Online citations, reference lists, and bibliographies.

Regular Expressions Considered Harmful In Client-side XSS Filters

Daniel Bates, A. Barth, C. Jackson
Published 2010 · Computer Science

Cite This
Download PDF
Analyze on Scholarcy
Cross-site scripting flaws have now surpassed buffer overflows as the world's most common publicly-reported security vulnerability. In recent years, browser vendors and researchers have tried to develop client-side filters to mitigate these attacks. We analyze the best existing filters and find them to be either unacceptably slow or easily circumvented. Worse, some of these filters could introduce vulnerabilities into sites that were previously bug-free. We propose a new filter design that achieves both high performance and high precision by blocking scripts after HTML parsing but before execution. Compared to previous approaches, our approach is faster, protects against more vulnerabilities, and is harder for attackers to abuse. We have contributed an implementation of our filter design to the WebKit open source rendering engine, and the filter is now enabled by default in the Google Chrome browser.
This paper references
WWW 2010 @BULLET Full Paper
Internals of noXSS
Jeremias Reith (2008)
Noxes: a client-side solution for mitigating cross-site scripting attacks
E. Kirda (2006)
The " data " URL scheme. IETF RFC 2397
Larry Masinter (1998)
Chrome gets XSS filters
David Lindsay (2009)
Our favorite XSS filters/IDS and how to attack
Eduardo Vela Nava (2009)
JavaScript: The Definitive Guide, chapter 20.4 The Data-Tainting
David Flanagan (1997)
IE 8 XSS filter architecture/implementation
David Ross (2008)
Browser Security Handbook, volume 2
Michal Zalewski
Preventing frame busting and click jacking, Februrary 2009. preventing-frame-busting-and-click-jacking- ui-redressing
IE8 security part VII: Clickjacking defenses. ie8-security-part-vii-clickjacking-defenses
Eric Lawrence (2009)
Hypertext Markup Language - 2.0
Hu Cao (1995)
Cross Site Scripting Prevention with Dynamic Data Tainting and Static Analysis
P. Vogt (2007)
The "data" URL scheme
L. Masinter (1998)
Preventing frame busting and click jacking
Steve. (2009)
IE8 security part VII: Clickjacking defenses.
Eric Lawrence (2009)
Browser Security Handbook, volume 2. Part2#Arbitrary_page_mashups_(UI_redressing)
Michal Zalewski (2010)
About dynamic properties
Preventing frame busting and click jacking , Februrary
Steve. (2009)
JavaScript: The Definitive Guide, chapter 20.4 The Data-Tainting Security Model
David Flanagan
XSS (cross site scripting) cheat sheet
Robert Hansen
Exploiting IE8 UTF-7 XSS vulnerability using local redirection exploiting-ie8-utf-7-xss-vulnerability-using- local-redirection
Inferno (2009)
V8 benchmark suite
Vulnerability Type Distributions in CVE
S. Christey (2007)
Our favorite XSS filters/IDS and how to attack them
Eduardo Vela Nava (2009)
IE8 security part VII: Clickjacking defenses. ie8-security-part-vii-clickjacking-defenses. aspx
Eric Lawrence (2009)
Caja: A source-to-source translator for securing JavaScript-based web content
Mitre. CVE-2009-4074

This paper is referenced by
HXD: Hybrid XSS detection by using a headless browser
Hyunsang Choi (2017)
Web application vulnerability assessment and policy direction towards a secure smart government
O. M. Awoleye (2014)
Back in Black: Towards Formal, Black Box Analysis of Sanitizers and Filters
George Argyros (2016)
A client‐server JavaScript code rewriting‐based framework to detect the XSS worms from online social network
S. Gupta (2019)
KameleonFuzz: evolutionary fuzzing for black-box XSS detection
F. Duchene (2014)
Dynamic Information Flow Analysis for JavaScript in a Web Browser
Thomas H. Austin (2013)
A Novel Framework to Alleviate Dissemination of XSS Worms in Online Social Network (OSN) using View Segregation
Pooja Chaudhary (2017)
A Systematic Analysis of XSS Sanitization in Web Application Frameworks
J. Weinberger (2011)
IDS and IPS System in Multi-Tier Web Applications
Jayant Kulkarni (2015)
XSS Attack Prevention Using DOM-Based Filter
Asish Kumar Dalai (2018)
Detecting Intrusions in Multitier Web Applications
N. Saware (2013)
SCRIPTGARD: automatic context-sensitive sanitization for large-scale legacy web applications
P. Saxena (2011)
Experience report: an empirical study of PHP security mechanism usage
Johannes Dahse (2015)
Security and Privacy of Augmented Reality Browsers
Richard McPherson (2015)
Adaptive Random Testing for XSS Vulnerability
Chengcheng Lv (2019)
Fighting Against XSS Attacks: A Usability Evaluation of OWASP ESAPI Output Encoding
Chamila Wijayarathna (2019)
Hunting Cross-Site Scripting Attacks in the Network
E. Athanasopoulos (2010)
Parameter Pollution Vulnerabilities in Web Applications
Marco embyte’Balduzzi (2011)
SCRIPTGARD: Preventing Script Injection Attacks in Legacy Web Applications with Automatic Sanitization
Prateek Saxena (2010)
Control + Data Flow Model Directed Inputs Generation B . Approximate Taint Flow Inference
Fabien Duchene (2014)
K. Mona Chary (2013)
PreparedJS: Secure Script-Templates for JavaScript
Martin Johns (2013)
Large-Scale , Automatic XSS Detection using Google Dorks
Riccardo Pelizzi (2011)
Moving towards Positive Security Model for Web Application Firewall
Asrul H. Yaacob (2012)
Context-sensitive auto-sanitization in web templating languages using type qualifiers
Mike Samuel (2011)
Have things changed now? An empirical study on input validation vulnerabilities in web applications
Theodoor Scholte (2012)
Countering Cross-Site Scripting in Web-based Applications
Loye Lynn Ray (2015)
CSP Is Dead, Long Live CSP! On the Insecurity of Whitelists and the Future of Content Security Policy
Lukas Weichselbaum (2016)
Audit for web application MSc Research Project Cloud Computing
Ramyabharathi Duraichamy (2017)
Browser's defenses against reflected cross-site scripting attacks
B. Mewara (2014)
Web Vulnerabilities and Defenses Reseach Proficiency Exam
Riccardo Pelizzi (2011)
Xilara: An XSS Filter Based on HTML Template Restoration
Keitaro Yamazaki (2018)
See more
Semantic Scholar Logo Some data provided by SemanticScholar