Analysis of Hypertext Isolation Techniques for XSS Prevention

نویسندگان

  • Mike Ter Louw
  • Prithvi Bisht
  • V. N. Venkatakrishnan
چکیده

Modern websites and web applications commonly integrate third-party and user-generated content to enrich the user’s experience. Developers of these applications are in need of a simple way to limit the capabilities of this less trusted, outsourced web content and thereby protect their users from cross-site scripting attacks. We summarize several recent proposals that enable developers to isolate untrusted hypertext, and could be used to define robust constraint environments that are enforceable by web browsers. A comparative analysis of these proposals is presented highlighting security, legacy browser compatibility and several other important qualities.

برای دانلود رایگان متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

Analysis of Hypertext Markup Isolation Techniques for XSS Prevention

Modern websites and web applications commonly integrate third-party and user-generated content to enrich their users’ experience. Developers of these applications are in need of a simple way to limit the capabilities of this less trusted, outsourced content and thereby protect their users from cross-site scripting attacks. We summarize several recent proposals that enable developers to isolate ...

متن کامل

Prevention of Cross Site Scripting with E-Guard Algorithm

In this world of networking where people around the globe are connected, Cross-site Scripting (XSS) has emerged to one of the most prevalent growing threat. XSS attacks are those in which attackers inject malicious codes, most often client-side scripts, into web applications from outside sources. Because of the number of possible injection location and techniques, many applications are vulnerab...

متن کامل

Dynamic Web Application Analysis for Cross Site Scripting Detection

Though cross site scripting (XSS) is essentially a server-side problem, in most cases users are the one who suffer. Additionally, most Anti-XSS measures developed so far are requiring either a major customization effort or modifications in the Web Application. This thesis presents a general XSS detector able to automatically derive all required Web Application specific knowledge. Data-mining te...

متن کامل

Current state of research on cross-site scripting (XSS) - A systematic literature review

Keywords: Systematic literature review Cross-site scripting Security Web applications a b s t r a c t Context: Cross-site scripting (XSS) is a security vulnerability that affects web applications. It occurs due to improper or lack of sanitization of user inputs. The security vulnerability caused many problems for users and server applications. Objective: To conduct a systematic literature revie...

متن کامل

⊕JS: Lightweight Cross-Site Scripting Prevention Using Isolation Operators

Cross-site scripting (XSS) attacks constitute one of the major threats for today’s web sites. Recently reported numbers on XSS vulnerabilities, coupled with the increasing complexity of modern web browsers, clearly highlight the need for effective mitigation mechanisms. However, despite the significance of these attacks, a definitive approach against any type of XSS vulnerability sill remains e...

متن کامل

ذخیره در منابع من

ذخیره در منابع من قبلا به منابع من ذحیره شده

{@ msg_add @}


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

عنوان ژورنال:

دوره   شماره 

صفحات  -

تاریخ انتشار 2008