METHOD OF DETECTION AND ELIMINATION OF VULNERABILITIES IN INPUT COMPONENTS OF THE DOM MODEL USING fDOM

Abstract

The article discusses a progressive approach to securing web applications by identifying and eliminating vulnerabilities in input components of the Document Object Model (DOM). The main focus is on the development of fDOM - a formal version of DOM that automates the process of "sanitizing" attributes, actively removing potentially dangerous content, especially in cases involving <script> tags and associated threats such as cross-site scripting (XSS). The article thoroughly examines the existing structure of DOM, identifies key vulnerabilities, and introduces innovations in the form of a sanitize method to prevent potential attacks. Technical aspects include algorithms for cleaning attributes and elements, as well as a procedure for sanitizing input data. The effectiveness of the proposed model is demonstrated through a series of tests and lemmas that confirm the absence of harmful content after the sanitization procedure. The verification of the method for detecting and eliminating vulnerabilities using the formal verification system Isabelle/HOL is also discussed, highlighting the importance of formal methods in securing web applications. The article evaluates the strengths and weaknesses of fDOM, sheds light on potential directions for further development of the model, adaptation for dynamic content, and exploration of integrations with third-party services. Demonstration of the effectiveness of fDOM using a set of tests confirmed its ability to neutralize potentially dangerous code, indicating the success of this approach in providing a higher level of security for web applications.