DOM-Guard: Defeating DOM-Based Injection of XSS Worms in HTML5 Web Applications on Mobile-Based Cloud Platforms

Abstract

This chapter presents the Document Object Model (DOM)-Guard, a mobile cloud-based framework that alleviates the DOM-based XSS vulnerabilities from the contemporary platforms of mobile cloud-based HTML5 web applications. The framework executes in dual mode: offline and online. The evolution of mobile cloud computing exempted the industries and their consumers from handling the description of countless specifics, like loading resources and computation constraints. The reason behind such nonoptimal performance is that the virtual machines of cloud platforms perform the computation at the core of the network, which is very far away from ground level. DOM-Guard is a runtime DOM tree generator and context-aware sanitization-based framework that scans for the DOM-based XSS vulnerabilities in the mobile cloud-based HTML5 web applications. A web module contains web components and static web content files, such as images, which are called web resources. A web module is a specific structure. The top-level directory of web module is the document root of the application.