38 Hits in 5.4 sec

Reachability Analysis of the HTML5 Parser Specification and Its Application to Compatibility Testing [chapter]

Yasuhiko Minamide, Shunsuke Mori
2012 Lecture Notes in Computer Science  
In this paper, we develop a reachability analyzer for the parsing specification of HTML5 and automatically generate HTML documents to test compatibilities of Web browsers.  ...  This analysis is based on a translation of the specification to a conditional pushdown system and on a new algorithm for the reachability analysis of conditional pushdown systems.  ...  We are planning to address this limitation by checking the reachability to the first point where a destructive operation on the stack is required.  ... 
doi:10.1007/978-3-642-32759-9_26 fatcat:rpfnksc4hfcrhcomi63biyzykq

An On-The-Fly Algorithm for Conditional Weighted Pushdown Systems

Hua Vy Le Thanh, Xin Li
2014 IPSJ Online Transactions  
We developed an on-the-fly model checker for CWPDSs and apply it to models generated from the reachability analysis of the HTML5 parser specification.  ...  CWPDSs or its instance are shown to have wide applications in analysis of objected-oriented programs, access rights analysis, etc.  ...  Acknowledgments We would like to thank Yasuhiko Minamide for sharing us with their model and test data generated from HTML5 parser specifications. We thank Mizuhito Ogawa for comments and support.  ... 
doi:10.2197/ipsjtrans.7.132 fatcat:452zlxjtcfdyzagcng677u4sem

Faster reachability analysis for LR(1) parsers

Frédéric Bour, François Pottier
2021 Proceedings of the 14th ACM SIGPLAN International Conference on Software Language Engineering  
Among other applications, this vastly improves the scalability of Jeffery's error reporting technique (2003), where a mapping of (reachable) error states to messages must be created and maintained.  ...  For each transition in the automaton, the problem is to determine under what conditions this transition can be taken, that is, which (minimal) input fragment and which lookahead symbol allow taking this  ...  that achieves good coverage of the parser's code and can be used for testing the HTML5 parsers found in industrial browsers.  ... 
doi:10.1145/3486608.3486903 fatcat:5rlf6zdkdzfazf4hd4dwht2ynq

Parallel parsing made practical

Alessandro Barenghi, Stefano Crespi Reghizzi, Dino Mandrioli, Federica Panella, Matteo Pradella
2015 Science of Computer Programming  
Furthermore, to complete the framework of a parallel input analysis, a parallel scanner can also combined with the parser.  ...  To prove the practicality of a parallel lexing and parsing approach, we report the results of the adaptation of JSON and Lua to a form fit for parallel parsing (i.e. an operator-precedence grammar) through  ...  Table 1 : 1 Total text analysis times of the JSON test-bench files, for both the server and mobile platform.  ... 
doi:10.1016/j.scico.2015.09.002 fatcat:h5xzooyiizh3vkmc6pwvnl63u4


Hardik Joshi, Arnav Gupta
2018 International Journal of Research in Engineering and Technology  
We present our analyses using statistics obtained with this dataset and pick the top 100 mostly connected ASes and use them for further analysis.  ...  In this two part project, we plan to understand the relation-ships between Autonomous Systems (ASes) on the Internet and derive inferences between theoretical and practical rout-ing scenarios.  ...  It makes use of the widely implemented SVG, HTML5, and CSS standards. It is the successor to the earlier Protovis framework.  ... 
doi:10.15623/ijret.2018.0701003 fatcat:m2xzo5qtznanxjctcyrjlvqp5u

GAT: Platform for automatic context-aware mobile services for m-tourism

M.C. Rodriguez-Sanchez, J. Martinez-Romo, S. Borromeo, J.A. Hernandez-Tamames
2013 Expert systems with applications  
Despite the recent advances in mobile tourism systems, most of the wayfinding applications have still to deal with some problems: a huge amount of tourist information to manage, guidance for indoor and  ...  In GAT, users are able to generate wayfinding applications for indoor and outdoor environments through a web form without the need for programming skills, assisted by a system of automatic generation and  ...  Then, they tested the wayfinding applications and provide us the feedback. The most users were able to generate guidance applications without a previous experience in programming applications.  ... 
doi:10.1016/j.eswa.2013.01.031 fatcat:tfsbnkhm5nbb3darmmvw43xdui

Most Websites Don't Need to Vibrate: A Cost-Benefit Approach to Improving Browser Security [article]

Peter Snyder, Cynthia Taylor, Chris Kanich
2017 arXiv   pre-print
We model the benefit as the number of websites that require the feature for some user-visible benefit, and the cost as the number of CVEs, lines of code, and academic attacks related to the functionality  ...  Many of these features benefit users by enabling new types of web applications.  ...  ACKNOWLEDGEMENTS Thank you to Joshua Castor and Moin Vahora for performing the manual website analysis.  ... 
arXiv:1708.08510v2 fatcat:yfzavsqbk5hihb5pzik3jxjhbe

Gradual typing embedded securely in JavaScript

Nikhil Swamy, Cedric Fournet, Aseem Rastogi, Karthikeyan Bhargavan, Juan Chen, Pierre-Yves Strub, Gavin Bierman
2014 Proceedings of the 41st ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages - POPL '14  
After type-checking, the compiler instruments the program with various checks to ensure the type safety of TS despite its interactions with arbitrary JavaScript contexts, which are free to use eval, stack  ...  To address the former problem, various forms of gradual typing have been proposed, such as Closure and TypeScript.  ...  Acknowledgments Many thanks to Martín Abadi, Antoine Delignat-Lavaud, Jeremy Siek, Phil Wadler, and all the anonymous reviewers.  ... 
doi:10.1145/2535838.2535889 dblp:conf/popl/SwamyFRBCSB14 fatcat:ijdjwahimvfxdkguhpo6k62kli

Understanding and Mitigating the Security Risks of Content Inclusion in Web Browsers [article]

Sajjad Arshad
2020 arXiv   pre-print
Thanks to the wide range of features offered by web browsers, modern websites include various types of content such as JavaScript and CSS in order to create interactive user interfaces.  ...  Due to the high degree of privilege extensions can hold, extensions have been abused to inject advertisements into web pages that divert revenue from content publishers and potentially expose users to  ...  While there is certainly an overlap between dynamic taint analysis and provenance, taint analysis is most often focused on simple reachability between sources and sinks, while provenance is concerned with  ... 
arXiv:2001.03643v1 fatcat:gl5zp7vamfaqfhn4qenui6q55q

Report from Dagstuhl Seminar Scripting Languages and Frameworks: Analysis and Verification 1 Executive Summary

Fritz Henglein, Ranjit Jhala, Shriram Krishnamurthi, Peter Thiemann, Fritz Ranjit, Jhala Shriram, Krishnamurthi Peter, Thiemann License
Seminar   unpublished
had breakout sessions devoted to crosscutting topics that were of broad interest across the community, including, how to create shared analysis infrastructure, how to think about the semantics of contracts  ...  This report documents the program and the outcomes of Dagstuhl Seminar 14271 "Scripting Languages and Frameworks: Analysis and Verification".  ...  Static application security testing (SAST) is a widely used technique that helps to find security vulnerabilities in program code at an early stage in the software development lifecycle.  ... 

An End-To-End Toolset For The Creation And Delivery Of Video-Based Multi-Device Content

I. Fraile
2018 Zenodo  
We introduce an end-to-end toolset for the production and delivery of synchronous multi-device content.  ...  We outline the application scenario requirements and the challenges involved in creating video content that works across the TV, companion screens and head mounted displays.  ...  Acknowledgements Authors are grateful to: the members of ACAPO -Porto and ACAPO -Aveiro, who accepted to be part of the focus group, for their openness and kindness; and FCT and FSE for the financial support  ... 
doi:10.5281/zenodo.1402979 fatcat:gehlqemtongildlquzjz4dyzwe

Automatic and Context-Aware Cross-Site Scripting Filter Evasion p g AUTOMATIC AND CONTEXT-AWARE CROSS-SITE SCRIPTING FILTER EVASION

Management Engineering, Antonio Ruberti, Fabrizio D'amore, Management Engineering, Antonio Ruberti, Mauro Gentile, Management Engineering, Antonio Ruberti
2012 unpublished
This work proposes an approach and a tool-named snuck-for web application penetration testing, which can definitely help in finding hard-to-spot and advanced XSS vulnerabilities.  ...  Results of several tests on many popular Content Management Systems proved the benefits of this approach: no other web vulnerability scanner would have been able to discover some advanced ways to bypass  ...  The XSS Injector works as core of the injection process, it asks the Use Case Parser to parse the Selenium commands within the XML file given in input (Step I), and to translate them into browser events  ... 

On the (in)security of service APIs [article]

Martin Hristov Georgiev
While interesting, this class of vulnerabilities is not specific to hybrid apps and we leave its detailed analysis to future work.  ...  RFC 2818 advises the implementors to use "SubjectAlt-Names" as the main source of server identifiers and support "Common Name" for backward compatibility only, but most of the software we tested does it  ...  Browsers conforming to the HTML5 specifications provide the postMessage API for communication between frames from different origins.  ... 
doi:10.15781/t2d34b fatcat:bznhtaddivfyhchykatka4rx4m

Proactive Web Security and Privacy Systems without Breaking Compatibility

Xiang Pan
2017 unpublished
Generally, a proactive system should address the following two challenges: first, how to block the attacks when the enemy is unknown; second, how to strive a good balance between security/privacy and compatibility  ...  According to Symantec, 430 million new unique pieces of malware have been discovered in 2015, and over half a billion personal records were stolen or lost in the same year.  ...  Primarily, it statically rewrites ASP.NET applications to separate data and codes; AutoCSP [54] uses dynamic taint analysis in PHP to find trusted elements of dynamically generated HTML pages and then  ... 
doi:10.21985/n2668g fatcat:67qtmbe5wfbvbpcz7mshmu5jpq

Abstract Contract Synthesis and Verification in the Symbolic K Framework *

María Alpuente, Daniel Pardo, Alicia Villanueva
Thanks to the integrated support for symbolic execution and deductive verification provided by K, some synthesized axioms that cannot be guaranteed to be correct by construction due to abstraction can  ...  We implemented our technique in the automated tool KindSpec 2.1, which generates logical axioms that express pre-and post-condition assertions which define the precise input/output behavior of the C routines  ...  Provided that the syntax and semantics of a programming language are formalized in the internal language of K, the system automatically generates a parser, an interpreter, and formal analysis tools such  ... 
« Previous Showing results 1 — 15 out of 38 results