Defense Against HTML5 XSS Attack Vectors: A Nested Context-Aware Sanitization Technique

Abstract

The authors suggested an offline and online based model based on nested context aware sanitization method for detection and alleviation of malicious XSS attack vectors for OSN's. The offline mode extracts JS from webpage, calculates features and stores them in the depository for additional usage. The online approach embodies URI link extraction and feature estimation thus detecting anomaly on comparison with offline modes feature repository. The authors have developed their prototype in J avaScript and its infrastructure settings are implemented as an extension on infrastructure settings of browser. Our proposed design is implemented and tested on five OSN platforms vulnerable to XSS. The results estimated have the competency to identify the XSS worms with acceptable little false positives in comparison to recent state of art. The outcome of our design draws upon nested context of JS for efficacious sanitization