Filters








10,710 Hits in 4.2 sec

DOM: Specification and Client Reasoning [chapter]

Azalea Raad, José Fragoso Santos, Philippa Gardner
2016 Lecture Notes in Computer Science  
We present an axiomatic specification of a key fragment of DOM using structural separation logic. This specification allows us to develop modular reasoning about client programs that call the DOM.  ...  Second, this specification does not always allow compositional client-side reasoning.  ...  Acknowledgements This research was supported by EPSRC programme grants EP/H008373/1, EP/K008528/1 and EP/K032089/1.  ... 
doi:10.1007/978-3-319-47958-3_21 fatcat:ocusdzvru5dedc6237qajh44um

DOM based Cross Site Scripting - Client-Side Attacks on Browsers

Andrea Hauser
2017 Zenodo  
The main difference between DOM based XSS and other XSS vulnerabilities is that the payload is embedded on the client side rather than the server side.  ...  DOM based XSS vulnerabilities therefore have to be prevented on the client side.  ...  labs.20171214 and is available in English and German. Providing our clients with innovative research for the information technology of the future is an essential part of our company culture.  ... 
doi:10.5281/zenodo.3521860 fatcat:h3kbl4ahmfgnfbefalgqjyyrsq

Auto-patching DOM-based XSS at scale

Inian Parameshwaran, Enrico Budianto, Shweta Shinde, Hung Dang, Atul Sadhu, Prateek Saxena
2015 Proceedings of the 2015 10th Joint Meeting on Foundations of Software Engineering - ESEC/FSE 2015  
DOM-based cross-site scripting (XSS) is a client-side code injection vulnerability that results from unsafe dynamic code generation in JavaScript applications, and has few known practical defenses.  ...  The patching mechanism requires no access to server-side code or modification to browsers, and thus is practical as a turnkey defense.  ...  We thank Benjamin Livshits, Adi Yoga Sidi Prabawa, Xinshu Dong and Amarnath Ravikumar for their constructive feedback on the paper.  ... 
doi:10.1145/2786805.2786821 dblp:conf/sigsoft/ParameshwaranBS15 fatcat:s6mqikphgrdj7jesyh23qck7pm

Set-at-a-time access to XML through DOM

Hai Chen, Frank Wm. Tompa
2003 Proceedings of the 2003 ACM symposium on Document engineering - DocEng '03  
The extended DOM greatly simplifies writing some application code, and it can reduce the communications overhead and response time between a client application and the DOM server to provide applications  ...  As validation of our proposals, we present application examples that compare the convenience and efficiency of DOM with and without extensions.  ...  documents are installed on a server, the applications are executed in the client, and each time the client calls the extended DOM interface, communication messages are exchanged between the client and  ... 
doi:10.1145/958260.958261 fatcat:bhbrrzaztjdapii7cbnozmprqa

Virtual DOM coverage for effective testing of dynamic web applications

Yunxiao Zou, Zhenyu Chen, Yunhui Zheng, Xiangyu Zhang, Zebao Gao
2014 Proceedings of the 2014 International Symposium on Software Testing and Analysis - ISSTA 2014  
The tree models execution on both the client-and server-sides such that V-DOM coverage is more effective than existing coverage criteria in web application testing.  ...  Test selection based on V-DOM tree criterion substantially outperforms the existing code coverage and UI element coverage, by detecting more faults.  ...  [22] with reasonable overhead?  ... 
doi:10.1145/2610384.2610399 dblp:conf/issta/ZouCZZG14 fatcat:nynuf755cvccrbn7qqgcypi4ly

Set-at-a-time access to XML through DOM

Hai Chen, Frank Wm. Tompa
2003 Proceedings of the 2003 ACM symposium on Document engineering - DocEng '03  
The extended DOM greatly simplifies writing some application code, and it can reduce the communications overhead and response time between a client application and the DOM server to provide applications  ...  As validation of our proposals, we present application examples that compare the convenience and efficiency of DOM with and without extensions.  ...  documents are installed on a server, the applications are executed in the client, and each time the client calls the extended DOM interface, communication messages are exchanged between the client and  ... 
doi:10.1145/958220.958261 dblp:conf/doceng/ChenT03 fatcat:lzrj3hlyivb5do4ffo6nfrfr7e

Static DOM event dependency analysis for testing web applications

Chungha Sung, Markus Kusano, Nishant Sinha, Chao Wang
2016 Proceedings of the 2016 24th ACM SIGSOFT International Symposium on Foundations of Software Engineering - FSE 2016  
, which is crucial for analyzing the behavior of a client-side web application.  ...  Although static analysis techniques have been routinely used on software written in traditional programming languages, such as Java and C++, adapting them to handle JavaScript code and the HTML DOM is  ...  that such dependencies are crucial in reasoning about client-side web applications.  ... 
doi:10.1145/2950290.2950292 dblp:conf/sigsoft/SungKS016 fatcat:nhngcwrlizdrblam4f5iba76qq

DoDOM: Leveraging DOM Invariants for Web 2.0 Application Robustness Testing

Karthik Pattabiraman, Benjamin Zorn
2010 2010 IEEE 21st International Symposium on Software Reliability Engineering  
DoDOM repeatedly executes the application under a trace of recorded user actions and observes the client-side behavior of the application in terms of its DOM structure.  ...  We show that invariants exist for real applications and can be learned within a reasonable number of executions.  ...  We also thank Suzanne Zorn for help with editing this paper and the anonymous reviewers for helpful feedback.  ... 
doi:10.1109/issre.2010.17 dblp:conf/issre/PattabiramanZ10 fatcat:bjwi22tijbds5b2dgwcdh7pqzi

A Formal Semantics of the Core DOM in Isabelle/HOL

Achim D. Brucker, Michael Herzberg
2018 Companion of the The Web Conference 2018 on The Web Conference 2018 - WWW '18  
Formalizing the key concepts of the DOM is a prerequisite for the formal reasoning over client-side JavaScript programs and for the analysis of security concepts in modern web browsers.  ...  ., can be extended without the need of re-proving already proven properties and (2) executable, i.e., we can generate executable code from our specification.  ...  The authors focus on providing a formal foundation for reasoning over client-side JavaScript programs that modify the DOM.  ... 
doi:10.1145/3184558.3185980 dblp:conf/www/BruckerH18 fatcat:bs226xgeirgrbnjv5fdabbykgm

An Information Flow Monitor for a Core of DOM [chapter]

Ana Almeida-Matos, José Fragoso Santos, Tamara Rezk
2014 Lecture Notes in Computer Science  
We propose and prove sound a novel, purely dynamic, flowsensitive monitor for securing information flow in an imperative language extended with DOM-like tree operations, that we call Core DOM.  ...  In Core DOM, as in the DOM API, tree nodes are treated as first-class values.  ...  [7] propose a compositional and concise formal specification of the DOM called Minimal DOM.  ... 
doi:10.1007/978-3-662-45917-1_1 fatcat:iauddpotive35o6k6j5uy2joiq

Delivering new web content reusing remote and heterogeneous sites. A DOM-based approach

Luis Álvarez Sabucedo, Luis Anido Rifón
2005 Special interest tracks and posters of the 14th international conference on World Wide Web - WWW '05  
This solution permits the partial reuse of external and heterogeneous web contents with no need for client (browser) modifications and just minor changes for web servers.  ...  Unlike common links to other resources, which retrieves the whole resource, we propose an approach where partial retrieval is possible: the unit for data reuse is a node in a DOM tree.  ...  The main reasons to choose this format are: • This schema for URLs fits with the current specifications provided in the RFC about URL [2] . • It is quite simple to integrate it in already developed software  ... 
doi:10.1145/1062745.1062830 dblp:conf/www/SabucedoA05 fatcat:2h3pkxo4ibej5hkfdg4f6l75am

taDOM: A Tailored Synchronization Concept with Tunable Lock Granularity for the DOM API [chapter]

Michael P. Haustein, Theo Härder
2003 Lecture Notes in Computer Science  
Therefore, the taDOM tree and the related lock modes are adjusted to the specific properties of the DOM API.  ...  For this reason, we design a tailored lock concept using a combination of node locks, navigation locks, and logical locks in order to synchronize concurrent accesses to XML documents via the DOM API.  ...  The structure and node types of the taDOM tree are specifically tailored to the properties of the DOM API.  ... 
doi:10.1007/978-3-540-39403-7_9 fatcat:qs46x5qponf7lgo6ai4kgnml5q

Towards the Digital Preservation of DOM-Node-Keyed Scholarly Web Annotations

Martin Paul Eve
2017 Journal of Librarianship and Scholarly Communication  
However, when the DOM structure changes, for any reason, or browser rendering engines parse the underlying source differently, annotations can be orphaned and incorrectly re-attached.  ...  It concludes with a series of recommendations for changes in practice and infrastructure that work towards the digital preservation of DOM-node-keyed scholarly web annotations.  ...  ACKNOWLEDGEMENTS The author wishes to thank Columbia University's Group for Experimental Methods in the Humanities and Birkbeck, University of London's Centre for Technology and Publishing for the productive  ... 
doi:10.7710/2162-3309.2178 fatcat:ts7f6up3jjao3e3gmf5jlqyfgi

Dom w mieście – w poszukiwaniu tożsamości współczesnych zespołów mieszkaniowych

Patrycja Haupt, András Cseh
2020 Środowisko Mieszkaniowe  
Jaki jest współczesny dom w mieście?  ...  Dom w mieście, staje się częścią miasta, jego budulcem, a równocześnie enklawą -otwartą, gościnną, lub twierdzą właściciela.  ...  In the twenty-first century, certain public functions disintegrate from urban tissue and become a part of an individual spatial structure. The reasons behind this vary.  ... 
doi:10.4467/25438700sm.20.010.12213 fatcat:ckxpx2zvnbft3gr4lvn7tzmiga

DOMISA: DOM-based Information Space Adsorption for Web Information Hierarchy Mining [chapter]

Hung-Yu Kao, Jan-Ming Ho, Ming-Syan Chen
2004 Proceedings of the 2004 SIAM International Conference on Data Mining  
object model (DOM) trees of pages to build information hierarchies.  ...  Our DOM-based Information Space Adsorption (DOMISA) system applies information theory to map information in a page into an information space, and our gradient tree adsorption (GTA) process uses the document  ...  applying the specific information adsorption method.  ... 
doi:10.1137/1.9781611972740.29 dblp:conf/sdm/KaoHC04 fatcat:jj7ojdq7grd4leo6tqzdzym4ji
« Previous Showing results 1 — 15 out of 10,710 results