External Link
https://dl.acm.org/doi/10.1145/1866307.1866376
BibTeX
@inproceedings{10.1145/1866307.1866376, author = {Huang, Lin-Shung and Weinberg, Zack and Evans, Chris and Jackson, Collin}, title = {Protecting browsers from cross-origin CSS attacks}, year = {2010}, isbn = {9781450302456}, publisher = {Association for Computing Machinery}, address = {New York, NY, USA}, url = {https://doi.org/10.1145/1866307.1866376}, doi = {10.1145/1866307.1866376}, abstract = {Cross-origin CSS attacks use style sheet import to steal confidential information from a victim website, hijacking a user’s existing authenticated session; existing XSS defenses are ineffective. We show how to conduct these attacks with any browser, even if JavaScript is disabled, and propose a client-side defense with little or no impact on the vast majority of web sites. We have implemented and deployed defenses in Firefox, Google Chrome, and Safari. Our defense proposal has also been adopted by Opera.}, booktitle = {Proceedings of the 17th ACM Conference on Computer and Communications Security}, pages = {619–629}, numpages = {11}, keywords = {CSS, content type, same-origin policy}, location = {Chicago, Illinois, USA}, series = {CCS ‘10} }