{"id":"https://openalex.org/W2290753859","doi":"https://doi.org/10.1007/978-3-319-24174-6_2","title":"Waiting for CSP \u2013 Securing Legacy Web Applications with JSAgents","display_name":"Waiting for CSP \u2013 Securing Legacy Web Applications with JSAgents","publication_year":2015,"publication_date":"2015-01-01","ids":{"openalex":"https://openalex.org/W2290753859","doi":"https://doi.org/10.1007/978-3-319-24174-6_2","mag":"2290753859"},"language":"en","primary_location":{"id":"doi:10.1007/978-3-319-24174-6_2","is_oa":true,"landing_page_url":"https://doi.org/10.1007/978-3-319-24174-6_2","pdf_url":"https://link.springer.com/content/pdf/10.1007/978-3-319-24174-6_2.pdf","source":{"id":"https://openalex.org/S106296714","display_name":"Lecture notes in computer science","issn_l":"0302-9743","issn":["0302-9743","1611-3349"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319900","host_organization_name":"Springer Science+Business Media","host_organization_lineage":["https://openalex.org/P4310319900","https://openalex.org/P4310319965"],"host_organization_lineage_names":["Springer Science+Business Media","Springer Nature"],"type":"book series"},"license":"cc-by-nc","license_id":"https://openalex.org/licenses/cc-by-nc","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Lecture Notes in Computer Science","raw_type":"book-chapter"},"type":"book-chapter","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"hybrid","oa_url":"https://link.springer.com/content/pdf/10.1007/978-3-319-24174-6_2.pdf","any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5016851937","display_name":"Mario Heiderich","orcid":null},"institutions":[{"id":"https://openalex.org/I904495901","display_name":"Ruhr University Bochum","ror":"https://ror.org/04tsk2644","country_code":"DE","type":"education","lineage":["https://openalex.org/I904495901"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Mario Heiderich","raw_affiliation_strings":["Horst G\u00f6rtz Institute for IT-Security, Ruhr-University Bochum, Bochum, Germany"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Horst G\u00f6rtz Institute for IT-Security, Ruhr-University Bochum, Bochum, Germany","institution_ids":["https://openalex.org/I904495901"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5034652773","display_name":"Marcus Niemietz","orcid":"https://orcid.org/0009-0006-1726-8099"},"institutions":[{"id":"https://openalex.org/I904495901","display_name":"Ruhr University Bochum","ror":"https://ror.org/04tsk2644","country_code":"DE","type":"education","lineage":["https://openalex.org/I904495901"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Marcus Niemietz","raw_affiliation_strings":["Horst G\u00f6rtz Institute for IT-Security, Ruhr-University Bochum, Bochum, Germany"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Horst G\u00f6rtz Institute for IT-Security, Ruhr-University Bochum, Bochum, Germany","institution_ids":["https://openalex.org/I904495901"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5053201224","display_name":"J\u00f6rg Schwenk","orcid":"https://orcid.org/0000-0001-9315-7354"},"institutions":[{"id":"https://openalex.org/I904495901","display_name":"Ruhr University Bochum","ror":"https://ror.org/04tsk2644","country_code":"DE","type":"education","lineage":["https://openalex.org/I904495901"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"J\u00f6rg Schwenk","raw_affiliation_strings":["Horst G\u00f6rtz Institute for IT-Security, Ruhr-University Bochum, Bochum, Germany"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Horst G\u00f6rtz Institute for IT-Security, Ruhr-University Bochum, Bochum, Germany","institution_ids":["https://openalex.org/I904495901"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":3,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":{"value":5000,"currency":"EUR","value_usd":5392},"apc_paid":{"value":5000,"currency":"EUR","value_usd":5392},"fwci":1.1432,"has_fulltext":true,"cited_by_count":4,"citation_normalized_percentile":{"value":0.80002577,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":89,"max":96},"biblio":{"volume":null,"issue":null,"first_page":"23","last_page":"42"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.996399998664856,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9869999885559082,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8641823530197144},{"id":"https://openalex.org/keywords/cross-site-scripting","display_name":"Cross-site scripting","score":0.8498071432113647},{"id":"https://openalex.org/keywords/markup-language","display_name":"Markup language","score":0.7183960676193237},{"id":"https://openalex.org/keywords/javascript","display_name":"JavaScript","score":0.6936284303665161},{"id":"https://openalex.org/keywords/scripting-language","display_name":"Scripting language","score":0.6553487181663513},{"id":"https://openalex.org/keywords/client-side-scripting","display_name":"Client-side scripting","score":0.5514175891876221},{"id":"https://openalex.org/keywords/html","display_name":"HTML","score":0.5052240490913391},{"id":"https://openalex.org/keywords/web-application","display_name":"Web application","score":0.5010175704956055},{"id":"https://openalex.org/keywords/world-wide-web","display_name":"World Wide Web","score":0.49504294991493225},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.4654662609100342},{"id":"https://openalex.org/keywords/security-policy","display_name":"Security policy","score":0.45325028896331787},{"id":"https://openalex.org/keywords/obfuscation","display_name":"Obfuscation","score":0.4506363272666931},{"id":"https://openalex.org/keywords/python","display_name":"Python (programming language)","score":0.4196149706840515},{"id":"https://openalex.org/keywords/web-page","display_name":"Web page","score":0.2941763997077942},{"id":"https://openalex.org/keywords/xml","display_name":"XML","score":0.2863033413887024},{"id":"https://openalex.org/keywords/web-application-security","display_name":"Web application security","score":0.2723614275455475},{"id":"https://openalex.org/keywords/programming-language","display_name":"Programming language","score":0.24668502807617188},{"id":"https://openalex.org/keywords/web-development","display_name":"Web development","score":0.21142271161079407},{"id":"https://openalex.org/keywords/web-api","display_name":"Web API","score":0.14573046565055847}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8641823530197144},{"id":"https://openalex.org/C39569185","wikidata":"https://www.wikidata.org/wiki/Q371199","display_name":"Cross-site scripting","level":5,"score":0.8498071432113647},{"id":"https://openalex.org/C45874996","wikidata":"https://www.wikidata.org/wiki/Q37045","display_name":"Markup language","level":3,"score":0.7183960676193237},{"id":"https://openalex.org/C544833334","wikidata":"https://www.wikidata.org/wiki/Q2005","display_name":"JavaScript","level":2,"score":0.6936284303665161},{"id":"https://openalex.org/C61423126","wikidata":"https://www.wikidata.org/wiki/Q187432","display_name":"Scripting language","level":2,"score":0.6553487181663513},{"id":"https://openalex.org/C195274430","wikidata":"https://www.wikidata.org/wiki/Q1650567","display_name":"Client-side scripting","level":5,"score":0.5514175891876221},{"id":"https://openalex.org/C138708601","wikidata":"https://www.wikidata.org/wiki/Q8811","display_name":"HTML","level":3,"score":0.5052240490913391},{"id":"https://openalex.org/C118643609","wikidata":"https://www.wikidata.org/wiki/Q189210","display_name":"Web application","level":2,"score":0.5010175704956055},{"id":"https://openalex.org/C136764020","wikidata":"https://www.wikidata.org/wiki/Q466","display_name":"World Wide Web","level":1,"score":0.49504294991493225},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.4654662609100342},{"id":"https://openalex.org/C154908896","wikidata":"https://www.wikidata.org/wiki/Q2167404","display_name":"Security policy","level":2,"score":0.45325028896331787},{"id":"https://openalex.org/C40305131","wikidata":"https://www.wikidata.org/wiki/Q2616305","display_name":"Obfuscation","level":2,"score":0.4506363272666931},{"id":"https://openalex.org/C519991488","wikidata":"https://www.wikidata.org/wiki/Q28865","display_name":"Python (programming language)","level":2,"score":0.4196149706840515},{"id":"https://openalex.org/C21959979","wikidata":"https://www.wikidata.org/wiki/Q36774","display_name":"Web page","level":2,"score":0.2941763997077942},{"id":"https://openalex.org/C8797682","wikidata":"https://www.wikidata.org/wiki/Q2115","display_name":"XML","level":2,"score":0.2863033413887024},{"id":"https://openalex.org/C59241245","wikidata":"https://www.wikidata.org/wiki/Q4781497","display_name":"Web application security","level":4,"score":0.2723614275455475},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.24668502807617188},{"id":"https://openalex.org/C79373723","wikidata":"https://www.wikidata.org/wiki/Q386275","display_name":"Web development","level":3,"score":0.21142271161079407},{"id":"https://openalex.org/C127613066","wikidata":"https://www.wikidata.org/wiki/Q557770","display_name":"Web API","level":4,"score":0.14573046565055847}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1007/978-3-319-24174-6_2","is_oa":true,"landing_page_url":"https://doi.org/10.1007/978-3-319-24174-6_2","pdf_url":"https://link.springer.com/content/pdf/10.1007/978-3-319-24174-6_2.pdf","source":{"id":"https://openalex.org/S106296714","display_name":"Lecture notes in computer science","issn_l":"0302-9743","issn":["0302-9743","1611-3349"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319900","host_organization_name":"Springer Science+Business Media","host_organization_lineage":["https://openalex.org/P4310319900","https://openalex.org/P4310319965"],"host_organization_lineage_names":["Springer Science+Business Media","Springer Nature"],"type":"book series"},"license":"cc-by-nc","license_id":"https://openalex.org/licenses/cc-by-nc","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Lecture Notes in Computer Science","raw_type":"book-chapter"}],"best_oa_location":{"id":"doi:10.1007/978-3-319-24174-6_2","is_oa":true,"landing_page_url":"https://doi.org/10.1007/978-3-319-24174-6_2","pdf_url":"https://link.springer.com/content/pdf/10.1007/978-3-319-24174-6_2.pdf","source":{"id":"https://openalex.org/S106296714","display_name":"Lecture notes in computer science","issn_l":"0302-9743","issn":["0302-9743","1611-3349"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319900","host_organization_name":"Springer Science+Business Media","host_organization_lineage":["https://openalex.org/P4310319900","https://openalex.org/P4310319965"],"host_organization_lineage_names":["Springer Science+Business Media","Springer Nature"],"type":"book series"},"license":"cc-by-nc","license_id":"https://openalex.org/licenses/cc-by-nc","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Lecture Notes in Computer Science","raw_type":"book-chapter"},"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/16","display_name":"Peace, Justice and strong institutions","score":0.7200000286102295}],"awards":[],"funders":[],"has_content":{"pdf":true,"grobid_xml":true},"content_urls":{"pdf":"https://content.openalex.org/works/W2290753859.pdf","grobid_xml":"https://content.openalex.org/works/W2290753859.grobid-xml"},"referenced_works_count":19,"referenced_works":["https://openalex.org/W186100614","https://openalex.org/W1543478129","https://openalex.org/W1551852676","https://openalex.org/W1561387739","https://openalex.org/W1917555234","https://openalex.org/W1969295446","https://openalex.org/W2002447170","https://openalex.org/W2043520730","https://openalex.org/W2046312985","https://openalex.org/W2049214202","https://openalex.org/W2095450067","https://openalex.org/W2103262407","https://openalex.org/W2129630219","https://openalex.org/W2151619740","https://openalex.org/W2169868363","https://openalex.org/W2170920217","https://openalex.org/W2209327732","https://openalex.org/W2336650211","https://openalex.org/W2598576786"],"related_works":["https://openalex.org/W1222699389","https://openalex.org/W2417252976","https://openalex.org/W2042562985","https://openalex.org/W641367590","https://openalex.org/W4250914548","https://openalex.org/W183683573","https://openalex.org/W2480890606","https://openalex.org/W2189042211","https://openalex.org/W2561743279","https://openalex.org/W4250289522"],"abstract_inverted_index":{"Markup":[0],"Injection":[1],"(MI)":[2],"attacks,":[3,30],"ranging":[4],"from":[5,83],"classical":[6],"Cross-Site":[7],"Scripting":[8],"(XSS)":[9],"and":[10,24,36,122,203,240],"DOMXSS":[11],"to":[12,39,108,119,141,159,170,183,187,220],"Scriptless":[13],"Attacks,":[14],"pose":[15],"a":[16,34,49,59,171,179],"major":[17],"threat":[18],"for":[19,224,238],"web":[20,113,148],"applications,":[21],"browser":[22,57],"extensions,":[23],"mobile":[25],"apps.":[26],"To":[27],"mitigate":[28],"MI":[29,41],"we":[31,47,215],"propose":[32],"JSAgents,":[33],"novel":[35,180,208],"flexible":[37],"approach":[38,74],"defeat":[40],"attacks":[42],"using":[43],"DOM":[44,54],"meta-programming.":[45],"Specifically,":[46],"enforce":[48],"security":[50],"policy":[51,156,169],"on":[52],"the":[53,56,62,68,71,84,89,101,110,143,155,160,191],"of":[55,70,112,126,146],"at":[58],"place":[60],"in":[61,190,197],"markup":[63,85],"processing":[64],"chain":[65],"\u201cjust":[66],"before\u201d":[67],"rendering":[69],"markup.":[72],"This":[73],"has":[75,79],"many":[76],"advantages:":[77],"Obfuscation":[78],"already":[80],"been":[81],"removed":[82],"when":[86],"it":[87],"enters":[88],"DOM,":[90],"mXSS":[91],"attack":[92],"vectors":[93],"are":[94,135],"visible,":[95],"and,":[96],"last":[97],"but":[98,227],"not":[99,151],"least,":[100],"(client-side)":[102],"protection":[103],"can":[104,128,165,230],"be":[105,129,152,236],"individually":[106],"tailored":[107],"fit":[109],"needs":[111,150],"applications.":[114],"JSAgents":[115,175,206],"policies":[116,186],"look":[117],"similar":[118],"CSP":[120,127,164],"policies,":[121],"indeed":[123],"large":[124],"parts":[125],"implemented":[130],"with":[131,199],"JSAgents.":[132],"However,":[133],"there":[134],"three":[136],"main":[137],"differences:":[138],"(1)":[139],"Contrary":[140],"CSP,":[142],"source":[144],"code":[145],"legacy":[147],"applications":[149],"modified;":[153],"instead,":[154],"is":[157,176,195],"adapted":[158],"application.":[161],"(2)":[162],"Whereas":[163],"only":[166],"apply":[167,184],"one":[168],"complete":[172],"HTML":[173,221],"document,":[174],"able,":[177],"through":[178],"cascading":[181],"enforcement,":[182],"different":[185],"each":[188],"element":[189],"DOM;":[192],"this":[193],"property":[194],"essential":[196],"dealing":[198],"JavaScript":[200],"event":[201],"handlers":[202],"URIs.":[204],"(3)":[205],"enables":[207],"features":[209],"like":[210],"coarse-grained":[211],"access":[212,219],"control:":[213],"e.g.":[214],"may":[216,235],"block":[217],"read/write":[218],"form":[222],"elements":[223],"all":[225],"scripts,":[226],"human":[228],"users":[229],"still":[231],"insert":[232],"data":[233],"(which":[234],"interesting":[237],"password":[239],"PIN":[241],"fields).":[242]},"counts_by_year":[{"year":2023,"cited_by_count":1},{"year":2020,"cited_by_count":1},{"year":2016,"cited_by_count":2}],"updated_date":"2026-06-11T09:08:48.828518","created_date":"2025-10-10T00:00:00"}