Modern websites and web applications commonly integrate third-party and user-generated content to enrich the user’s experience. Developers of these applications are in need of a simple way to limit the capabilities of this less trusted, outsourced web content and thereby protect their users from cross-site scripting attacks. We summarize several recent proposals that enable developers to isolat...
