| Article ID | Journal | Published Year | Pages | File Type |
|---|---|---|---|---|
| 457075 | Journal of Information Security and Applications | 2014 | 15 Pages |
Abstract
Content Security Policies (CSPs) provide powerful means to mitigate most XSS exploits. However, CSP’s protection is incomplete. Insecure server-side JavaScript generation and attacker control over script-sources can lead to XSS conditions which cannot be mitigated by CSP. In this paper we propose PreparedJS, an extension to CSP which takes these weaknesses into account. Through the combination of a safe script templating mechanism with a light-weight script checksumming scheme, PreparedJS is able to fill the identified gaps in CSP’s protection capabilities.
Related Topics
Physical Sciences and Engineering
Computer Science
Computer Networks and Communications
Authors
Martin Johns,