The Postman Always Rings Twice: Attacking and Defending postMessage in HTML5 Websites

@inproceedings{Son2013ThePA,
  title={The Postman Always Rings Twice: Attacking and Defending postMessage in HTML5 Websites},
  author={Sooel Son and Vitaly Shmatikov},
  booktitle={NDSS},
  year={2013}
}
The postMessage mechanism in HTML5 enables Web content from different origins to communicate with each other, thus relaxing the same origin policy. It is especially popular in websites that include third-party content. Each message contains accurate information about its origin, but the receiver must check this information before accepting the message. The responsibility for preventing cross-origin attacks is thus partially delegated from the Web browser to the implementors of postMessage… CONTINUE READING
Highly Cited
This paper has 63 citations. REVIEW CITATIONS

Citations

Publications citing this paper.
Showing 1-10 of 34 extracted citations

63 Citations

051015'14'16'18
Citations per Year
Semantic Scholar estimates that this publication has 63 citations based on the available data.

See our FAQ for additional information.