Open Access. Powered by Scholars. Published by Universities.®
Physical Sciences and Mathematics Commons™
Open Access. Powered by Scholars. Published by Universities.®
Articles 1 - 1 of 1
Full-Text Articles in Physical Sciences and Mathematics
Jscsp: A Novel Policy-Based Xss Defense Mechanism For Browsers, Guangquan Xu, Xiaofei Xie, Shuhan Huang, Jun Zhang, Lei Pan, Wei Lou, Kaitai Liang
Jscsp: A Novel Policy-Based Xss Defense Mechanism For Browsers, Guangquan Xu, Xiaofei Xie, Shuhan Huang, Jun Zhang, Lei Pan, Wei Lou, Kaitai Liang
Research Collection School Of Computing and Information Systems
To mitigate cross-site scripting attacks (XSS), the W3C group recommends web service providers to employ a computer security standard called Content Security Policy (CSP). However, less than 3.7 percent of real-world websites are equipped with CSP according to Google’s survey. The low scalability of CSP is incurred by the difficulty of deployment and non-compatibility for state-of-art browsers. To explore the scalability of CSP, in this article, we propose JavaScript based CSP (JSCSP), which is able to support most of real-world browsers but also to generate security policies automatically. Specifically, JSCSP offers a novel self-defined security policy which enforces essential confinements …