Free Online Productivity Tools
i2Speak
i2Symbol
i2OCR
iTex2Img
iWeb2Print
iWeb2Shot
i2Type
iPdf2Split
iPdf2Merge
i2Bopomofo
i2Arabic
i2Style
i2Image
i2PDF
iLatex2Rtf
Sci2ools
WWW
2010
ACM
2010
ACM
Regular expressions considered harmful in client-side XSS filters
Cross-site scripting flaws have now surpassed buffer overflows as the world’s most common publicly-reported security vulnerability. In recent years, browser vendors and researchers have tried to develop client-side filters to mitigate these attacks. We analyze the best existing filters and find them to be either unacceptably slow or easily circumvented. Worse, some of these filters could introduce vulnerabilities into sites that were previously bug-free. We propose a new filter design that achieves both high performance and high precision by blocking scripts after HTML parsing but before execution. Compared to previous approaches, our approach is faster, protects against more vulnerabilities, and is harder for attackers to abuse. We have contributed an implementation of our filter design to the WebKit open source rendering engine, and the filter is now enabled by default in the Google Chrome browser. Categories and Subject Descriptors K.6.5 [Management of Computing and Inf...
Real-time TrafficCross-site Scripting | Cross-site Scripting flaws | Internet Technology | Publicly-reported Security Vulnerability | WWW 2010 |
| Added | 14 May 2010 |
| Updated | 14 May 2010 |
| Type | Conference |
| Year | 2010 |
| Where | WWW |
| Authors | Daniel Bates, Adam Barth, Collin Jackson |
Comments (0)
Researcher Info
|
