An Empirical Analysis of XSS Sanitization in Web Application Frameworks

An Empirical Analysis of XSS Sanitization in Web Application Frameworks


Filtering or sanitization is the predominant mechanism in today’s applications to defend against cross-site scripting (XSS) attacks. XSS sanitization can be difficult to get right as it ties in closely with the parsing behavior of the browser. This paper explains some of the subtleties of ensuring correct sanitization, as well as common pitfalls. We study several emerging web application frameworks including those presently used for development of commercial web applications. We evaluate how effective these frameworks are in guarding against the common pitfalls of sanitization. We find that while some web frameworks safeguard against the empirically relevant use cases, most do not. In addition, some of the security features in present web frameworks provide a false sense of security.

Read More And Download this Papers.


1 Comment

  1. I am at a crossroads in my career. I am in the middle of applying for law school, but I really want to write. Is there a field that can combine the two, or do I choose one over the other? I am not looking to practice law, that much I know about myself. I want to do something that is challenging, fun, creative and meaningful. I fear that I have to give up writing in order to fullfill a working life..

Sorry, the comment form is closed at this time.

Comments RSS