Get quick answers to your questions about the article from our AI researcher chatbot
{'id': 'https://openalex.org/W2510134782', 'doi': 'https://doi.org/10.1145/2976749.2978363', 'title': 'CSP Is Dead, Long Live CSP! On the Insecurity of Whitelists and the Future of Content Security Policy', 'display_name': 'CSP Is Dead, Long Live CSP! On the Insecurity of Whitelists and the Future of Content Security Policy', 'publication_year': 2016, 'publication_date': '2016-10-24', 'ids': {'openalex': 'https://openalex.org/W2510134782', 'doi': 'https://doi.org/10.1145/2976749.2978363', 'mag': '2510134782'}, 'language': 'en', 'primary_location': {'is_oa': True, 'landing_page_url': 'https://doi.org/10.1145/2976749.2978363', 'pdf_url': 'https://dl.acm.org/doi/pdf/10.1145/2976749.2978363', 'source': {'id': 'https://openalex.org/S4363608815', 'display_name': 'Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security', 'issn_l': None, 'issn': None, 'is_oa': False, 'is_in_doaj': False, 'is_core': False, 'host_organization': None, 'host_organization_name': None, 'host_organization_lineage': [], 'host_organization_lineage_names': [], 'type': 'conference'}, 'license': 'cc-by-nc-sa', 'license_id': 'https://openalex.org/licenses/cc-by-nc-sa', 'version': 'publishedVersion', 'is_accepted': True, 'is_published': True}, 'type': 'article', 'type_crossref': 'proceedings-article', 'indexed_in': ['crossref'], 'open_access': {'is_oa': True, 'oa_status': 'hybrid', 'oa_url': 'https://dl.acm.org/doi/pdf/10.1145/2976749.2978363', 'any_repository_has_fulltext': False}, 'authorships': [{'author_position': 'first', 'author': {'id': 'https://openalex.org/A5037626066', 'display_name': 'Lukas Weichselbaum', 'orcid': None}, 'institutions': [{'id': 'https://openalex.org/I4210100430', 'display_name': 'Google (Switzerland)', 'ror': 'https://ror.org/014f9c269', 'country_code': 'CH', 'type': 'company', 'lineage': ['https://openalex.org/I1291425158', 'https://openalex.org/I4210100430', 'https://openalex.org/I4210128969']}], 'countries': ['CH'], 'is_corresponding': False, 'raw_author_name': 'Lukas Weichselbaum', 'raw_affiliation_strings': ['Google, Zürich, Switzerland'], 'affiliations': [{'raw_affiliation_string': 'Google, Zürich, Switzerland', 'institution_ids': ['https://openalex.org/I4210100430']}]}, {'author_position': 'middle', 'author': {'id': 'https://openalex.org/A5025256132', 'display_name': 'Michele Spagnuolo', 'orcid': None}, 'institutions': [{'id': 'https://openalex.org/I4210100430', 'display_name': 'Google (Switzerland)', 'ror': 'https://ror.org/014f9c269', 'country_code': 'CH', 'type': 'company', 'lineage': ['https://openalex.org/I1291425158', 'https://openalex.org/I4210100430', 'https://openalex.org/I4210128969']}], 'countries': ['CH'], 'is_corresponding': False, 'raw_author_name': 'Michele Spagnuolo', 'raw_affiliation_strings': ['Google, Zürich, Switzerland'], 'affiliations': [{'raw_affiliation_string': 'Google, Zürich, Switzerland', 'institution_ids': ['https://openalex.org/I4210100430']}]}, {'author_position': 'middle', 'author': {'id': 'https://openalex.org/A5080377300', 'display_name': 'Sebastian Lekies', 'orcid': None}, 'institutions': [{'id': 'https://openalex.org/I4210100430', 'display_name': 'Google (Switzerland)', 'ror': 'https://ror.org/014f9c269', 'country_code': 'CH', 'type': 'company', 'lineage': ['https://openalex.org/I1291425158', 'https://openalex.org/I4210100430', 'https://openalex.org/I4210128969']}], 'countries': ['CH'], 'is_corresponding': False, 'raw_author_name': 'Sebastian Lekies', 'raw_affiliation_strings': ['Google, Zürich, Switzerland'], 'affiliations': [{'raw_affiliation_string': 'Google, Zürich, Switzerland', 'institution_ids': ['https://openalex.org/I4210100430']}]}, {'author_position': 'last', 'author': {'id': 'https://openalex.org/A5044723728', 'display_name': 'Artur Janc', 'orcid': None}, 'institutions': [{'id': 'https://openalex.org/I4210100430', 'display_name': 'Google (Switzerland)', 'ror': 'https://ror.org/014f9c269', 'country_code': 'CH', 'type': 'company', 'lineage': ['https://openalex.org/I1291425158', 'https://openalex.org/I4210100430', 'https://openalex.org/I4210128969']}], 'countries': ['CH'], 'is_corresponding': False, 'raw_author_name': 'Artur Janc', 'raw_affiliation_strings': ['Google, Zürich, Switzerland'], 'affiliations': [{'raw_affiliation_string': 'Google, Zürich, Switzerland', 'institution_ids': ['https://openalex.org/I4210100430']}]}], 'institution_assertions': [], 'countries_distinct_count': 1, 'institutions_distinct_count': 1, 'corresponding_author_ids': [], 'corresponding_institution_ids': [], 'apc_list': None, 'apc_paid': None, 'fwci': 7.402, 'has_fulltext': True, 'fulltext_origin': 'pdf', 'cited_by_count': 77, 'citation_normalized_percentile': {'value': 0.939332, 'is_in_top_1_percent': False, 'is_in_top_10_percent': True}, 'cited_by_percentile_year': {'min': 97, 'max': 98}, 'biblio': {'volume': None, 'issue': None, 'first_page': None, 'last_page': None}, 'is_retracted': False, 'is_paratext': False, 'primary_topic': {'id': 'https://openalex.org/T12479', 'display_name': 'Web Application Security Vulnerabilities', 'score': 0.9999, 'subfield': {'id': 'https://openalex.org/subfields/1710', 'display_name': 'Information Systems'}, 'field': {'id': 'https://openalex.org/fields/17', 'display_name': 'Computer Science'}, 'domain': {'id': 'https://openalex.org/domains/3', 'display_name': 'Physical Sciences'}}, 'topics': [{'id': 'https://openalex.org/T12479', 'display_name': 'Web Application Security Vulnerabilities', 'score': 0.9999, 'subfield': {'id': 'https://openalex.org/subfields/1710', 'display_name': 'Information Systems'}, 'field': {'id': 'https://openalex.org/fields/17', 'display_name': 'Computer Science'}, 'domain': {'id': 'https://openalex.org/domains/3', 'display_name': 'Physical Sciences'}}, {'id': 'https://openalex.org/T11424', 'display_name': 'Security and Verification in Computing', 'score': 0.9822, 'subfield': {'id': 'https://openalex.org/subfields/1702', 'display_name': 'Artificial Intelligence'}, 'field': {'id': 'https://openalex.org/fields/17', 'display_name': 'Computer Science'}, 'domain': {'id': 'https://openalex.org/domains/3', 'display_name': 'Physical Sciences'}}, {'id': 'https://openalex.org/T10734', 'display_name': 'Information and Cyber Security', 'score': 0.9669, 'subfield': {'id': 'https://openalex.org/subfields/1710', 'display_name': 'Information Systems'}, 'field': {'id': 'https://openalex.org/fields/17', 'display_name': 'Computer Science'}, 'domain': {'id': 'https://openalex.org/domains/3', 'display_name': 'Physical Sciences'}}], 'keywords': [{'id': 'https://openalex.org/keywords/cross-site-scripting', 'display_name': 'Cross-Site Scripting', 'score': 0.9557601}, {'id': 'https://openalex.org/keywords/cryptographic-nonce', 'display_name': 'Cryptographic nonce', 'score': 0.76017374}, {'id': 'https://openalex.org/keywords/security-policy', 'display_name': 'Security Policy', 'score': 0.5199215}, {'id': 'https://openalex.org/keywords/threat-model', 'display_name': 'Threat model', 'score': 0.45253286}], 'concepts': [{'id': 'https://openalex.org/C39569185', 'wikidata': 'https://www.wikidata.org/wiki/Q371199', 'display_name': 'Cross-site scripting', 'level': 5, 'score': 0.9557601}, {'id': 'https://openalex.org/C41008148', 'wikidata': 'https://www.wikidata.org/wiki/Q21198', 'display_name': 'Computer science', 'level': 0, 'score': 0.78286064}, {'id': 'https://openalex.org/C9996903', 'wikidata': 'https://www.wikidata.org/wiki/Q1749235', 'display_name': 'Cryptographic nonce', 'level': 3, 'score': 0.76017374}, {'id': 'https://openalex.org/C61423126', 'wikidata': 'https://www.wikidata.org/wiki/Q187432', 'display_name': 'Scripting language', 'level': 2, 'score': 0.7309086}, {'id': 'https://openalex.org/C38652104', 'wikidata': 'https://www.wikidata.org/wiki/Q3510521', 'display_name': 'Computer security', 'level': 1, 'score': 0.633232}, {'id': 'https://openalex.org/C154908896', 'wikidata': 'https://www.wikidata.org/wiki/Q2167404', 'display_name': 'Security policy', 'level': 2, 'score': 0.5199215}, {'id': 'https://openalex.org/C110875604', 'wikidata': 'https://www.wikidata.org/wiki/Q75', 'display_name': 'The Internet', 'level': 2, 'score': 0.49358594}, {'id': 'https://openalex.org/C206588197', 'wikidata': 'https://www.wikidata.org/wiki/Q846574', 'display_name': 'Reuse', 'level': 2, 'score': 0.47382677}, {'id': 'https://openalex.org/C100158260', 'wikidata': 'https://www.wikidata.org/wiki/Q1650567', 'display_name': 'Dynamic web page', 'level': 3, 'score': 0.46749532}, {'id': 'https://openalex.org/C136764020', 'wikidata': 'https://www.wikidata.org/wiki/Q466', 'display_name': 'World Wide Web', 'level': 1, 'score': 0.4620658}, {'id': 'https://openalex.org/C59241245', 'wikidata': 'https://www.wikidata.org/wiki/Q4781497', 'display_name': 'Web application security', 'level': 4, 'score': 0.46039695}, {'id': 'https://openalex.org/C140547941', 'wikidata': 'https://www.wikidata.org/wiki/Q7797194', 'display_name': 'Threat model', 'level': 2, 'score': 0.45253286}, {'id': 'https://openalex.org/C22111027', 'wikidata': 'https://www.wikidata.org/wiki/Q1070427', 'display_name': 'Internet security', 'level': 4, 'score': 0.4165549}, {'id': 'https://openalex.org/C118643609', 'wikidata': 'https://www.wikidata.org/wiki/Q189210', 'display_name': 'Web application', 'level': 2, 'score': 0.41171777}, {'id': 'https://openalex.org/C527648132', 'wikidata': 'https://www.wikidata.org/wiki/Q189900', 'display_name': 'Information security', 'level': 2, 'score': 0.22233453}, {'id': 'https://openalex.org/C21959979', 'wikidata': 'https://www.wikidata.org/wiki/Q36774', 'display_name': 'Web page', 'level': 2, 'score': 0.19181716}, {'id': 'https://openalex.org/C29983905', 'wikidata': 'https://www.wikidata.org/wiki/Q7445066', 'display_name': 'Security service', 'level': 3, 'score': 0.15392101}, {'id': 'https://openalex.org/C199360897', 'wikidata': 'https://www.wikidata.org/wiki/Q9143', 'display_name': 'Programming language', 'level': 1, 'score': 0.14000165}, {'id': 'https://openalex.org/C79373723', 'wikidata': 'https://www.wikidata.org/wiki/Q386275', 'display_name': 'Web development', 'level': 3, 'score': 0.13859972}, {'id': 'https://openalex.org/C148730421', 'wikidata': 'https://www.wikidata.org/wiki/Q141090', 'display_name': 'Encryption', 'level': 2, 'score': 0.0}, {'id': 'https://openalex.org/C18903297', 'wikidata': 'https://www.wikidata.org/wiki/Q7150', 'display_name': 'Ecology', 'level': 1, 'score': 0.0}, {'id': 'https://openalex.org/C86803240', 'wikidata': 'https://www.wikidata.org/wiki/Q420', 'display_name': 'Biology', 'level': 0, 'score': 0.0}], 'mesh': [], 'locations_count': 1, 'locations': [{'is_oa': True, 'landing_page_url': 'https://doi.org/10.1145/2976749.2978363', 'pdf_url': 'https://dl.acm.org/doi/pdf/10.1145/2976749.2978363', 'source': {'id': 'https://openalex.org/S4363608815', 'display_name': 'Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security', 'issn_l': None, 'issn': None, 'is_oa': False, 'is_in_doaj': False, 'is_core': False, 'host_organization': None, 'host_organization_name': None, 'host_organization_lineage': [], 'host_organization_lineage_names': [], 'type': 'conference'}, 'license': 'cc-by-nc-sa', 'license_id': 'https://openalex.org/licenses/cc-by-nc-sa', 'version': 'publishedVersion', 'is_accepted': True, 'is_published': True}], 'best_oa_location': {'is_oa': True, 'landing_page_url': 'https://doi.org/10.1145/2976749.2978363', 'pdf_url': 'https://dl.acm.org/doi/pdf/10.1145/2976749.2978363', 'source': {'id': 'https://openalex.org/S4363608815', 'display_name': 'Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security', 'issn_l': None, 'issn': None, 'is_oa': False, 'is_in_doaj': False, 'is_core': False, 'host_organization': None, 'host_organization_name': None, 'host_organization_lineage': [], 'host_organization_lineage_names': [], 'type': 'conference'}, 'license': 'cc-by-nc-sa', 'license_id': 'https://openalex.org/licenses/cc-by-nc-sa', 'version': 'publishedVersion', 'is_accepted': True, 'is_published': True}, 'sustainable_development_goals': [{'score': 0.8, 'display_name': 'Peace, justice, and strong institutions', 'id': 'https://metadata.un.org/sdg/16'}], 'grants': [], 'datasets': [], 'versions': [], 'referenced_works_count': 23, 'referenced_works': ['https://openalex.org/W1222699389', 'https://openalex.org/W1473921560', 'https://openalex.org/W1492437080', 'https://openalex.org/W1543478129', 'https://openalex.org/W1974977720', 'https://openalex.org/W1990421186', 'https://openalex.org/W1991074244', 'https://openalex.org/W2002447170', 'https://openalex.org/W200873936', 'https://openalex.org/W2049214202', 'https://openalex.org/W2057718232', 'https://openalex.org/W2078238197', 'https://openalex.org/W2085925880', 'https://openalex.org/W2103262407', 'https://openalex.org/W2134646643', 'https://openalex.org/W2156978746', 'https://openalex.org/W2168563136', 'https://openalex.org/W2170920217', 'https://openalex.org/W2177614278', 'https://openalex.org/W2256200255', 'https://openalex.org/W2294676880', 'https://openalex.org/W2344312925', 'https://openalex.org/W2405282478'], 'related_works': ['https://openalex.org/W4234870697', 'https://openalex.org/W3022702682', 'https://openalex.org/W2804725586', 'https://openalex.org/W2800487524', 'https://openalex.org/W2735662051', 'https://openalex.org/W2510134782', 'https://openalex.org/W2187721372', 'https://openalex.org/W2095563685', 'https://openalex.org/W2059725703', 'https://openalex.org/W1990297896'], 'abstract_inverted_index': {'Content': [0], 'Security': [1], 'Policy': [2], 'is': [3], 'a': [4, 27, 60, 132, 138, 173, 251, 255], 'web': [5, 20, 262], 'platform': [6], 'mechanism': [7], 'designed': [8], 'to': [9, 92, 137, 149, 185, 198, 227, 261], 'mitigate': [10], 'cross-site': [11], 'scripting': [12], '(XSS),': [13], 'the': [14, 31, 74, 88, 96, 100, 129, 145, 160, 222, 228, 232], 'top': [15], 'security': [16, 130, 152], 'vulnerability': [17], 'in': [18, 41, 46, 48, 147, 254], 'modern': [19], 'applications.': [21], 'In': [22, 188], 'this': [23], 'paper,': [24], 'we': [25, 190, 220], 'take': [26], 'closer': [28], 'look': [29], 'at': [30], 'practical': [32], 'benefits': [33], 'of': [34, 50, 64, 99, 108, 121, 131, 141, 159, 176, 194, 207, 234], 'adopting': [35], 'CSP': [36, 77, 85, 101, 122, 210], 'and': [37, 103, 124, 204, 258], 'identify': [38, 117], 'significant': [39], 'flaws': [40], 'real-world': [42], 'deployments': [43, 78], 'that': [44, 156, 182, 192, 196, 205, 213, 230], 'result': [45, 75], 'bypasses': [47, 123], '94.72%': [49], 'all': [51], 'distinct': [52, 177], 'policies.': [53, 267], 'We': [54, 94, 116, 134, 154, 245], 'base': [55], 'our': [56, 247], 'Internet-wide': [57], 'analysis': [58, 107, 140], 'on': [59, 79, 113, 144, 237, 242], 'search': [61], 'engine': [62], 'corpus': [63], 'approximately': [65], '100': [66], 'billion': [67, 72], 'pages': [68], 'from': [69], 'over': [70], '1': [71], 'hostnames;': [73], 'covers': [76], '1,680,867': [80], 'hosts': [81, 208], 'with': [82, 209], '26,011': [83], 'unique': [84], 'policies': [86, 142, 178, 195, 212, 235], '--': [87], 'most': [89, 163], 'comprehensive': [90], 'study': [91], 'date.': [93], 'introduce': [95], 'security-relevant': [97], 'aspects': [98], 'specification': [102, 229], 'provide': [104, 259], 'an': [105, 225], 'in-depth': [106], 'its': [109], 'threat': [110], 'model,': [111], 'focusing': [112], 'XSS': [114], 'protections.': [115], 'three': [118], 'common': [119], 'classes': [120], 'explain': [125], 'how': [126], 'they': [127], 'subvert': [128], 'policy.': [133], 'then': [135], 'turn': [136], 'quantitative': [139], 'deployed': [143], 'Internet': [146], 'order': [148], 'understand': [150], 'their': [151, 266], 'benefits.': [153], 'observe': [155], '14': [157], 'out': [158], '15': [161], 'domains': [162], 'commonly': [164], 'whitelisted': [165], 'for': [166, 264], 'loading': [167], 'scripts': [168], 'contain': [169], 'unsafe': [170], 'endpoints;': [171], 'as': [172], 'consequence,': [174], '75.81%': [175], 'use': [179, 211], 'script': [180, 200], 'whitelists': [181], 'allow': [183], 'attackers': [184], 'bypass': [186], 'CSP.': [187], 'total,': [189], 'find': [191], '94.68%': [193], 'attempt': [197], 'limit': [199], 'execution': [201], 'are': [202], 'ineffective,': [203], '99.34%': [206], 'offer': [214], 'no': [215], 'benefit': [216], 'against': [217], 'XSS.': [218], 'Finally,': [219], 'propose': [221], '"strict-dynamic"': [223], 'keyword,': [224], 'addition': [226], 'facilitates': [231], 'creation': [233], 'based': [236], 'cryptographic': [238], 'nonces,': [239], 'without': [240], 'relying': [241], 'domain': [243], 'whitelists.': [244], 'discuss': [246], 'experience': [248], 'deploying': [249], 'such': [250], 'nonce-based': [252], 'policy': [253], 'complex': [256], 'application': [257], 'guidance': [260], 'authors': [263], 'improving': [265]}, 'cited_by_api_url': 'https://api.openalex.org/works?filter=cites:W2510134782', 'counts_by_year': [{'year': 2024, 'cited_by_count': 5}, {'year': 2023, 'cited_by_count': 8}, {'year': 2022, 'cited_by_count': 4}, {'year': 2021, 'cited_by_count': 13}, {'year': 2020, 'cited_by_count': 12}, {'year': 2019, 'cited_by_count': 10}, {'year': 2018, 'cited_by_count': 15}, {'year': 2017, 'cited_by_count': 9}], 'updated_date': '2024-12-17T15:03:46.803083', 'created_date': '2016-09-16'}