![XSS Client-Side XSS
• Client-Side XSS ( : DOM Based XSS) [1]
2[1]. IPA, “IPA DOM Based XSS ”, https://www.ipa.go.jp/files/000024729.pdf , 2013](data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7)
Recomendados
Mais conteúdo relacionado
Mais procurados
Mais procurados (20)
Semelhante a パフォーマンスを考慮したプリミティブなTrusted TypesによるClient-Side XSS防御手法
Semelhante a パフォーマンスを考慮したプリミティブなTrusted TypesによるClient-Side XSS防御手法 (20)
Mais de inet-lab
Último
Último (20)
パフォーマンスを考慮したプリミティブなTrusted TypesによるClient-Side XSS防御手法
- 1. • Web ► • Cross Site Scripting (XSS) ► Web ► Web ► 3 • Client-Side XSS 1
- 2. XSS Client-Side XSS • Client-Side XSS ( : DOM Based XSS) [1] 2[1]. IPA, “IPA DOM Based XSS ”, https://www.ipa.go.jp/files/000024729.pdf , 2013
- 3. XSS 3 Client-Side XSS [2] HTML XSS Content Security PolicyWeb Application Firewall [2]. Sebastian Lekies, Krzysztof Kotowicz, Samuel Groß, Eduardo A. Vela Nava, Martin Johns, “Code-Reuse Attacks for the Web: Breaking Cross-Site Scripting Mitigations via Script Gadgets”, The ACM CCS, 2017 XSS JavaScript
- 4. Client-Side XSS • Client-Side XSS ► [3] ► [4] ► [5] ► … etc 4 JavaScript Web [3]. Ben Stock, Sebastian Lekies, Tobias Mueller, Patrick Spiegel, Martin Johns, “Precise Client-side Protection against DOM-based Cross-Site Scripting”, 23rd USENIX Security Symposium, 2014 [4]. Inian Parameshwaran, Enrico Budianto, Shweta Shinde, “Auto-Patching DOM-based XSS At Scale”, Proceedings of the 2015 10th Joint Meeting on Foundations of Software Engineering, pp. 272-283, 2015. [5]. Marius Musch, Marius Steffens, Sebastian Roth, Ben Stock, Martin Johns. "Scriptprotect: Mitigating unsafe third-party javascript practices", AsiaCCS, 2019.
- 5. Trusted Types • [6] ► Trusted Types 5 $('div').innerHTML = '<img src=/ onerror="alert(10)">' // ERROR const escapePolicy = TrustedTypes.createPolicy('mypolicy', { createHTML: (unsafe) => { return unsafe .replace(/&/g, "&") .replace(/</g, "<") .replace(/>/g, ">") } }) const trustedHTML = escapePolicy.createHTML('<img src=/ onerror="alert(10)">') $('div').innerHTML = trustedHTML // SUCCESS [6]. Krzysztof Kotowicz, Mike West, "Trusted Types", https://wicg.github.io/trusted-types/dist/spec/ Web
- 6. Trusted Types • 3 ► ► Web ► DOM • Trusted Types JavaScript ► ► Web Web 6
- 7. let trusted = "https://example.co.jp/"; let host = location.host; let hash = location.hash; document.writeln(trusted); // SUCCESS document.writeln(host); // ERROR document.writeln(hash); // ERROR Trusted Types • Trusted Types 2 7 1 Trusted Types let trusted = "https://example.co.jp/"; let host = location.host; let hash = location.hash; document.writeln(trusted); // SUCCESS document.writeln(host); // SUCCESS document.writeln(hash); // ERROR Trusted Types Input Source URL document.location baseURI location.hash documentURI location.search window.location location.href
- 8. • OSS JavaScript Web ► V8: 7.7.299.11 ► Chromium: 77.0.3865.90 81 2 let trusted = "https://example.co.jp/"; let host = location.host; let hash = location.hash; document.writeln(trusted); document.writeln(host); document.writeln(hash);
- 9. • JavaScript • ► 9 Stock [3] Parameshwaran [4] 1 2 Web × Web Web ( ) 7~17% 5% 1.2% 0.4~1.2% 0.16% - 46.2% 10.9%
- 10. • ► Trusted Types • 2 URL ? # 10 2 1269 1.1% )) ( 047 12 4 7 36 36 58