[1] OWASP. Cross-Site Scripting (XSS)[EB/OL].[2014-04-22]. https://www.owasp.org/index.php/XSS. [2] PIETRASZEK T, BERGHE C. Defending against injection attacks through context-sensitive string evaluation[C]//Proceedings of the 8th International Conference on Recent Advances in Intrusion Detection. Berlin:Springer-Verlag, 2006, 3858:124-145. [3] VIKRAM K, PRATEEK A, LIVSHITS B. Ripley:automatically securing distributed Web applications through replicated execution[C]//Proceedings of the 16th ACM Conference on Computer and Communications Security. New York:ACM, 2009:173-186. [4] KLEIN A. Dom based cross site scripting or XSS of the third kind[EB/OL].[2005-07-04]. http://www.webappsec.org/projects/articles/071105.html. [5] SAXENA P, HANNA S, POOSANKAM P, SONG D. FLAX:systematic discovery of client-side validation vulnerabilities in rich Web applications[EB/OL].[2015-06-20].http://www.internetsociety.org/doc/flax-systematic-discovery-client-side-validation-vulnerabilities-rich-web-applications. [6] LEKIES S, STOCK B, JOHNS M. 25 million flows later-large-scale detection of DOM-based XSS[C]//Proceedings of the 20th ACM Conference on Computer and Communications. New York:ACM, 2013:1193-1204. [7] 贾文超, 汪永益, 施凡, 等. 基于动态污点传播模型的DOM XSS漏洞检测[J]. 计算机应用研究, 2014, 31(7):2119-2122.(JIA W C, WANG Y Y, SHI F, et al. Detecting DOM based XSS vulnerability based on dynamic taint propagation model[J]. Application Research of Computers, 2014, 31(7):2119-2122.) [8] 李沁蕾, 王蕊, 贾晓启.OSN中基于分类器和改进n-gram模型的跨站脚本检测方法[J].计算机应用, 2014, 34(6):1661-1665. (LI Q L, WANG R, JIA X Q.Cross-site scripting detection in online social network based on classifiers and improved n-gram model[J].Journal of Computer Applications, 2014, 34(6):1661-1665.) [9] WEINBERGER J, SAXENA P, AKHAWE D, et al. A systematic analysis of XSS sanitization in Web application frameworks[C]//Proceedings of the 16th European Conference on Research in Computer Security. Berlin:Springer-Verlag, 2011:150-171. [10] 邱永华. XSS跨站脚本攻击剖析与防御[M].北京:人民邮电出版社, 2013:120-126. (QIU Y H. XSS Attack and Defense Analysis[M]. Beijing:Posts & Telecom Press, 2013:120-126.) [11] 朱贯淼, 曾凡平, 袁园, 等.基于污点跟踪的黑盒fuzzing测试[J].小型微型计算机系统, 2012, 33(8):1736-1739.(ZHU G M, ZENG F P, YUAN Y, et al. Blackbox fuzzing testing based on taint check[J].Journal of Chinese Computer Systems, 2012, 33(8):1736-1739.) [12] 吴世忠, 郭涛, 董国伟, 等. 软件漏洞分析技术进展[J].清华大学学报(自然科学版), 2012, 52(10):1309-1319. (WU S Z, GUO T, DONG G W, et al. Software vulnerability analyses:a road map[J]. Journal of Tsinghua University (Science & Technology), 2012, 52(10):1309-1319.) [13] VIJAY G, TIM L, MARTIN R. Taint-based directed whitebox fuzzing[C]//Proceedings of the 31st International Conference on Software Engineering. Washington, DC:IEEE Computer Society, 2009:474-484. [14] DOMINATOR. A full featured DOM XSS security suite[EB/OL].[2012-11-13].https://dominator.mindedsecurity.com. |