PoliDOM: Mitigation of DOM-XSS by Detection and Prevention of Unauthorized DOM Tampering
作者: Junaid Iqbal , Ratinder Kaur , Natalia Stakhanova
关键词:
摘要: The current generation of DOM (Document Object Model) Cross-Site Scripting (DOM-XSS) filters are mostly browser-based tools, and do not allow the web developers to control authorized or unauthorized modifications page's DOM. In this work, we propose a policy-based protection mechanism detect prevent tampering To examine efficiency feasibility our approach, implement proposed solution in an open source browser, Chromium. Our approach has little performance overhead effectively detects malicious We also conduct thorough analysis state-of-the-art MutationObserver API uncover its limitations.
acm.org
sci-hub.se 参考文章(4)
Sid Stamm, Brandon Sterne, Gervase Markham, Reining in the web with content security policy the web conference. pp. 921- 930 ,(2010) , 10.1145/1772690.1772784
Sebastian Lekies, Ben Stock, Martin Johns, 25 million flows later: large-scale detection of DOM-based XSS computer and communications security. pp. 1193- 1204 ,(2013) , 10.1145/2508859.2516703
Inian Parameshwaran, Enrico Budianto, Shweta Shinde, Hung Dang, Atul Sadhu, Prateek Saxena, Auto-patching DOM-based XSS at scale foundations of software engineering. pp. 272- 283 ,(2015) , 10.1145/2786805.2786821
Trong Kha Nguyen, Seong Oun Hwang, Large-Scale Detection of DOM-Based XSS Based on Publisher and Subscriber Model international conference on computational science. pp. 975- 980 ,(2016) , 10.1109/CSCI.2016.0187