No description, website, or topics provided.
Switch branches/tags
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
audio
html
img
include
js
json
jsonNew
link
more-stuff/chrome
track
util
video
README.md
config.php
header.php
index.php
stats-general.php
stats-suborigin.php
stats-usenix.php
style.css
style.php

README.md

your-sop.com

The term Same-Origin Policy (SOP) is used to denote a complex set of rules that govern the interaction of different Web Origins within a web application. A subset of these SOP rules controls the interaction between the host document and an embedded document, and this subset is the target of our research (SOP-DOM). In contrast to other important concepts like Web Origins (RFC 6454) or the Document Object Model (DOM), there is no formal specification of the SOP-DOM.

This testbed consists of 865 test cases and 26 tested browsers. In our initial USENIX Security study, we ran 544 different test cases on each of the 10 major web browsers. We show that in addition to Web Origins, access rights granted by SOP-DOM depend on at least three attributes; the type of the embedding element (EE), and sandbox, and CORS attributes. Due to the lack of a formal specification, we also show that a high number different browser behaviors can be detected.