Skip to content

Latest commit

 

History

History
38 lines (23 loc) · 1.89 KB

README.md

File metadata and controls

38 lines (23 loc) · 1.89 KB

Hand Sanitizers in the Wild: A Large-scale Study of Custom JavaScript Sanitizer Functions

This repository contains the accompanying materials for the paper Hand Sanitizers in the Wild: A Large-scale Study of Custom JavaScript Sanitizer Functions by David Klein, Thomas Barber, Souphiane Bensalim, Ben Stock and Martin Johns.

Cite us!

@inproceedings{KleBarBen+22,
  author = {David Klein and Thomas Barber and Souphiane Bensalim and Ben Stock and Martin Johns},
  title = {Hand Sanitizers in the Wild: A Large-scale Study of Custom JavaScript Sanitizer Functions},
  booktitle = {Proc. of the IEEE European Symposium on Security and Privacy},
  year = {2022},
  month = jun,
}

Get in touch

If you have any questions please do not hesitate to contact us :)

Open Sourced Components

We are currently working on open sourcing additional components, pending intellectual property approval from the involved industrial partner, and will update this page accordingly.

Taint Browser

The taint browser used throughout our study is open source on Github as Project Foxhound. We used Version 80 for all our experiments.

MONA

The changes we made to the MONA library are available on Github as well.

Materials

Demonstrators for upcoming browser based Mitigations

As discussed in Section 5.2.4, two working drafts to combat XSS are currently in the works: Trusted Types and the Sanitizer API. We included a sample website showcasing the protection offered by both.