Abstract:
Cross-Site Scripting (XSS) attack vectors are well-thought-out selected as a serious infection for contemporary HTML5 websites. In this paper, a novel server-side JavaScript feature injection-based design is proposed that relies on the concept of inserting the features of JavaScript in order to discover the variation between the stored and observed features in the HTTP response. In addition to this, injection of context-sensitive sanitization functions has also adopted by our design to detect the XSS attack vectors in HTML websites. The prototype of our design will be developed in Java as a server-side framework, and the experimental results of our proposed design on JSP websites will also be evaluated as further extension.