{"id":"https://openalex.org/W2090184259","doi":"https://doi.org/10.1109/seccom.2007.4550368","title":"Simple cross-site attack prevention","display_name":"Simple cross-site attack prevention","publication_year":2007,"publication_date":"2007-01-01","ids":{"openalex":"https://openalex.org/W2090184259","doi":"https://doi.org/10.1109/seccom.2007.4550368","mag":"2090184259"},"language":"en","primary_location":{"id":"doi:10.1109/seccom.2007.4550368","is_oa":false,"landing_page_url":"https://doi.org/10.1109/seccom.2007.4550368","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2007 Third International Conference on Security and Privacy in Communications Networks and the Workshops - SecureComm 2007","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5102985450","display_name":"Florian Kerschbaum","orcid":"https://orcid.org/0000-0003-4288-2286"},"institutions":[],"countries":[],"is_corresponding":true,"raw_author_name":"Florian Kerschbaum","raw_affiliation_strings":["SAP Research Center Palo Alto LLC, Karlsruhe, Germany","SAP Research, Karlsruhe, Germany"],"affiliations":[{"raw_affiliation_string":"SAP Research Center Palo Alto LLC, Karlsruhe, Germany","institution_ids":[]},{"raw_affiliation_string":"SAP Research, Karlsruhe, Germany","institution_ids":[]}]}],"institutions":[],"countries_distinct_count":0,"institutions_distinct_count":1,"corresponding_author_ids":["https://openalex.org/A5102985450"],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":4.1416,"has_fulltext":false,"cited_by_count":46,"citation_normalized_percentile":{"value":0.94330373,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":90,"max":98},"biblio":{"volume":null,"issue":null,"first_page":null,"last_page":null},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9986000061035156,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.9958999752998352,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/cross-site-scripting","display_name":"Cross-site scripting","score":0.9480173587799072},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8067247867584229},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.679249107837677},{"id":"https://openalex.org/keywords/web-server","display_name":"Web server","score":0.545840859413147},{"id":"https://openalex.org/keywords/correctness","display_name":"Correctness","score":0.4748820662498474},{"id":"https://openalex.org/keywords/world-wide-web","display_name":"World Wide Web","score":0.46748870611190796},{"id":"https://openalex.org/keywords/session","display_name":"Session (web analytics)","score":0.4662899672985077},{"id":"https://openalex.org/keywords/scripting-language","display_name":"Scripting language","score":0.4658786654472351},{"id":"https://openalex.org/keywords/exploit","display_name":"Exploit","score":0.4651682376861572},{"id":"https://openalex.org/keywords/simple","display_name":"Simple (philosophy)","score":0.4496479630470276},{"id":"https://openalex.org/keywords/web-site","display_name":"Web site","score":0.4142796993255615},{"id":"https://openalex.org/keywords/web-service","display_name":"Web service","score":0.3609660863876343},{"id":"https://openalex.org/keywords/the-internet","display_name":"The Internet","score":0.3485736846923828},{"id":"https://openalex.org/keywords/web-application-security","display_name":"Web application security","score":0.31652483344078064},{"id":"https://openalex.org/keywords/web-development","display_name":"Web development","score":0.24592959880828857},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.1322195827960968}],"concepts":[{"id":"https://openalex.org/C39569185","wikidata":"https://www.wikidata.org/wiki/Q371199","display_name":"Cross-site scripting","level":5,"score":0.9480173587799072},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8067247867584229},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.679249107837677},{"id":"https://openalex.org/C11392498","wikidata":"https://www.wikidata.org/wiki/Q11288","display_name":"Web server","level":3,"score":0.545840859413147},{"id":"https://openalex.org/C55439883","wikidata":"https://www.wikidata.org/wiki/Q360812","display_name":"Correctness","level":2,"score":0.4748820662498474},{"id":"https://openalex.org/C136764020","wikidata":"https://www.wikidata.org/wiki/Q466","display_name":"World Wide Web","level":1,"score":0.46748870611190796},{"id":"https://openalex.org/C2779182362","wikidata":"https://www.wikidata.org/wiki/Q17126187","display_name":"Session (web analytics)","level":2,"score":0.4662899672985077},{"id":"https://openalex.org/C61423126","wikidata":"https://www.wikidata.org/wiki/Q187432","display_name":"Scripting language","level":2,"score":0.4658786654472351},{"id":"https://openalex.org/C165696696","wikidata":"https://www.wikidata.org/wiki/Q11287","display_name":"Exploit","level":2,"score":0.4651682376861572},{"id":"https://openalex.org/C2780586882","wikidata":"https://www.wikidata.org/wiki/Q7520643","display_name":"Simple (philosophy)","level":2,"score":0.4496479630470276},{"id":"https://openalex.org/C2984519610","wikidata":"https://www.wikidata.org/wiki/Q35127","display_name":"Web site","level":3,"score":0.4142796993255615},{"id":"https://openalex.org/C35578498","wikidata":"https://www.wikidata.org/wiki/Q193424","display_name":"Web service","level":2,"score":0.3609660863876343},{"id":"https://openalex.org/C110875604","wikidata":"https://www.wikidata.org/wiki/Q75","display_name":"The Internet","level":2,"score":0.3485736846923828},{"id":"https://openalex.org/C59241245","wikidata":"https://www.wikidata.org/wiki/Q4781497","display_name":"Web application security","level":4,"score":0.31652483344078064},{"id":"https://openalex.org/C79373723","wikidata":"https://www.wikidata.org/wiki/Q386275","display_name":"Web development","level":3,"score":0.24592959880828857},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.1322195827960968},{"id":"https://openalex.org/C111472728","wikidata":"https://www.wikidata.org/wiki/Q9471","display_name":"Epistemology","level":1,"score":0.0},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.0},{"id":"https://openalex.org/C138885662","wikidata":"https://www.wikidata.org/wiki/Q5891","display_name":"Philosophy","level":0,"score":0.0}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1109/seccom.2007.4550368","is_oa":false,"landing_page_url":"https://doi.org/10.1109/seccom.2007.4550368","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2007 Third International Conference on Security and Privacy in Communications Networks and the Workshops - SecureComm 2007","raw_type":"proceedings-article"},{"id":"pmh:oai:CiteSeerX.psu:10.1.1.296.4110","is_oa":false,"landing_page_url":"http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.296.4110","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"http://www.cs.bham.ac.uk/~tpc/cwi/Teaching/MASPPapers/XsiteAttacks.pdf","raw_type":"text"}],"best_oa_location":null,"sustainable_development_goals":[{"display_name":"Peace, Justice and strong institutions","score":0.6299999952316284,"id":"https://metadata.un.org/sdg/16"}],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":16,"referenced_works":["https://openalex.org/W195300121","https://openalex.org/W1222699389","https://openalex.org/W1598083179","https://openalex.org/W1779735989","https://openalex.org/W2060440626","https://openalex.org/W2074845051","https://openalex.org/W2108810805","https://openalex.org/W2119085032","https://openalex.org/W2126207747","https://openalex.org/W2155589792","https://openalex.org/W2162316255","https://openalex.org/W2613359208","https://openalex.org/W6627779323","https://openalex.org/W6635665485","https://openalex.org/W6637957265","https://openalex.org/W6737760903"],"related_works":["https://openalex.org/W2150889667","https://openalex.org/W3190536237","https://openalex.org/W195300121","https://openalex.org/W2017602249","https://openalex.org/W1531015913","https://openalex.org/W2407701912","https://openalex.org/W3180404666","https://openalex.org/W2132791332","https://openalex.org/W2167752994","https://openalex.org/W2117221897"],"abstract_inverted_index":{"Many":[0],"web":[1,28,134,143,177,210],"applications":[2],"are":[3,50,68],"security":[4],"critical,":[5],"since":[6],"they":[7],"involve":[8],"real-world":[9],"monetary":[10],"transactions,":[11],"e.g.":[12],"online":[13,16],"auctions":[14],"or":[15,77],"banking.":[17],"Attackers":[18],"have":[19,40],"found":[20],"new":[21],"attacks":[22,32,39,76,80,106,186],"to":[23,71,141,191,205,221],"exploit":[24],"vulnerabilities":[25],"in":[26,44,60,146],"these":[27,31,63],"applications.":[29],"Among":[30],"reflected":[33,100],"cross-site":[34,64,73,78,101,185],"scripting":[35,79,102],"and":[36,52,95,103,150,179,187,212],"request":[37,74,104],"forgery":[38,75,105],"received":[41],"much":[42],"attention":[43],"the":[45,83,86,111,147,163,214],"recent":[46],"scientific":[47],"literature.":[48],"There":[49],"client-side":[51],"server-side":[53],"solutions":[54,67],"which":[55,81],"can":[56],"complement":[57],"each":[58],"other":[59],"protecting":[61],"against":[62,184],"attacks.":[65],"Server-side":[66],"currently":[69],"limited":[70],"either":[72],"attack":[82],"integrity":[84],"of":[85,129,165,181,208],"session":[87],"(session":[88],"theft).":[89],"This":[90],"paper":[91],"presents":[92],"a":[93,108,142,160,169,176,206],"lightweight":[94],"efficient":[96],"solution":[97],"that":[98,124,139,218],"prevents":[99],"using":[107,168],"gateway":[109,174],"at":[110],"server.":[112],"It":[113,137],"is":[114,188],"so":[115],"strikingly":[116],"simple":[117],"(yet":[118],"solves":[119],"this":[120],"practically":[121],"pressing":[122],"problem),":[123],"it":[125,204],"should":[126],"be":[127,222],"part":[128],"best":[130],"practices":[131],"for":[132],"every":[133],"site":[135,144,178],"operator.":[136],"ensures":[138],"input":[140],"originated":[145],"user\u2019s":[148],"browser":[149],"has":[151],"not":[152,195],"been":[153],"forged":[154],"by":[155,158,202],"an":[156],"attacker":[157],"following":[159],"link.We":[161],"show":[162],"correctness":[164],"our":[166,200],"approach":[167,201],"software":[170],"model":[171],"checker.":[172],"Our":[173],"protects":[175],"all":[180],"its":[182],"pages":[183],"still":[189],"able":[190],"function":[192],"normally":[193],"while":[194],"being":[196],"attacked.":[197],"We":[198],"evaluate":[199],"applying":[203],"number":[207],"important":[209],"sites":[211],"see":[213],"necessary":[215],"architectural":[216],"changes":[217],"would":[219],"need":[220],"made.":[223]},"counts_by_year":[{"year":2025,"cited_by_count":1},{"year":2024,"cited_by_count":2},{"year":2022,"cited_by_count":2},{"year":2021,"cited_by_count":4},{"year":2019,"cited_by_count":1},{"year":2018,"cited_by_count":3},{"year":2017,"cited_by_count":5},{"year":2016,"cited_by_count":4},{"year":2015,"cited_by_count":4},{"year":2014,"cited_by_count":5},{"year":2013,"cited_by_count":4},{"year":2012,"cited_by_count":3}],"updated_date":"2026-04-05T17:49:38.594831","created_date":"2025-10-10T00:00:00"}