Many web pages display personal information provided by users. The goal of this work is to protect that content from untrusted scripts that are embedded in host pages. We present a...
Web sites that accept and display content such as wiki articles or comments typically filter the content to prevent injected script code from running in browsers that view the sit...
Web applications are becoming the dominant way to provide access to on-line services. At the same time, web application vulnerabilities are being discovered and disclosed at an al...
Cross-origin CSS attacks use style sheet import to steal confidential information from a victim website, hijacking a user's existing authenticated session; existing XSS defen...
Lin-Shung Huang, Zack Weinberg, Chris Evans, Colli...
It is now common for Web sites to use active Web content, such as Flash, Silverlight, or Java applets, to support rich, interactive applications. For many mobile devices, however,...
Alexander Moshchuk, Steven D. Gribble, Henry M. Le...