This repository contains the accompanying materials for the paper Hand Sanitizers in the Wild: A Large-scale Study of Custom JavaScript Sanitizer Functions by David Klein, Thomas Barber, Souphiane Bensalim, Ben Stock and Martin Johns.
@inproceedings{KleBarBen+22,
author = {David Klein and Thomas Barber and Souphiane Bensalim and Ben Stock and Martin Johns},
title = {Hand Sanitizers in the Wild: A Large-scale Study of Custom JavaScript Sanitizer Functions},
booktitle = {Proc. of the IEEE European Symposium on Security and Privacy},
year = {2022},
month = jun,
}If you have any questions please do not hesitate to contact us :)
We are currently working on open sourcing additional components, pending intellectual property approval from the involved industrial partner, and will update this page accordingly.
The taint browser used throughout our study is open source on Github as Project Foxhound. We used Version 80 for all our experiments.
The changes we made to the MONA library are available on Github as well.
As discussed in Section 5.2.4, two working drafts to combat XSS are currently in the works: Trusted Types and the Sanitizer API. We included a sample website showcasing the protection offered by both.