This paper proposes a simple to support, yet a powerful scheme for eliminating a wide range of script injection vulnerabilities in applications built on top of popular Ajax development frameworks such as the Dojo Toolkit, prototype.js, and AJAX.NET. Unlike other client-side runtime enforcement proposals, the approach it is advocating requires only minor browser modifications. This is because the proposal can be viewed as a natural finer-grained extension of the same-origin policy for JavaScript already supported by the majority of mainstream browsers, in which it treat individual user interface widgets as belonging to separate domains.
Did you find this white paper useful?
26 out of 50 users found this white paper useful
Related white papers
MSDN Webcast: Unit Testing for Mobile Devices (Level 300)
With Microsoft Visual Studio 2008, unit testing is now available for mobile device developers as well. The presenter of this webcast explores unit testing for devices. The attendee will learn...
Introduction to Dependency Injection With Microsoft Enterprise Library Unity Application Block
This webcast introduces the Microsoft Enterprise Library Unity Application Block - a lightweight, extensible dependency injection container with support for constructor, property, and method call injection. Dependency injection is a...
Taking Advantage of Microsoft Enterprise Library 4.0 for Visual Studio 2008
Microsoft Enterprise Library is a collection of reusable software components (application blocks) designed to assist software developers with common enterprise development challenges (such as logging, validation, exception handling, and many...
MSDN Webcast: Using Windows Workflow Foundation to Build Services With Jon Flanders (Level 300)
Windows Workflow Foundation (WF) is a programming model, set of tools, and runtime environment which allows to write declarative and reactive programs for Windows operating systems. WF is part of...
XML-GL: A Graphical Language for Querying and Restructuring XML Documents
The widespreading of XML as a standard for semi-structured documents on the Web opens up challenging opportunities for Web query languages. In this paper we introduce XML-GL, a graphical query...
C++ Migration Guide
This book explains what you need to know when moving from 4.0, 4.0.1, 4.1, or 4.2 versions of the C++ compiler to the C++ 5.0 version. If you are moving...
Writing Optimized C Code for Microcontroller Applications
Generally, when programs are written in C and compiled by a C compiler, the code efficiency decreases compared to an Assembly language program. In order to improve code efficiency, most...
