{"id":"https://openalex.org/W4384154608","doi":"https://doi.org/10.1145/3597926.3598116","title":"Splendor: Static Detection of Stored XSS in Modern Web Applications","display_name":"Splendor: Static Detection of Stored XSS in Modern Web Applications","publication_year":2023,"publication_date":"2023-07-12","ids":{"openalex":"https://openalex.org/W4384154608","doi":"https://doi.org/10.1145/3597926.3598116"},"language":"en","primary_location":{"id":"doi:10.1145/3597926.3598116","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3597926.3598116","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 32nd ACM SIGSOFT International Symposium on Software Testing and Analysis","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5013040172","display_name":"He Su","orcid":null},"institutions":[{"id":"https://openalex.org/I19820366","display_name":"Chinese Academy of Sciences","ror":"https://ror.org/034t30j35","country_code":"CN","type":"funder","lineage":["https://openalex.org/I19820366"]},{"id":"https://openalex.org/I4210156404","display_name":"Institute of Information Engineering","ror":"https://ror.org/04r53se39","country_code":"CN","type":"facility","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210156404"]}],"countries":["CN"],"is_corresponding":true,"raw_author_name":"He Su","raw_affiliation_strings":["Institute of Information Engineering at Chinese Academy of Sciences, China"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Institute of Information Engineering at Chinese Academy of Sciences, China","institution_ids":["https://openalex.org/I4210156404","https://openalex.org/I19820366"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100722250","display_name":"Feng Li","orcid":"https://orcid.org/0000-0002-2686-2106"},"institutions":[{"id":"https://openalex.org/I4210156404","display_name":"Institute of Information Engineering","ror":"https://ror.org/04r53se39","country_code":"CN","type":"facility","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210156404"]},{"id":"https://openalex.org/I19820366","display_name":"Chinese Academy of Sciences","ror":"https://ror.org/034t30j35","country_code":"CN","type":"funder","lineage":["https://openalex.org/I19820366"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Feng Li","raw_affiliation_strings":["Institute of Information Engineering at Chinese Academy of Sciences, China"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Institute of Information Engineering at Chinese Academy of Sciences, China","institution_ids":["https://openalex.org/I4210156404","https://openalex.org/I19820366"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5074185677","display_name":"Lili Xu","orcid":"https://orcid.org/0000-0002-5395-2924"},"institutions":[{"id":"https://openalex.org/I19820366","display_name":"Chinese Academy of Sciences","ror":"https://ror.org/034t30j35","country_code":"CN","type":"funder","lineage":["https://openalex.org/I19820366"]},{"id":"https://openalex.org/I4210156404","display_name":"Institute of Information Engineering","ror":"https://ror.org/04r53se39","country_code":"CN","type":"facility","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210156404"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Lili Xu","raw_affiliation_strings":["Institute of Information Engineering at Chinese Academy of Sciences, China"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Institute of Information Engineering at Chinese Academy of Sciences, China","institution_ids":["https://openalex.org/I4210156404","https://openalex.org/I19820366"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5001992062","display_name":"Wenbo Hu","orcid":"https://orcid.org/0000-0001-6082-4966"},"institutions":[{"id":"https://openalex.org/I4210156404","display_name":"Institute of Information Engineering","ror":"https://ror.org/04r53se39","country_code":"CN","type":"facility","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210156404"]},{"id":"https://openalex.org/I19820366","display_name":"Chinese Academy of Sciences","ror":"https://ror.org/034t30j35","country_code":"CN","type":"funder","lineage":["https://openalex.org/I19820366"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Wenbo Hu","raw_affiliation_strings":["Institute of Information Engineering at Chinese Academy of Sciences, China"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Institute of Information Engineering at Chinese Academy of Sciences, China","institution_ids":["https://openalex.org/I4210156404","https://openalex.org/I19820366"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100301686","display_name":"Sun Yujie","orcid":null},"institutions":[{"id":"https://openalex.org/I19820366","display_name":"Chinese Academy of Sciences","ror":"https://ror.org/034t30j35","country_code":"CN","type":"funder","lineage":["https://openalex.org/I19820366"]},{"id":"https://openalex.org/I4210156404","display_name":"Institute of Information Engineering","ror":"https://ror.org/04r53se39","country_code":"CN","type":"facility","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210156404"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Yujie Sun","raw_affiliation_strings":["Institute of Information Engineering at Chinese Academy of Sciences, China"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Institute of Information Engineering at Chinese Academy of Sciences, China","institution_ids":["https://openalex.org/I4210156404","https://openalex.org/I19820366"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5101223419","display_name":"Qing Sun","orcid":null},"institutions":[{"id":"https://openalex.org/I19820366","display_name":"Chinese Academy of Sciences","ror":"https://ror.org/034t30j35","country_code":"CN","type":"funder","lineage":["https://openalex.org/I19820366"]},{"id":"https://openalex.org/I4210156404","display_name":"Institute of Information Engineering","ror":"https://ror.org/04r53se39","country_code":"CN","type":"facility","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210156404"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Qing Sun","raw_affiliation_strings":["Institute of Information Engineering at Chinese Academy of Sciences, China"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Institute of Information Engineering at Chinese Academy of Sciences, China","institution_ids":["https://openalex.org/I4210156404","https://openalex.org/I19820366"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5024517513","display_name":"Huina Chao","orcid":null},"institutions":[{"id":"https://openalex.org/I4210156404","display_name":"Institute of Information Engineering","ror":"https://ror.org/04r53se39","country_code":"CN","type":"facility","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210156404"]},{"id":"https://openalex.org/I19820366","display_name":"Chinese Academy of Sciences","ror":"https://ror.org/034t30j35","country_code":"CN","type":"funder","lineage":["https://openalex.org/I19820366"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Huina Chao","raw_affiliation_strings":["Institute of Information Engineering at Chinese Academy of Sciences, China"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Institute of Information Engineering at Chinese Academy of Sciences, China","institution_ids":["https://openalex.org/I4210156404","https://openalex.org/I19820366"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5050683592","display_name":"Wei Huo","orcid":"https://orcid.org/0009-0000-7121-1196"},"institutions":[{"id":"https://openalex.org/I4210156404","display_name":"Institute of Information Engineering","ror":"https://ror.org/04r53se39","country_code":"CN","type":"facility","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210156404"]},{"id":"https://openalex.org/I19820366","display_name":"Chinese Academy of Sciences","ror":"https://ror.org/034t30j35","country_code":"CN","type":"funder","lineage":["https://openalex.org/I19820366"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Wei Huo","raw_affiliation_strings":["Institute of Information Engineering at Chinese Academy of Sciences, China"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Institute of Information Engineering at Chinese Academy of Sciences, China","institution_ids":["https://openalex.org/I4210156404","https://openalex.org/I19820366"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":8,"corresponding_author_ids":["https://openalex.org/A5013040172"],"corresponding_institution_ids":["https://openalex.org/I19820366","https://openalex.org/I4210156404"],"apc_list":null,"apc_paid":null,"fwci":4.8625,"has_fulltext":false,"cited_by_count":11,"citation_normalized_percentile":{"value":0.95387793,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":90,"max":99},"biblio":{"volume":null,"issue":null,"first_page":"1043","last_page":"1054"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9976000189781189,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.992900013923645,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/cross-site-scripting","display_name":"Cross-site scripting","score":0.959540605545044},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8141528367996216},{"id":"https://openalex.org/keywords/scripting-language","display_name":"Scripting language","score":0.7905610799789429},{"id":"https://openalex.org/keywords/web-application","display_name":"Web application","score":0.5537251830101013},{"id":"https://openalex.org/keywords/database","display_name":"Database","score":0.5523159503936768},{"id":"https://openalex.org/keywords/world-wide-web","display_name":"World Wide Web","score":0.5019581317901611},{"id":"https://openalex.org/keywords/taint-checking","display_name":"Taint checking","score":0.4579656422138214},{"id":"https://openalex.org/keywords/encapsulation","display_name":"Encapsulation (networking)","score":0.456769198179245},{"id":"https://openalex.org/keywords/static-analysis","display_name":"Static analysis","score":0.43727338314056396},{"id":"https://openalex.org/keywords/programming-language","display_name":"Programming language","score":0.369645893573761},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.3274597227573395},{"id":"https://openalex.org/keywords/web-application-security","display_name":"Web application security","score":0.27989405393600464},{"id":"https://openalex.org/keywords/web-service","display_name":"Web service","score":0.258375346660614},{"id":"https://openalex.org/keywords/web-development","display_name":"Web development","score":0.24595823884010315},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.14331218600273132}],"concepts":[{"id":"https://openalex.org/C39569185","wikidata":"https://www.wikidata.org/wiki/Q371199","display_name":"Cross-site scripting","level":5,"score":0.959540605545044},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8141528367996216},{"id":"https://openalex.org/C61423126","wikidata":"https://www.wikidata.org/wiki/Q187432","display_name":"Scripting language","level":2,"score":0.7905610799789429},{"id":"https://openalex.org/C118643609","wikidata":"https://www.wikidata.org/wiki/Q189210","display_name":"Web application","level":2,"score":0.5537251830101013},{"id":"https://openalex.org/C77088390","wikidata":"https://www.wikidata.org/wiki/Q8513","display_name":"Database","level":1,"score":0.5523159503936768},{"id":"https://openalex.org/C136764020","wikidata":"https://www.wikidata.org/wiki/Q466","display_name":"World Wide Web","level":1,"score":0.5019581317901611},{"id":"https://openalex.org/C63116202","wikidata":"https://www.wikidata.org/wiki/Q7676227","display_name":"Taint checking","level":3,"score":0.4579656422138214},{"id":"https://openalex.org/C81147070","wikidata":"https://www.wikidata.org/wiki/Q1172449","display_name":"Encapsulation (networking)","level":2,"score":0.456769198179245},{"id":"https://openalex.org/C97686452","wikidata":"https://www.wikidata.org/wiki/Q7604153","display_name":"Static analysis","level":2,"score":0.43727338314056396},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.369645893573761},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.3274597227573395},{"id":"https://openalex.org/C59241245","wikidata":"https://www.wikidata.org/wiki/Q4781497","display_name":"Web application security","level":4,"score":0.27989405393600464},{"id":"https://openalex.org/C35578498","wikidata":"https://www.wikidata.org/wiki/Q193424","display_name":"Web service","level":2,"score":0.258375346660614},{"id":"https://openalex.org/C79373723","wikidata":"https://www.wikidata.org/wiki/Q386275","display_name":"Web development","level":3,"score":0.24595823884010315},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.14331218600273132}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3597926.3598116","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3597926.3598116","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 32nd ACM SIGSOFT International Symposium on Software Testing and Analysis","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[{"score":0.8100000023841858,"id":"https://metadata.un.org/sdg/16","display_name":"Peace, Justice and strong institutions"}],"awards":[],"funders":[{"id":"https://openalex.org/F4320321133","display_name":"Chinese Academy of Sciences","ror":"https://ror.org/034t30j35"}],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":21,"referenced_works":["https://openalex.org/W1969545431","https://openalex.org/W1981252920","https://openalex.org/W1992114977","https://openalex.org/W2738950715","https://openalex.org/W2804700615","https://openalex.org/W3095708133","https://openalex.org/W3124662913","https://openalex.org/W3194391066","https://openalex.org/W4200186003","https://openalex.org/W4212949137","https://openalex.org/W4229775528","https://openalex.org/W4232172926","https://openalex.org/W4234468980","https://openalex.org/W4241789658","https://openalex.org/W4312372164","https://openalex.org/W6600100092","https://openalex.org/W6600339963","https://openalex.org/W6606431370","https://openalex.org/W6609005161","https://openalex.org/W6701704181","https://openalex.org/W6772081189"],"related_works":["https://openalex.org/W2766465278","https://openalex.org/W2150889667","https://openalex.org/W3190536237","https://openalex.org/W4233984944","https://openalex.org/W195300121","https://openalex.org/W4306406237","https://openalex.org/W2017602249","https://openalex.org/W2746644282","https://openalex.org/W2997044556","https://openalex.org/W4387982387"],"abstract_inverted_index":{"In":[0],"modern":[1,57],"websites,":[2],"stored":[3,49],"Cross-Site":[4],"Scripting":[5],"(XSS)":[6],"is":[7,41],"the":[8,18,26,31,44,54,60,84,99,117,121],"most":[9,32,45],"dangerous":[10],"XSS":[11,50],"vulnerability,":[12],"which":[13],"can":[14],"store":[15],"payloads":[16],"in":[17,98,124],"web":[19],"system":[20],"and":[21,69,93,120],"be":[22,67],"triggered":[23],"directly":[24],"by":[25],"victim.":[27],"Database":[28],"(DB)":[29],"as":[30,71],"commonly":[33],"used":[34],"storage":[35],"medium":[36],"for":[37,105],"data":[38,80,114],"on":[39],"websites":[40],"therefore":[42],"also":[43],"common":[46],"place":[47],"where":[48],"occurs.":[51],"Due":[52],"to":[53,77,83,110],"modularity":[55],"of":[56,90],"programming":[58],"architectures,":[59],"complex":[61],"underlying":[62],"database":[63],"operations":[64],"will":[65],"often":[66],"encapsulated":[68],"abstracted":[70],"a":[72],"Data":[73],"Access":[74],"Layer":[75],"(DAL)":[76],"provide":[78],"unified":[79],"access":[81],"services":[82],"business":[85],"layer.":[86],"The":[87],"heavy":[88],"use":[89],"Object-Oriented":[91],"(OO)":[92],"dynamic":[94],"language":[95],"features":[96],"involved":[97],"encapsulation":[100],"makes":[101],"it":[102],"increasingly":[103],"challenging":[104],"static":[106],"taint":[107],"analysis":[108],"tools":[109],"understand":[111],"how":[112],"tainted":[113],"flows":[115],"between":[116],"source":[118],"code":[119],"exact":[122],"locations":[123],"database.":[125]},"counts_by_year":[{"year":2026,"cited_by_count":2},{"year":2025,"cited_by_count":8},{"year":2024,"cited_by_count":1}],"updated_date":"2026-05-11T08:15:01.531666","created_date":"2025-10-10T00:00:00"}