758"},{"key":"e_1_3_2_1_37_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2022.24308"},{"key":"e_1_3_2_1_38_1","volume-title":"Proc. of the IEEE Symposium on Security and Privacy (S&P).","author":"Kang Zifeng","year":"2024","unstructured":"Zifeng Kang, Muxi Lyu, Zhengyu Liu, Jianjia Yu, Runqi Fan, Song Li, and Yinzhi Cao. 2024. Follow My Flow: Unveiling Client-Side Prototype Pollution Gadgets from One Million Real-World Websites. In Proc. of the IEEE Symposium on Security and Privacy (S&P)."},{"key":"e_1_3_2_1_39_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP54263.2024.00098"},{"key":"e_1_3_2_1_40_1","volume-title":"Do (Not) Follow the White Rabbit: Challenging the Myth of Harmless Open Redirection. In Network and Distributed System Security Symposium (NDSS).","author":"Khodayari Soheil","year":"2025","unstructured":"Soheil Khodayari, Kai Glauber, and Giancarlo Pellegrino. 2025a. Do (Not) Follow the White Rabbit: Challenging the Myth of Harmless Open Redirection. In Network and Distributed System Security Symposium (NDSS)."},{"key":"e_1_3_2_1_41_1","doi-asserted-by":"crossref","unstructured":"Soheil Khodayari Kai Glauber and Giancarlo Pellegrino. 2025b. Do (Not) Follow the White Rabbit: Challenging the Myth of Harmless Open Redirection. (2025).","DOI":"10.14722\/ndss.2025.240523"},{"key":"e_1_3_2_1_42_1","volume-title":"JAW: Studying Client-side CSRF with Hybrid Property Graphs and Declarative Traversals. In USENIX Security Symposium.","author":"Khodayari Soheil","year":"2021","unstructured":"Soheil Khodayari and Giancarlo Pellegrino. 2021. JAW: Studying Client-side CSRF with Hybrid Property Graphs and Declarative Traversals. In USENIX Security Symposium."},{"key":"e_1_3_2_1_43_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP46214.2022.9833637"},{"key":"e_1_3_2_1_44_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP46215.2023.10179403"},{"key":"e_1_3_2_1_45_1","doi-asserted-by":"publisher","DOI":"10.1109\/EuroSP53844.2022.00023"},{"key":"e_1_3_2_1_46_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP54263.2024.00177"},{"key":"e_1_3_2_1_47_1","volume-title":"Proc. of the ACM Conference on Computer and Communications Security (CCS).","author":"Knittel Lukas","year":"2021","unstructured":"Lukas Knittel, Christian Mainka, Marcus Niemietz, Dominik Trevor No\u00df, and J\u00f6rg Schwenk. 2021. Xsinator. com: From a formal model to the automatic evaluation of cross-site leaks in web browsers. In Proc. of the ACM Conference on Computer and Communications Security (CCS)."},{"key":"e_1_3_2_1_48_1","volume-title":"Tranco: A Research-Oriented Top Sites Ranking Hardened Against Manipulation. In Network and Distributed System Security Symposium (NDSS).","author":"Pochat Victor Le","year":"2019","unstructured":"Victor Le Pochat, Tom Van Goethem, Samaneh Tajalizadehkhoob, Maciej Korczy\u0144ski, and Wouter Joosen. 2019. Tranco: A Research-Oriented Top Sites Ranking Hardened Against Manipulation. In Network and Distributed System Security Symposium (NDSS)."},{"key":"e_1_3_2_1_49_1","volume-title":"Eduardo A Vela Nava, and Martin Johns","author":"Lekies Sebastian","year":"2017","unstructured":"Sebastian Lekies, Krzysztof Kotowicz, Samuel Gro\u00df, Eduardo A Vela Nava, and Martin Johns. 2017. Code-reuse attacks for the web: Breaking cross-site scripting mitigations via script gadgets. In CCS."},{"key":"e_1_3_2_1_50_1","doi-asserted-by":"publisher","DOI":"10.1145\/2508859.2516703"},{"key":"e_1_3_2_1_51_1","doi-asserted-by":"publisher","DOI":"10.1145\/3471621.3471846"},{"key":"e_1_3_2_1_52_1","volume-title":"USENIX Security Symposium.","author":"Liu Theo","year":"2025","unstructured":"Theo Liu, Zhengyu amd Lee, Jianjia Yu, Zifeng Kang, and Yinzhi Cao. 2025. The DOMino Effect: Detecting and Exploiting DOM Clobbering Gadgets via Concolic Execution with Symbolic DOM. In USENIX Security Symposium."},{"key":"e_1_3_2_1_53_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP54263.2024.00121"},{"key":"e_1_3_2_1_54_1","volume-title":"Research and Defense of Cross-Site WebSocket Hijacking Vulnerability. In IEEE International Conference on Artificial Intelligence and Computer Applications (ICAICA).","author":"Mei Wenbo","year":"2020","unstructured":"Wenbo Mei and Zhaohua Long. 2020. Research and Defense of Cross-Site WebSocket Hijacking Vulnerability. In IEEE International Conference on Artificial Intelligence and Computer Applications (ICAICA)."},{"key":"e_1_3_2_1_55_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2018.23309"},{"key":"e_1_3_2_1_56_1","doi-asserted-by":"publisher","DOI":"10.1145\/3320269.3372201"},{"key":"e_1_3_2_1_57_1","volume-title":"USENIX Security Symposium.","author":"Roth Sebastian","year":"2024","unstructured":"Sebastian Roth, Lea Gr\u00f6ber, Philipp Baus, Katharina Krombholz, and Ben Stock. 2024. Trust Me If You Can \u2013 How Usable Is Trusted Types In Practice?. In USENIX Security Symposium."},{"key":"e_1_3_2_1_58_1","doi-asserted-by":"publisher","DOI":"10.1145\/3517745.3561444"},{"key":"e_1_3_2_1_59_1","unstructured":"Gustav Rydstedt Elie Bursztein Dan Boneh and Collin Jackson. 2010. Busting frame busting: a study of clickjacking vulnerabilities at popular sites. (2010)."},{"key":"e_1_3_2_1_60_1","unstructured":"Christian Schneider. 2019. Cross-Site WebSocket Hijacking (CSWSH). https:\/\/christian-schneider.net\/CrossSiteWebSocketHijacking.html"},{"key":"e_1_3_2_1_61_1","doi-asserted-by":"publisher","DOI":"10.1109\/COMPSAC.2012.34"},{"key":"e_1_3_2_1_62_1","volume-title":"USENIX Security Symposium.","author":"Shcherbakov Mikhail","year":"2023","unstructured":"Mikhail Shcherbakov, Musard Balliu, and Cristian-Alexandru Staicu. 2023. Silent spring: Prototype pollution leads to remote code execution in Node. js. In USENIX Security Symposium."},{"key":"e_1_3_2_1_63_1","doi-asserted-by":"publisher","DOI":"10.1145\/3589334.3645579"},{"key":"e_1_3_2_1_64_1","volume-title":"SoK: State of the Krawlers - Evaluating the Effectiveness of Crawling Algorithms for Web Security Measurements. In USENIX Security Symposium.","author":"Stafeev Aleksei","year":"2024","unstructured":"Aleksei Stafeev and Giancarlo Pellegrino. 2024. SoK: State of the Krawlers - Evaluating the Effectiveness of Crawling Algorithms for Web Security Measurements. In USENIX Security Symposium."},{"key":"e_1_3_2_1_65_1","volume-title":"Soheil Khodayari, and Giancarlo Pellegrino.","author":"Stafeev Aleksei","year":"2024","unstructured":"Aleksei Stafeev, Tim Recktenwald, Gianluca De Stefano, Soheil Khodayari, and Giancarlo Pellegrino. 2024. YURASCANNER: Leveraging LLMs for Task-driven Web App Scanning. (2024)."},{"key":"e_1_3_2_1_66_1","volume-title":"USENIX Security Symposium.","author":"Staicu Cristian-Alexandru","year":"2019","unstructured":"Cristian-Alexandru Staicu and Michael Pradel. 2019. Leaky images: Targeted privacy attacks in the web. In USENIX Security Symposium."},{"key":"e_1_3_2_1_67_1","volume-title":"Reining in the Web with Content Security Policy. In The Web Conference. 921-930","author":"Stamm Sid","year":"2010","unstructured":"Sid Stamm, Brandon Sterne, and Gervase Markham. 2010. Reining in the Web with Content Security Policy. In The Web Conference. 921-930."},{"key":"e_1_3_2_1_68_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2019.23009"},{"key":"e_1_3_2_1_69_1","doi-asserted-by":"publisher","DOI":"10.1145\/3372297.3417267"},{"key":"e_1_3_2_1_70_1","volume-title":"USENIX Security Symposium.","author":"Stock Ben","year":"2016","unstructured":"Ben Stock, Giancarlo Pellegrino, Christian Rossow, Martin Johns, and Michael Backes. 2016. Hey, you have a problem: On the feasibility of large-scale web vulnerability notification. In USENIX Security Symposium."},{"key":"e_1_3_2_1_71_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2020.24278"},{"key":"e_1_3_2_1_72_1","volume-title":"Content Security Policy Level 3. W3C Working Draft","author":"West Mike","year":"2024","unstructured":"Mike West and Antonio Sartori. 2024. Content Security Policy Level 3. W3C Working Draft (2024). https:\/\/w3c.github.io\/webappsec-csp\/."},{"key":"e_1_3_2_1_73_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2014.44"}],"event":{"name":"CCS '25: ACM SIGSAC Conference on Computer and Communications Security","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"],"location":"Taipei Taiwan","acronym":"CCS '25"},"container-title":["Proceedings of the 2025 ACM SIGSAC Conference on Computer and Communications Security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3719027.3765117","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,12,22]],"date-time":"2025-12-22T22:22:48Z","timestamp":1766442168000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3719027.3765117"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,11,19]]},"references-count":73,"alternative-id":["10.1145\/3719027.3765117","10.1145\/3719027"],"URL":"https:\/\/doi.org\/10.1145\/3719027.3765117","relation":{},"subject":[],"published":{"date-parts":[[2025,11,19]]},"assertion":[{"value":"2025-11-22","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}