Abstract

Content Security Policies (CSPs) provide powerful means to mitigate most XSS exploits. However, CSP’s protection is incomplete. Insecure server-side JavaScript generation and attacker control over script-sources can lead to XSS conditions which cannot be mitigated by CSP. In this paper we propose PreparedJS, an extension to CSP which takes these weaknesses into account. Through the combination of a safe script templating mechanism with a light-weight script checksumming scheme, PreparedJS is able to fill the identified gaps in CSP’s protection capabilities.

Full Text
Paper version not known

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Similar Papers

Paper Title
Journal
Date
Author
A new adaptive PMU based protection scheme for interconnected transmission network system
Sayali N Muneshwar ... Ramchanndra Hasabe
-
Sayali N Muneshwar, et. al.Sayali N Muneshwar ... Ramchanndra Hasabe
01 Mar 2014
A new adaptive PMU based protection scheme for interconnected transmission network system
Sayali N Muneshwar ... Parag Kose
-
Sayali N Muneshwar, et. al.Sayali N Muneshwar ... Parag Kose
01 Mar 2014
Making databases secure with TRUDATA technology
R.B Knode ... R.A Hunt
-
R.B Knode, et. al.R.B Knode ... R.A Hunt
12 Dec 1988
PreparedJS: Secure Script-Templates for JavaScript
Martin Johns
-
Martin JohnsMartin Johns
01 Jan 2013
View more papers

More From: Journal of Information Security and Applications

Paper Title
Journal
Date
Author
Self-sovereign identity management in ciphertext policy attribute based encryption for IoT protocols
Weichu Deng ... Cong Peng
Journal of Information Security and Applications | VOL. 86
Weichu Deng, et. al.Weichu Deng ... Cong Peng
11 Sep 2024
Detection of Evasive Android Malware Using EigenGCN
Teenu S John ... Sabu Emmanuel
Journal of Information Security and Applications | VOL. 86
Teenu S John, et. al.Teenu S John ... Sabu Emmanuel
07 Sep 2024
P-Chain: Towards privacy-aware smart contract using SMPC
Yiqing Diao ... Li Xu
Journal of Information Security and Applications | VOL. 86
Yiqing Diao, et. al.Yiqing Diao ... Li Xu
03 Sep 2024
Visualization-based comprehensive feature representation with improved EfficientNet for malicious file and variant recognition
Liangwei Yao ... Yang Xin
Journal of Information Security and Applications | VOL. 86
Liangwei Yao, et. al.Liangwei Yao ... Yang Xin
03 Sep 2024
View more papers

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.