Currently, Cross Site Scripting (XSS), which allows an attacker to insert and execute a malicious script in a vulnerable Web application, has become a problem. In recent years, with the increase in functions on the client side, attacks by Client-Side XSS, a kind of XSS, have become a problem. This client-side XSS is different from the reflection-type or storage-type XSS, in that the script is composed of the victim's Web browser, so there is a problem that it is difficult to protection with conventional measures
In order to solve this problem, detection / protection measures using taint tracking have been proposed, but the performance is affected and there is no practical solution. Therefore, in this research, we propose a method that protects Client-Side XSS while reducing the impact on performance by defining Trusted Types that verify whether the string type is safe as primitive types.
- 山崎 勇二, 垣内 正年, 新井 イスマイル, 藤川 和利, "既存のWebアプリケーションへの適用性を考慮したプリミティブなTrusted TypesによるClient-Side XSS防御手法の提案," 研究報告コンピュータセキュリティ（CSEC）, 情報処理学会, vol.2019-CSEC-87, no.5, pp1 -6, 2019年12月