Mike Ter Louw, Prithvi Bisht and V.N. Venkatakrishnan
Search: 
Main » Library » LibraryPublications » LibraryPublicationW2SPHypertextIsolation
Keywords  www security XSS isolation trust Full text pdf pdf

Abstract

Modern websites and web applications commonly integrate third-party and user-generated content to enrich the user's experience. Developers of these applications are in need of a simple way to limit the capabilities of this less trusted, outsourced web content and thereby protect their users from cross-site scripting attacks. We summarize several recent proposals that enable developers to isolate untrusted hypertext, and could be used to define robust constraint environments that are enforceable by web browsers. A comparative analysis of these proposals is presented highlighting security, legacy browser compatibility and several other important qualities.

Publication

In Web 2.0 Security and Privacy 2008, Oakland, CA, USA, May 2008

BibTeX BibTeX 
 @inproceedings{
  W2SP08:HypertextIsolation,
  author        = {Ter~Louw, Mike and Prithvi Bisht and V.N. Venkatakrishnan},
  crossref      = {W2SP08},
  title         = {Analysis of Hypertext Isolation Techniques for {XSS} Prevention}
}
@proceedings{
  W2SP08,
  location      = {Oakland, CA, USA},
  booktitle     = {Web 2.0 Security and Privacy 2008},
  month         = may,
  year          = {2008}
}

Presentation slides

pdf    W2SP'08: This talk was given at the Web 2.0 Security and Privacy workshop in May, 2008.

Main.LibraryPublicationForm

r14 - 25 May 2008 - 18:20:33 - MikeTerLouw
Copyright © 2002-2009 by the contributing authors. All material on this website is the property of the contributing authors.
Syndicate this site RSSATOM