Some web sites provide interactive extensions using browser scripts, often without inspecting the scripts to verify that they are benign and bug-free. Others handle users’ conď¬...
Alexander Yip, Neha Narula, Maxwell N. Krohn, Robe...
—The amount of dynamic content on the web has been steadily increasing. Scripting languages such as JavaScript and browser extensions such as Adobe’s Flash have been instrument...
Sean Ford, Marco Cova, Christopher Kruegel, Giovan...
Modern websites are powered by JavaScript, a flexible dynamic scripting language that executes in client browsers. A common paradigm in such websites is to include third-party Ja...
Ravi Chugh, Jeffrey A. Meister, Ranjit Jhala, Sori...
Cross-origin CSS attacks use style sheet import to steal confidential information from a victim website, hijacking a user's existing authenticated session; existing XSS defen...
Lin-Shung Huang, Zack Weinberg, Chris Evans, Colli...
Web applications are becoming the dominant way to provide access to on-line services. At the same time, web application vulnerabilities are being discovered and disclosed at an al...