{"id":"https://openalex.org/W2049214202","doi":"https://doi.org/10.1145/1772690.1772701","title":"Regular expressions considered harmful in client-side XSS filters","display_name":"Regular expressions considered harmful in client-side XSS filters","publication_year":2010,"publication_date":"2010-04-26","ids":{"openalex":"https://openalex.org/W2049214202","doi":"https://doi.org/10.1145/1772690.1772701","mag":"2049214202"},"language":"en","primary_location":{"id":"doi:10.1145/1772690.1772701","is_oa":false,"landing_page_url":"https://doi.org/10.1145/1772690.1772701","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 19th international conference on World wide web","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5046649739","display_name":"Daniel Bates","orcid":"https://orcid.org/0000-0002-9526-3342"},"institutions":[{"id":"https://openalex.org/I134446601","display_name":"Berkeley College","ror":"https://ror.org/02xewxa75","country_code":"US","type":"education","lineage":["https://openalex.org/I134446601"]},{"id":"https://openalex.org/I95457486","display_name":"University of California, Berkeley","ror":"https://ror.org/01an7q238","country_code":"US","type":"education","lineage":["https://openalex.org/I95457486"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Daniel Bates","raw_affiliation_strings":["UC Berkeley, Berkeley, CA, USA"],"affiliations":[{"raw_affiliation_string":"UC Berkeley, Berkeley, CA, USA","institution_ids":["https://openalex.org/I134446601","https://openalex.org/I95457486"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5031112115","display_name":"Adam Barth","orcid":null},"institutions":[{"id":"https://openalex.org/I134446601","display_name":"Berkeley College","ror":"https://ror.org/02xewxa75","country_code":"US","type":"education","lineage":["https://openalex.org/I134446601"]},{"id":"https://openalex.org/I95457486","display_name":"University of California, Berkeley","ror":"https://ror.org/01an7q238","country_code":"US","type":"education","lineage":["https://openalex.org/I95457486"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Adam Barth","raw_affiliation_strings":["UC Berkeley, Berkeley, CA, USA"],"affiliations":[{"raw_affiliation_string":"UC Berkeley, Berkeley, CA, USA","institution_ids":["https://openalex.org/I134446601","https://openalex.org/I95457486"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5010105359","display_name":"Collin Jackson","orcid":null},"institutions":[{"id":"https://openalex.org/I74973139","display_name":"Carnegie Mellon University","ror":"https://ror.org/05x2bcf33","country_code":"US","type":"education","lineage":["https://openalex.org/I74973139"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Collin Jackson","raw_affiliation_strings":["Carnegie Mellon University, Mountain View, CA, USA"],"affiliations":[{"raw_affiliation_string":"Carnegie Mellon University, Mountain View, CA, USA","institution_ids":["https://openalex.org/I74973139"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5046649739"],"corresponding_institution_ids":["https://openalex.org/I134446601","https://openalex.org/I95457486"],"apc_list":null,"apc_paid":null,"fwci":34.3119,"has_fulltext":false,"cited_by_count":173,"citation_normalized_percentile":{"value":0.99616012,"is_in_top_1_percent":true,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":96,"max":100},"biblio":{"volume":null,"issue":null,"first_page":"91","last_page":"100"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9927999973297119,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11644","display_name":"Spam and Phishing Detection","score":0.9882000088691711,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/cross-site-scripting","display_name":"Cross-site scripting","score":0.9617348909378052},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7983056306838989},{"id":"https://openalex.org/keywords/scripting-language","display_name":"Scripting language","score":0.7442778944969177},{"id":"https://openalex.org/keywords/client-side","display_name":"Client-side","score":0.7320049405097961},{"id":"https://openalex.org/keywords/rendering","display_name":"Rendering (computer graphics)","score":0.6045897603034973},{"id":"https://openalex.org/keywords/filter","display_name":"Filter (signal processing)","score":0.5606586337089539},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.5211270451545715},{"id":"https://openalex.org/keywords/vulnerability","display_name":"Vulnerability (computing)","score":0.4895339906215668},{"id":"https://openalex.org/keywords/server-side","display_name":"Server-side","score":0.43863677978515625},{"id":"https://openalex.org/keywords/world-wide-web","display_name":"World Wide Web","score":0.31809574365615845},{"id":"https://openalex.org/keywords/the-internet","display_name":"The Internet","score":0.3128430247306824},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.2684931755065918},{"id":"https://openalex.org/keywords/web-application-security","display_name":"Web application security","score":0.12273353338241577},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.11445268988609314}],"concepts":[{"id":"https://openalex.org/C39569185","wikidata":"https://www.wikidata.org/wiki/Q371199","display_name":"Cross-site scripting","level":5,"score":0.9617348909378052},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7983056306838989},{"id":"https://openalex.org/C61423126","wikidata":"https://www.wikidata.org/wiki/Q187432","display_name":"Scripting language","level":2,"score":0.7442778944969177},{"id":"https://openalex.org/C202477664","wikidata":"https://www.wikidata.org/wiki/Q1352449","display_name":"Client-side","level":2,"score":0.7320049405097961},{"id":"https://openalex.org/C205711294","wikidata":"https://www.wikidata.org/wiki/Q176953","display_name":"Rendering (computer graphics)","level":2,"score":0.6045897603034973},{"id":"https://openalex.org/C106131492","wikidata":"https://www.wikidata.org/wiki/Q3072260","display_name":"Filter (signal processing)","level":2,"score":0.5606586337089539},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.5211270451545715},{"id":"https://openalex.org/C95713431","wikidata":"https://www.wikidata.org/wiki/Q631425","display_name":"Vulnerability (computing)","level":2,"score":0.4895339906215668},{"id":"https://openalex.org/C14414571","wikidata":"https://www.wikidata.org/wiki/Q519081","display_name":"Server-side","level":2,"score":0.43863677978515625},{"id":"https://openalex.org/C136764020","wikidata":"https://www.wikidata.org/wiki/Q466","display_name":"World Wide Web","level":1,"score":0.31809574365615845},{"id":"https://openalex.org/C110875604","wikidata":"https://www.wikidata.org/wiki/Q75","display_name":"The Internet","level":2,"score":0.3128430247306824},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.2684931755065918},{"id":"https://openalex.org/C59241245","wikidata":"https://www.wikidata.org/wiki/Q4781497","display_name":"Web application security","level":4,"score":0.12273353338241577},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.11445268988609314},{"id":"https://openalex.org/C79373723","wikidata":"https://www.wikidata.org/wiki/Q386275","display_name":"Web development","level":3,"score":0.0},{"id":"https://openalex.org/C31972630","wikidata":"https://www.wikidata.org/wiki/Q844240","display_name":"Computer vision","level":1,"score":0.0}],"mesh":[],"locations_count":3,"locations":[{"id":"doi:10.1145/1772690.1772701","is_oa":false,"landing_page_url":"https://doi.org/10.1145/1772690.1772701","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 19th international conference on World wide web","raw_type":"proceedings-article"},{"id":"pmh:oai:CiteSeerX.psu:10.1.1.183.1344","is_oa":false,"landing_page_url":"http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.183.1344","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"http://www.adambarth.org/papers/2010/bates-barth-jackson.pdf","raw_type":"text"},{"id":"pmh:oai:CiteSeerX.psu:10.1.1.212.1391","is_oa":false,"landing_page_url":"http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.212.1391","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"http://www.collinjackson.com/research/xssauditor.pdf","raw_type":"text"}],"best_oa_location":null,"sustainable_development_goals":[{"score":0.8199999928474426,"display_name":"Peace, Justice and strong institutions","id":"https://metadata.un.org/sdg/16"}],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":6,"referenced_works":["https://openalex.org/W1222699389","https://openalex.org/W1600776630","https://openalex.org/W1766807369","https://openalex.org/W1929937324","https://openalex.org/W2162316255","https://openalex.org/W4299960733"],"related_works":["https://openalex.org/W2571973613","https://openalex.org/W2609132699","https://openalex.org/W3197726148","https://openalex.org/W2104452318","https://openalex.org/W2024474165","https://openalex.org/W2743909715","https://openalex.org/W2148211687","https://openalex.org/W2799662300","https://openalex.org/W4313523259","https://openalex.org/W2541278968"],"abstract_inverted_index":{"Cross-site":[0],"scripting":[1],"flaws":[2],"have":[3,23,107],"now":[4,126],"surpassed":[5],"buffer":[6],"overflows":[7],"as":[8],"the":[9,35,116,123,131],"world's":[10],"most":[11],"common":[12],"publicly-reported":[13],"security":[14],"vulnerability.":[15],"In":[16],"recent":[17],"years,":[18],"browser":[19],"vendors":[20],"and":[21,39,75,99,122],"researchers":[22],"tried":[24],"to":[25,29,42,88,104,115],"develop":[26],"client-side":[27],"filters":[28,38,54],"mitigate":[30],"these":[31,53],"attacks.":[32],"We":[33,64,106],"analyze":[34],"best":[36],"existing":[37],"find":[40],"them":[41],"be":[43],"either":[44],"unacceptably":[45],"slow":[46],"or":[47],"easily":[48],"circumvented.":[49],"Worse,":[50],"some":[51],"of":[52,111],"could":[55],"introduce":[56],"vulnerabilities":[57],"into":[58],"sites":[59],"that":[60,70],"were":[61],"previously":[62],"bug-free.":[63],"propose":[65],"a":[66],"new":[67],"filter":[68,113,124],"design":[69,114],"achieves":[71],"both":[72],"high":[73,76],"performance":[74],"precision":[77],"by":[78,128],"blocking":[79],"scripts":[80],"after":[81],"HTML":[82],"parsing":[83],"but":[84],"before":[85],"execution.":[86],"Compared":[87],"previous":[89],"approaches,":[90],"our":[91,112],"approach":[92],"is":[93,100,125],"faster,":[94],"protects":[95],"against":[96],"more":[97],"vulnerabilities,":[98],"harder":[101],"for":[102],"attackers":[103],"abuse.":[105],"contributed":[108],"an":[109],"implementation":[110],"WebKit":[117],"open":[118],"source":[119],"rendering":[120],"engine,":[121],"enabled":[127],"default":[129],"in":[130],"Google":[132],"Chrome":[133],"browser.":[134]},"counts_by_year":[{"year":2025,"cited_by_count":4},{"year":2024,"cited_by_count":3},{"year":2023,"cited_by_count":7},{"year":2022,"cited_by_count":8},{"year":2021,"cited_by_count":9},{"year":2020,"cited_by_count":4},{"year":2019,"cited_by_count":10},{"year":2018,"cited_by_count":10},{"year":2017,"cited_by_count":14},{"year":2016,"cited_by_count":17},{"year":2015,"cited_by_count":15},{"year":2014,"cited_by_count":24},{"year":2013,"cited_by_count":17},{"year":2012,"cited_by_count":16}],"updated_date":"2026-04-04T16:13:02.066488","created_date":"2025-10-10T00:00:00"}