Attacks on JavaScript Mashup Communication

@inproceedings{Barth2009AttacksOJ,
  title={Attacks on JavaScript Mashup Communication},
  author={Adam Barth and William Li},
  year={2009}
}
In a mashup, two principals wish to communicate without ceding complete control to each other. In this paper, we analyze whether existing and proposed JavaScript mashup communication mechanisms have this security property. We show that a failure to account for details of JavaScript often lets one communicant completely compromise the other. We illustrate these vulnerabilities with proof-of-concept privilege escalation attacks. Based on our analysis, we recommend that mashup communication… CONTINUE READING
Highly Cited
This paper has 33 citations. REVIEW CITATIONS

From This Paper

Figures, tables, and topics from this paper.
26 Citations
13 References
Similar Papers

Citations

Publications citing this paper.
Showing 1-10 of 26 extracted citations

References

Publications referenced by this paper.
Showing 1-10 of 13 references

Same-origin policy for file: URIs

  • Eric Shepherd, Boris Zbarsky
  • 2009
1 Excerpt

http://www.whatwg.org/specs/ web-apps/current-work/multipage/ comms.html#crossDocumentMessages

  • Ian Hickson
  • Cross-document messaging,
  • 2009
1 Excerpt

Similar Papers

Loading similar papers…