{"id":"https://openalex.org/W1184927937","doi":"https://doi.org/10.3233/jcs-130494","title":"Scriptless attacks: Stealing more pie without touching the sill","display_name":"Scriptless attacks: Stealing more pie without touching the sill","publication_year":2014,"publication_date":"2014-04-23","ids":{"openalex":"https://openalex.org/W1184927937","doi":"https://doi.org/10.3233/jcs-130494","mag":"1184927937"},"language":"en","primary_location":{"id":"doi:10.3233/jcs-130494","is_oa":false,"landing_page_url":"https://doi.org/10.3233/jcs-130494","pdf_url":null,"source":{"id":"https://openalex.org/S106992369","display_name":"Journal of Computer Security","issn_l":"0926-227X","issn":["0926-227X","1875-8924"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310318577","host_organization_name":"IOS Press","host_organization_lineage":["https://openalex.org/P4310318577"],"host_organization_lineage_names":["IOS Press"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Journal of Computer Security","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5016851937","display_name":"Mario Heiderich","orcid":null},"institutions":[{"id":"https://openalex.org/I904495901","display_name":"Ruhr University Bochum","ror":"https://ror.org/04tsk2644","country_code":"DE","type":"education","lineage":["https://openalex.org/I904495901"]}],"countries":["DE"],"is_corresponding":true,"raw_author_name":"M. Heiderich","raw_affiliation_strings":["Horst G\u00f6rtz Institute for IT-Security, Ruhr-University Bochum, Bochum, Germany"],"affiliations":[{"raw_affiliation_string":"Horst G\u00f6rtz Institute for IT-Security, Ruhr-University Bochum, Bochum, Germany","institution_ids":["https://openalex.org/I904495901"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5034652773","display_name":"Marcus Niemietz","orcid":"https://orcid.org/0009-0006-1726-8099"},"institutions":[{"id":"https://openalex.org/I904495901","display_name":"Ruhr University Bochum","ror":"https://ror.org/04tsk2644","country_code":"DE","type":"education","lineage":["https://openalex.org/I904495901"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"M. Niemietz","raw_affiliation_strings":["Horst G\u00f6rtz Institute for IT-Security, Ruhr-University Bochum, Bochum, Germany"],"affiliations":[{"raw_affiliation_string":"Horst G\u00f6rtz Institute for IT-Security, Ruhr-University Bochum, Bochum, Germany","institution_ids":["https://openalex.org/I904495901"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5069297270","display_name":"F\u00e9lix Schuster","orcid":null},"institutions":[{"id":"https://openalex.org/I904495901","display_name":"Ruhr University Bochum","ror":"https://ror.org/04tsk2644","country_code":"DE","type":"education","lineage":["https://openalex.org/I904495901"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"F. Schuster","raw_affiliation_strings":["Horst G\u00f6rtz Institute for IT-Security, Ruhr-University Bochum, Bochum, Germany"],"affiliations":[{"raw_affiliation_string":"Horst G\u00f6rtz Institute for IT-Security, Ruhr-University Bochum, Bochum, Germany","institution_ids":["https://openalex.org/I904495901"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5056790702","display_name":"Thorsten Holz","orcid":"https://orcid.org/0000-0002-2783-1264"},"institutions":[{"id":"https://openalex.org/I904495901","display_name":"Ruhr University Bochum","ror":"https://ror.org/04tsk2644","country_code":"DE","type":"education","lineage":["https://openalex.org/I904495901"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"T. Holz","raw_affiliation_strings":["Horst G\u00f6rtz Institute for IT-Security, Ruhr-University Bochum, Bochum, Germany"],"affiliations":[{"raw_affiliation_string":"Horst G\u00f6rtz Institute for IT-Security, Ruhr-University Bochum, Bochum, Germany","institution_ids":["https://openalex.org/I904495901"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5053201224","display_name":"J\u00f6rg Schwenk","orcid":"https://orcid.org/0000-0001-9315-7354"},"institutions":[{"id":"https://openalex.org/I904495901","display_name":"Ruhr University Bochum","ror":"https://ror.org/04tsk2644","country_code":"DE","type":"education","lineage":["https://openalex.org/I904495901"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"J. Schwenk","raw_affiliation_strings":["Horst G\u00f6rtz Institute for IT-Security, Ruhr-University Bochum, Bochum, Germany"],"affiliations":[{"raw_affiliation_string":"Horst G\u00f6rtz Institute for IT-Security, Ruhr-University Bochum, Bochum, Germany","institution_ids":["https://openalex.org/I904495901"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":5,"corresponding_author_ids":["https://openalex.org/A5016851937"],"corresponding_institution_ids":["https://openalex.org/I904495901"],"apc_list":null,"apc_paid":null,"fwci":2.3667,"has_fulltext":false,"cited_by_count":9,"citation_normalized_percentile":{"value":0.90014679,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":89,"max":96},"biblio":{"volume":"22","issue":"4","first_page":"567","last_page":"599"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9977999925613403,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9929999709129333,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/cross-site-scripting","display_name":"Cross-site scripting","score":0.9874444007873535},{"id":"https://openalex.org/keywords/javascript","display_name":"JavaScript","score":0.8649515509605408},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8035640120506287},{"id":"https://openalex.org/keywords/scripting-language","display_name":"Scripting language","score":0.7895829677581787},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.7405195832252502},{"id":"https://openalex.org/keywords/adversary","display_name":"Adversary","score":0.5810084939002991},{"id":"https://openalex.org/keywords/code","display_name":"Code (set theory)","score":0.5489967465400696},{"id":"https://openalex.org/keywords/web-application","display_name":"Web application","score":0.5202061533927917},{"id":"https://openalex.org/keywords/world-wide-web","display_name":"World Wide Web","score":0.5132936835289001},{"id":"https://openalex.org/keywords/web-page","display_name":"Web page","score":0.3990184962749481},{"id":"https://openalex.org/keywords/internet-privacy","display_name":"Internet privacy","score":0.34059250354766846},{"id":"https://openalex.org/keywords/web-application-security","display_name":"Web application security","score":0.21535059809684753},{"id":"https://openalex.org/keywords/web-development","display_name":"Web development","score":0.152083158493042},{"id":"https://openalex.org/keywords/programming-language","display_name":"Programming language","score":0.14183896780014038}],"concepts":[{"id":"https://openalex.org/C39569185","wikidata":"https://www.wikidata.org/wiki/Q371199","display_name":"Cross-site scripting","level":5,"score":0.9874444007873535},{"id":"https://openalex.org/C544833334","wikidata":"https://www.wikidata.org/wiki/Q2005","display_name":"JavaScript","level":2,"score":0.8649515509605408},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8035640120506287},{"id":"https://openalex.org/C61423126","wikidata":"https://www.wikidata.org/wiki/Q187432","display_name":"Scripting language","level":2,"score":0.7895829677581787},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.7405195832252502},{"id":"https://openalex.org/C41065033","wikidata":"https://www.wikidata.org/wiki/Q2825412","display_name":"Adversary","level":2,"score":0.5810084939002991},{"id":"https://openalex.org/C2776760102","wikidata":"https://www.wikidata.org/wiki/Q5139990","display_name":"Code (set theory)","level":3,"score":0.5489967465400696},{"id":"https://openalex.org/C118643609","wikidata":"https://www.wikidata.org/wiki/Q189210","display_name":"Web application","level":2,"score":0.5202061533927917},{"id":"https://openalex.org/C136764020","wikidata":"https://www.wikidata.org/wiki/Q466","display_name":"World Wide Web","level":1,"score":0.5132936835289001},{"id":"https://openalex.org/C21959979","wikidata":"https://www.wikidata.org/wiki/Q36774","display_name":"Web page","level":2,"score":0.3990184962749481},{"id":"https://openalex.org/C108827166","wikidata":"https://www.wikidata.org/wiki/Q175975","display_name":"Internet privacy","level":1,"score":0.34059250354766846},{"id":"https://openalex.org/C59241245","wikidata":"https://www.wikidata.org/wiki/Q4781497","display_name":"Web application security","level":4,"score":0.21535059809684753},{"id":"https://openalex.org/C79373723","wikidata":"https://www.wikidata.org/wiki/Q386275","display_name":"Web development","level":3,"score":0.152083158493042},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.14183896780014038},{"id":"https://openalex.org/C177264268","wikidata":"https://www.wikidata.org/wiki/Q1514741","display_name":"Set (abstract data type)","level":2,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.3233/jcs-130494","is_oa":false,"landing_page_url":"https://doi.org/10.3233/jcs-130494","pdf_url":null,"source":{"id":"https://openalex.org/S106992369","display_name":"Journal of Computer Security","issn_l":"0926-227X","issn":["0926-227X","1875-8924"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310318577","host_organization_name":"IOS Press","host_organization_lineage":["https://openalex.org/P4310318577"],"host_organization_lineage_names":["IOS Press"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Journal of Computer Security","raw_type":"journal-article"}],"best_oa_location":null,"sustainable_development_goals":[{"display_name":"Peace, Justice and strong institutions","score":0.8299999833106995,"id":"https://metadata.un.org/sdg/16"}],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":37,"referenced_works":["https://openalex.org/W58852127","https://openalex.org/W142308502","https://openalex.org/W186100614","https://openalex.org/W1222699389","https://openalex.org/W1492437080","https://openalex.org/W1543478129","https://openalex.org/W1560720671","https://openalex.org/W1561387739","https://openalex.org/W1598083179","https://openalex.org/W1729553147","https://openalex.org/W1834251436","https://openalex.org/W1955645522","https://openalex.org/W1969295446","https://openalex.org/W1974977720","https://openalex.org/W1980800818","https://openalex.org/W1998180710","https://openalex.org/W2040210405","https://openalex.org/W2043520730","https://openalex.org/W2048702750","https://openalex.org/W2049214202","https://openalex.org/W2072978486","https://openalex.org/W2102457045","https://openalex.org/W2103262407","https://openalex.org/W2103989381","https://openalex.org/W2108384401","https://openalex.org/W2119028650","https://openalex.org/W2133113868","https://openalex.org/W2143445293","https://openalex.org/W2148211687","https://openalex.org/W2161255891","https://openalex.org/W2162316255","https://openalex.org/W2162720432","https://openalex.org/W2166381878","https://openalex.org/W2168563136","https://openalex.org/W2169868363","https://openalex.org/W2170920217","https://openalex.org/W2746937343"],"related_works":["https://openalex.org/W2907490423","https://openalex.org/W2150889667","https://openalex.org/W4247806713","https://openalex.org/W3190536237","https://openalex.org/W4378700020","https://openalex.org/W195300121","https://openalex.org/W2208447305","https://openalex.org/W2017602249","https://openalex.org/W2022927028","https://openalex.org/W2914791830"],"abstract_inverted_index":{"Due":[0],"to":[1,105,111,165,168,172,191,235,241],"their":[2],"high":[3],"practical":[4],"impact,":[5],"Cross-Site":[6],"Scripting":[7],"(XSS)":[8],"attacks":[9,83,113,156,194,262],"have":[10,36,226],"attracted":[11],"a":[12,27,49,204,212,228,233,237,245,249],"lot":[13],"of":[14,19,29,44,99,214,221,258,261],"attention":[15],"from":[16,91,176],"the":[17,24,97],"members":[18],"security":[20],"community":[21],"worldwide.":[22],"In":[23,68,223],"same":[25],"way,":[26],"plethora":[28],"more":[30],"or":[31,58,108,143,248],"less":[32],"effective":[33],"defense":[34],"techniques":[35,136,217],"been":[37],"proposed,":[38],"addressing":[39],"both":[40],"causes":[41],"and":[42,80,157,197],"effects":[43],"XSS":[45,79],"vulnerabi":[46],"lities.":[47],"As":[48],"result,":[50],"an":[51,73,89,101,123,160,184],"adversary":[52,161],"often":[53],"can":[54,125,186],"no":[55],"longer":[56],"inject":[57],"even":[59],"execute":[60,106,166],"arbitrary":[61,200],"scripting":[62,82],"code":[63,167],"in":[64,131,244],"several":[65,148],"real-life":[66],"scenarios.":[67],"this":[69,209,219],"article,":[70],"we":[71,151,181,225,263],"examine":[72],"attack":[74],"surface":[75],"that":[76,122,159,183,195,231],"remains":[77],"after":[78],"similar":[81,109],"are":[84],"supposedly":[85],"mitigated":[86],"by":[87],"preventing":[88],"attacker":[90,102,124,185],"executing":[92],"JavaScript":[93,107],"code.":[94],"We":[95,207],"address":[96],"question":[98],"whether":[100],"really":[103],"needs":[104],"functionality":[110],"perform":[112],"aiming":[114],"for":[115,256],"information":[116,175],"theft.":[117],"The":[118],"surprising":[119],"result":[120],"is":[121],"abuse":[126],"Cascading":[127],"Style":[128],"Sheets":[129],"(CSS)":[130],"combination":[132],"with":[133,211],"other":[134],"Web":[135],"like":[137],"plain":[138],"HTML,":[139],"inactive":[140],"SVG":[141],"images,":[142],"font":[144],"files.":[145],"Having":[146],"employed":[147],"case":[149],"studies,":[150],"discuss":[152],"so":[153],"called":[154],"scriptless":[155],"demonstrate":[158],"might":[162],"not":[163],"need":[164],"preserve":[169],"his":[170],"ability":[171],"extract":[173],"sensitive":[174],"well-protected":[177],"websites.":[178],"More":[179],"precisely,":[180],"show":[182],"use":[187],"seemingly":[188],"benign":[189],"features":[190],"build":[192],"side-channel":[193],"measure":[196],"exfiltrate":[198],"almost":[199],"data":[201],"displayed":[202],"on":[203],"given":[205],"webpage.":[206],"conclude":[208],"article":[210],"discussion":[213],"potential":[215],"mitigation":[216],"against":[218],"class":[220],"attacks.":[222],"addition,":[224],"implemented":[227],"browser":[229],"patch":[230],"enables":[232],"website":[234],"make":[236],"vital":[238],"determination":[239],"as":[240],"being":[242],"loaded":[243],"detached":[246],"view":[247],"pop-up":[250],"window.":[251],"This":[252],"approach":[253],"proves":[254],"useful":[255],"prevention":[257],"certain":[259],"types":[260],"here":[264],"discuss.":[265]},"counts_by_year":[{"year":2024,"cited_by_count":1},{"year":2023,"cited_by_count":1},{"year":2022,"cited_by_count":1},{"year":2021,"cited_by_count":1},{"year":2019,"cited_by_count":1},{"year":2018,"cited_by_count":1},{"year":2015,"cited_by_count":2},{"year":2014,"cited_by_count":1}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}