Defeating script injection attacks with browser-enforced embedded policies

@inproceedings{Jim2007DefeatingSI,
  title={Defeating script injection attacks with browser-enforced embedded policies},
  author={Trevor Jim and Nikhil Swamy and Michael Hicks},
  booktitle={WWW},
  year={2007}
}
Web sites that accept and display content such as wiki articles or comments typically filter the content to prevent injected script code from running in browsers that view the site. The diversity of browser rendering algorithms and the desire to allow rich content make filtering quite difficult, however, and attacks such as the Samy and Yamanner worms have exploited filtering weaknesses. This paper proposes a simple alternative mechanism for preventing script injection called Browser-Enforced… CONTINUE READING
Highly Influential
This paper has highly influenced 44 other papers. REVIEW HIGHLY INFLUENTIAL CITATIONS
Highly Cited
This paper has 335 citations. REVIEW CITATIONS
Related Discussions
This paper has been referenced on Twitter 1 time. VIEW TWEETS

From This Paper

Figures, tables, and topics from this paper.

Citations

Publications citing this paper.
Showing 1-10 of 216 extracted citations

A survey of detection methods for XSS attacks

J. Network and Computer Applications • 2018
View 17 Excerpts
Highly Influenced

E-mail Header Injection Vulnerabilities

it - Information Technology • 2017
View 4 Excerpts
Highly Influenced

The SICILIAN Defense: Signature-based Whitelisting of Web JavaScript

ACM Conference on Computer and Communications Security • 2015
View 7 Excerpts
Highly Influenced

335 Citations

02040'08'11'14'17
Citations per Year
Semantic Scholar estimates that this publication has 335 citations based on the available data.

See our FAQ for additional information.

References

Publications referenced by this paper.
Showing 1-5 of 5 references

Malicious Yahooligans

Eric Chien
Virus Bulletin, • 2006
View 7 Excerpts
Highly Influenced

Detecting malicious JavaScript code in Mozilla

10th IEEE International Conference on Engineering of Complex Computer Systems (ICECCS'05) • 2005
View 4 Excerpts
Highly Influenced

Similar Papers

Loading similar papers…