An Implementation of the Binding Mechanism in the Web Browser for Preventing XSS Attacks: Introducing the Bind-Value Headers

Abstract

Today, cross-site scripting (XSS) vulnerability is one of the major problems of web application security. To prevent XSS attacks, there are several solutions based on blacklist filtering or whitelist filtering. Unfortunately, these solutions cannot solve XSS vulnerabilities completely. In this paper, we propose a binding mechanism, which is comparable to the binding mechanism for SQL. Furthermore, this paper shows the evaluation results of this mechanism by implementing this mechanism into the web browser (Firefox 3.0).