{"title":"防止跨站攻击的绑定机制在Web浏览器中的实现:引入Bind-Value头","authors":"Genta Iha, H. Doi","doi":"10.1109/ARES.2009.19","DOIUrl":null,"url":null,"abstract":"Today, cross-site scripting (XSS) vulnerability is one of the major problems of web application security. To prevent XSS attacks, there are several solutions based on blacklist filtering or whitelist filtering. Unfortunately, these solutions cannot solve XSS vulnerabilities completely. In this paper, we propose a binding mechanism, which is comparable to the binding mechanism for SQL. Furthermore, this paper shows the evaluation results of this mechanism by implementing this mechanism into the web browser (Firefox 3.0).","PeriodicalId":169468,"journal":{"name":"2009 International Conference on Availability, Reliability and Security","volume":"12 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2009-03-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"21","resultStr":"{\"title\":\"An Implementation of the Binding Mechanism in the Web Browser for Preventing XSS Attacks: Introducing the Bind-Value Headers\",\"authors\":\"Genta Iha, H. Doi\",\"doi\":\"10.1109/ARES.2009.19\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Today, cross-site scripting (XSS) vulnerability is one of the major problems of web application security. To prevent XSS attacks, there are several solutions based on blacklist filtering or whitelist filtering. Unfortunately, these solutions cannot solve XSS vulnerabilities completely. In this paper, we propose a binding mechanism, which is comparable to the binding mechanism for SQL. Furthermore, this paper shows the evaluation results of this mechanism by implementing this mechanism into the web browser (Firefox 3.0).\",\"PeriodicalId\":169468,\"journal\":{\"name\":\"2009 International Conference on Availability, Reliability and Security\",\"volume\":\"12 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2009-03-16\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"21\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2009 International Conference on Availability, Reliability and Security\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ARES.2009.19\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2009 International Conference on Availability, Reliability and Security","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ARES.2009.19","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
An Implementation of the Binding Mechanism in the Web Browser for Preventing XSS Attacks: Introducing the Bind-Value Headers
Today, cross-site scripting (XSS) vulnerability is one of the major problems of web application security. To prevent XSS attacks, there are several solutions based on blacklist filtering or whitelist filtering. Unfortunately, these solutions cannot solve XSS vulnerabilities completely. In this paper, we propose a binding mechanism, which is comparable to the binding mechanism for SQL. Furthermore, this paper shows the evaluation results of this mechanism by implementing this mechanism into the web browser (Firefox 3.0).