{"id":"https://openalex.org/W2535549398","doi":"https://doi.org/10.1145/2976749.2978338","title":"Content Security Problems?","display_name":"Content Security Problems?","publication_year":2016,"publication_date":"2016-10-24","ids":{"openalex":"https://openalex.org/W2535549398","doi":"https://doi.org/10.1145/2976749.2978338","mag":"2535549398"},"language":"en","primary_location":{"id":"doi:10.1145/2976749.2978338","is_oa":false,"landing_page_url":"https://doi.org/10.1145/2976749.2978338","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"http://hdl.handle.net/10278/3685122","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5084675121","display_name":"Stefano Calzavara","orcid":"https://orcid.org/0000-0001-9179-8270"},"institutions":[{"id":"https://openalex.org/I149461666","display_name":"Ca' Foscari University of Venice","ror":"https://ror.org/04yzxz566","country_code":"IT","type":"education","lineage":["https://openalex.org/I149461666"]}],"countries":["IT"],"is_corresponding":true,"raw_author_name":"Stefano Calzavara","raw_affiliation_strings":["Universit\u00e0 Ca' Foscari, Venezia, Italy"],"affiliations":[{"raw_affiliation_string":"Universit\u00e0 Ca' Foscari, Venezia, Italy","institution_ids":["https://openalex.org/I149461666"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5051514881","display_name":"Alvise Rabitti","orcid":"https://orcid.org/0000-0001-9555-8493"},"institutions":[{"id":"https://openalex.org/I149461666","display_name":"Ca' Foscari University of Venice","ror":"https://ror.org/04yzxz566","country_code":"IT","type":"education","lineage":["https://openalex.org/I149461666"]}],"countries":["IT"],"is_corresponding":false,"raw_author_name":"Alvise Rabitti","raw_affiliation_strings":["Universit\u00e0 Ca' Foscari, Venezia, Italy"],"affiliations":[{"raw_affiliation_string":"Universit\u00e0 Ca' Foscari, Venezia, Italy","institution_ids":["https://openalex.org/I149461666"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5077037306","display_name":"Michele Bugliesi","orcid":"https://orcid.org/0000-0002-4567-3351"},"institutions":[{"id":"https://openalex.org/I149461666","display_name":"Ca' Foscari University of Venice","ror":"https://ror.org/04yzxz566","country_code":"IT","type":"education","lineage":["https://openalex.org/I149461666"]}],"countries":["IT"],"is_corresponding":false,"raw_author_name":"Michele Bugliesi","raw_affiliation_strings":["Universit\u00e0 Ca' Foscari, Venezia, Italy"],"affiliations":[{"raw_affiliation_string":"Universit\u00e0 Ca' Foscari, Venezia, Italy","institution_ids":["https://openalex.org/I149461666"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5084675121"],"corresponding_institution_ids":["https://openalex.org/I149461666"],"apc_list":null,"apc_paid":null,"fwci":10.6156,"has_fulltext":true,"cited_by_count":49,"citation_normalized_percentile":{"value":0.98146802,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":96,"max":100},"biblio":{"volume":null,"issue":null,"first_page":"1365","last_page":"1375"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.991599977016449,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11644","display_name":"Spam and Phishing Detection","score":0.989300012588501,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.6980414390563965},{"id":"https://openalex.org/keywords/key","display_name":"Key (lock)","score":0.6465979814529419},{"id":"https://openalex.org/keywords/software-deployment","display_name":"Software deployment","score":0.6452814340591431},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.6079089045524597},{"id":"https://openalex.org/keywords/strengths-and-weaknesses","display_name":"Strengths and weaknesses","score":0.5114192366600037},{"id":"https://openalex.org/keywords/security-policy","display_name":"Security policy","score":0.49710848927497864},{"id":"https://openalex.org/keywords/unintended-consequences","display_name":"Unintended consequences","score":0.44396811723709106},{"id":"https://openalex.org/keywords/risk-analysis","display_name":"Risk analysis (engineering)","score":0.3432118892669678},{"id":"https://openalex.org/keywords/business","display_name":"Business","score":0.16709551215171814},{"id":"https://openalex.org/keywords/software-engineering","display_name":"Software engineering","score":0.08824795484542847},{"id":"https://openalex.org/keywords/political-science","display_name":"Political science","score":0.07177326083183289}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.6980414390563965},{"id":"https://openalex.org/C26517878","wikidata":"https://www.wikidata.org/wiki/Q228039","display_name":"Key (lock)","level":2,"score":0.6465979814529419},{"id":"https://openalex.org/C105339364","wikidata":"https://www.wikidata.org/wiki/Q2297740","display_name":"Software deployment","level":2,"score":0.6452814340591431},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.6079089045524597},{"id":"https://openalex.org/C63882131","wikidata":"https://www.wikidata.org/wiki/Q17122954","display_name":"Strengths and weaknesses","level":2,"score":0.5114192366600037},{"id":"https://openalex.org/C154908896","wikidata":"https://www.wikidata.org/wiki/Q2167404","display_name":"Security policy","level":2,"score":0.49710848927497864},{"id":"https://openalex.org/C2776889888","wikidata":"https://www.wikidata.org/wiki/Q1135789","display_name":"Unintended consequences","level":2,"score":0.44396811723709106},{"id":"https://openalex.org/C112930515","wikidata":"https://www.wikidata.org/wiki/Q4389547","display_name":"Risk analysis (engineering)","level":1,"score":0.3432118892669678},{"id":"https://openalex.org/C144133560","wikidata":"https://www.wikidata.org/wiki/Q4830453","display_name":"Business","level":0,"score":0.16709551215171814},{"id":"https://openalex.org/C115903868","wikidata":"https://www.wikidata.org/wiki/Q80993","display_name":"Software engineering","level":1,"score":0.08824795484542847},{"id":"https://openalex.org/C17744445","wikidata":"https://www.wikidata.org/wiki/Q36442","display_name":"Political science","level":0,"score":0.07177326083183289},{"id":"https://openalex.org/C111472728","wikidata":"https://www.wikidata.org/wiki/Q9471","display_name":"Epistemology","level":1,"score":0.0},{"id":"https://openalex.org/C199539241","wikidata":"https://www.wikidata.org/wiki/Q7748","display_name":"Law","level":1,"score":0.0},{"id":"https://openalex.org/C138885662","wikidata":"https://www.wikidata.org/wiki/Q5891","display_name":"Philosophy","level":0,"score":0.0}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1145/2976749.2978338","is_oa":false,"landing_page_url":"https://doi.org/10.1145/2976749.2978338","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security","raw_type":"proceedings-article"},{"id":"pmh:oai:iris.unive.it:10278/3685122","is_oa":true,"landing_page_url":"http://hdl.handle.net/10278/3685122","pdf_url":"http://hdl.handle.net/10278/3685122","source":{"id":"https://openalex.org/S4306402336","display_name":"ARCA (Universit\u00e0 Ca' Foscari Venezia)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I149461666","host_organization_name":"Ca' Foscari University of Venice","host_organization_lineage":["https://openalex.org/I149461666"],"host_organization_lineage_names":[],"type":"repository"},"license":"other-oa","license_id":"https://openalex.org/licenses/other-oa","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"info:eu-repo/semantics/conferenceObject"}],"best_oa_location":{"id":"pmh:oai:iris.unive.it:10278/3685122","is_oa":true,"landing_page_url":"http://hdl.handle.net/10278/3685122","pdf_url":"http://hdl.handle.net/10278/3685122","source":{"id":"https://openalex.org/S4306402336","display_name":"ARCA (Universit\u00e0 Ca' Foscari Venezia)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I149461666","host_organization_name":"Ca' Foscari University of Venice","host_organization_lineage":["https://openalex.org/I149461666"],"host_organization_lineage_names":[],"type":"repository"},"license":"other-oa","license_id":"https://openalex.org/licenses/other-oa","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"info:eu-repo/semantics/conferenceObject"},"sustainable_development_goals":[{"score":0.800000011920929,"display_name":"Peace, Justice and strong institutions","id":"https://metadata.un.org/sdg/16"}],"awards":[],"funders":[{"id":"https://openalex.org/F4320321873","display_name":"Ministero dell\u2019Istruzione, dell\u2019Universit\u00e0 e della Ricerca","ror":"https://ror.org/0166hxq48"}],"has_content":{"grobid_xml":false,"pdf":true},"content_urls":{"pdf":"https://content.openalex.org/works/W2535549398.pdf"},"referenced_works_count":22,"referenced_works":["https://openalex.org/W143177508","https://openalex.org/W181628467","https://openalex.org/W200873936","https://openalex.org/W1473921560","https://openalex.org/W1543478129","https://openalex.org/W1974977720","https://openalex.org/W1991074244","https://openalex.org/W2008251338","https://openalex.org/W2044969874","https://openalex.org/W2046312985","https://openalex.org/W2078238197","https://openalex.org/W2101678831","https://openalex.org/W2168563136","https://openalex.org/W2169868363","https://openalex.org/W2170920217","https://openalex.org/W2243132820","https://openalex.org/W2255369088","https://openalex.org/W2294676880","https://openalex.org/W2400264373","https://openalex.org/W2404759360","https://openalex.org/W2746937343","https://openalex.org/W6605849724"],"related_works":["https://openalex.org/W2770234245","https://openalex.org/W96612179","https://openalex.org/W4229499248","https://openalex.org/W2566006169","https://openalex.org/W1567818861","https://openalex.org/W2987774938","https://openalex.org/W4256492088","https://openalex.org/W632915154","https://openalex.org/W2055733372","https://openalex.org/W4295769391"],"abstract_inverted_index":{"Content":[0],"Security":[1],"Policy":[2],"(CSP)":[3],"is":[4,49],"an":[5],"emerging":[6],"W3C":[7],"standard":[8],"introduced":[9],"to":[10,65,72,101],"mitigate":[11],"the":[12,33,53,66,123,138],"impact":[13,31],"of":[14,26,35,55,88,114,126],"content":[15,94],"injection":[16],"vulnerabilities":[17],"on":[18,32],"websites.":[19],"We":[20,110],"perform":[21],"a":[22,74,86],"systematic,":[23],"large-scale":[24],"analysis":[25,60],"four":[27],"key":[28],"aspects":[29],"that":[30,112],"effectiveness":[34],"CSP:":[36],"browser":[37,47],"support,":[38],"website":[39],"adoption,":[40],"correct":[41],"configuration":[42],"and":[43,90,105],"constant":[44],"maintenance.":[45],"While":[46],"support":[48],"largely":[50],"satisfactory,":[51],"with":[52],"exception":[54],"few":[56],"notable":[57],"issues,":[58],"our":[59],"unveils":[61],"several":[62],"shortcomings":[63],"relative":[64],"other":[67,129],"three":[68],"aspects.":[69],"CSP":[70,139],"appears":[71],"have":[73],"rather":[75],"limited":[76],"deployment":[77],"as":[78],"yet":[79],"and,":[80],"more":[81,135],"crucially,":[82],"existing":[83],"policies":[84,96],"exhibit":[85],"number":[87],"weaknesses":[89],"misconfiguration":[91],"errors.":[92],"Moreover,":[93],"security":[95,108],"are":[97],"not":[98],"regularly":[99],"updated":[100],"ban":[102],"insecure":[103],"practices":[104],"remove":[106],"unintended":[107],"violations.":[109],"argue":[111],"many":[113],"these":[115],"problems":[116],"can":[117],"be":[118],"fixed":[119],"by":[120],"better":[121],"exploiting":[122],"monitoring":[124],"facilities":[125],"CSP,":[127],"while":[128],"issues":[130],"deserve":[131],"additional":[132],"research,":[133],"being":[134],"rooted":[136],"into":[137],"design.":[140]},"counts_by_year":[{"year":2026,"cited_by_count":2},{"year":2025,"cited_by_count":6},{"year":2024,"cited_by_count":4},{"year":2023,"cited_by_count":4},{"year":2022,"cited_by_count":3},{"year":2021,"cited_by_count":6},{"year":2020,"cited_by_count":8},{"year":2019,"cited_by_count":5},{"year":2018,"cited_by_count":5},{"year":2017,"cited_by_count":6}],"updated_date":"2026-02-25T08:12:03.925757","created_date":"2025-10-10T00:00:00"}