Open Access. Powered by Scholars. Published by Universities.®

Physical Sciences and Mathematics Commons

Open Access. Powered by Scholars. Published by Universities.®

Programming Languages and Compilers

PDF

Research Collection School Of Computing and Information Systems

2022

Content security policy

Articles 1 - 1 of 1

Full-Text Articles in Physical Sciences and Mathematics

Jscsp: A Novel Policy-Based Xss Defense Mechanism For Browsers, Guangquan Xu, Xiaofei Xie, Shuhan Huang, Jun Zhang, Lei Pan, Wei Lou, Kaitai Liang Mar 2022

Jscsp: A Novel Policy-Based Xss Defense Mechanism For Browsers, Guangquan Xu, Xiaofei Xie, Shuhan Huang, Jun Zhang, Lei Pan, Wei Lou, Kaitai Liang

Research Collection School Of Computing and Information Systems

To mitigate cross-site scripting attacks (XSS), the W3C group recommends web service providers to employ a computer security standard called Content Security Policy (CSP). However, less than 3.7 percent of real-world websites are equipped with CSP according to Google’s survey. The low scalability of CSP is incurred by the difficulty of deployment and non-compatibility for state-of-art browsers. To explore the scalability of CSP, in this article, we propose JavaScript based CSP (JSCSP), which is able to support most of real-world browsers but also to generate security policies automatically. Specifically, JSCSP offers a novel self-defined security policy which enforces essential confinements …

Go to article