Abstract
The current generation of DOM (Document Object Model) Cross-Site Scripting (DOM-XSS) filters are mostly browser-based tools, and do not allow the web developers to control authorized or unauthorized modifications of the web page's DOM. In this work, we propose a policy-based and browser-based protection mechanism to detect and prevent unauthorized tampering of the DOM. To examine the efficiency and feasibility of our approach, we implement the proposed solution in an open source web browser, Chromium. Our proposed approach has little performance overhead and effectively detects malicious modifications of the DOM. We also conduct a thorough analysis of the current state-of-the-art policy-based MutationObserver API and uncover its limitations.
Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
