Matches in ScholarlyData for { <https://w3id.org/scholarlydata/inproceedings/www2010/paper/main/872> ?p ?o. }
Showing items 1 to 14 of
14
with 100 items per page.
- 872 creator adam-barth.
- 872 creator collin-jackson.
- 872 creator daniel-bates.
- 872 type InProceedings.
- 872 label "Regular Expressions Considered Harmful in Client-Side XSS Filters".
- 872 sameAs 872.
- 872 abstract "Cross-site scripting flaws have now surpassed buffer overflows as the world's most common publicly-reported security vulnerability. In recent years, browser vendors and researchers have tried to develop client-side filters to mitigate these attacks. We analyze the best existing filters and find them to be either unacceptably slow or easily circumvented. Worse, some of these filters actually introduce exploitable vulnerabilities into sites that were previously bug-free. We propose a new filter design that achieves both high performance and high precision by blocking scripts after HTML parsing but before execution. Compared to previous approaches, our approach is faster, protects against more vulnerabilities, and is harder for attackers to abuse. We have contributed an implementation of our filter design to the WebKit open source rendering engine, and the filter is now enabled by default in the Google Chrome browser.".
- 872 hasAuthorList authorList.
- 872 isPartOf proceedings.
- 872 keyword "Browser security issues".
- 872 keyword "defenses".
- 872 keyword "including attacks".
- 872 keyword "policy models".
- 872 title "Regular Expressions Considered Harmful in Client-Side XSS Filters".