Data Exfiltration in the Face of CSP, Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security, pp.853-864, 2016. ,
Content Security Problems?, Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, CCS'16, pp.1365-1375 ,
DOI : 10.1007/978-3-319-11379-1_11
deDacota, Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security, CCS '13, pp.1205-1216, 2013. ,
DOI : 10.1145/2508859.2516708
May I? - Content Security Policy Endorsement for Browser Extensions, Detection of Intrusions and Malware, and Vulnerability Assessment -12th International Conference Proceedings, volume 9148 of Lecture Notes in Computer Science, pp.261-281, 2015. ,
DOI : 10.1007/978-3-319-20550-2_14
URL : http://www.cse.chalmers.se/%7Eandrei/dimva15.pdf
Beware of Finer-Grained Origins, Web 2.0 Security and Privacy, 2008. ,
DOI : 10.1007/978-1-349-13729-9_23
CSP Aider: An Automated Recommendation of Content Security Policy for Web Applications, IEEE Oakland Web 2.0 Security and Privacy (W2SP'12), 2012. ,
PreparedJS: Secure Script-Templates for JavaScript, Detection of Intrusions and Malware, and Vulnerability Assessment -10th International Conference, DIMVA 2013 Proceedings, pp.102-121, 2013. ,
DOI : 10.1007/978-3-642-39235-1_6
Injecting CSP for Fun and Security, Proceedings of the 2nd International Conference on Information Systems Security and Privacy, pp.15-25, 2016. ,
DOI : 10.5220/0005650100150025
CSPAutoGen, Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, CCS'16, pp.653-665 ,
DOI : 10.1145/1542476.1542486
A Measurement Study of the Content Security Policy on Real-World Applications. I, 15] N. Perriault. CasperJS navigation and scripting tool for PhantomJS, pp.383-392, 2016. ,
Busting frame busting: a study of clickjacking vulnerabilities at popular sites, IEEE Oakland Web 2.0 Security and Privacy, 2010. ,
On the Incoherencies in Web Browser Access Control Policies, 2010 IEEE Symposium on Security and Privacy, pp.463-478, 2010. ,
DOI : 10.1109/SP.2010.35
On the Content Security Policy Violations due to the Same-Origin Policy, Proceedings of the 26th International Conference on World Wide Web, WWW '17 ,
DOI : 10.1109/MC.2016.76
URL : https://hal.archives-ouvertes.fr/hal-01649526
Reining in the web with content security policy, Proceedings of the 19th international conference on World wide web, WWW '10, pp.921-930, 2010. ,
DOI : 10.1145/1772690.1772784
Gradual typing embedded securely in JavaScript, Proceedings of the 41st ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, POPL '14, pp.425-438, 2014. ,
DOI : 10.1145/2535838.2535889
URL : https://hal.archives-ouvertes.fr/hal-00940836
Cross Origin Resource Sharing, W3C Recommendation, 2014. ,
CSP Is Dead, Long Live CSP! On the Insecurity of Whitelists and the Future of Content Security Policy, Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, CCS'16, pp.1376-1387 ,
DOI : 10.1145/1368088.1368112
Why Is CSP Failing? Trends and Challenges in CSP Adoption, Research in Attacks, Intrusions and Defenses -17th International Symposium, RAID 2014. Proceedings, pp.212-233, 2014. ,
DOI : 10.1007/978-3-319-11379-1_11
URL : http://seclab.ccs.neu.edu/static/publications/raid2014csp.pdf
Content Security Policy: Embedded Enforcement, 2016. ,
Content Security Policy Level 3, W3C Working Draft, 2016. ,
Origin Policy. A Collection of Interesting Ideas, 2016. ,
Feature Policy, W3C Draft Community Group Report, 2016. ,
Mitigating Cross-Site Scripting Attacks with a Content Security Policy, Computer, vol.49, issue.3, pp.56-63, 2016. ,
DOI : 10.1109/MC.2016.76