Logo des Repositoriums
 

Is MathML dangerous?

dc.contributor.authorSpäth, Christopher
dc.contributor.editorLangweg, Hanno
dc.contributor.editorMeier, Michael
dc.contributor.editorWitt, Bernhard C.
dc.contributor.editorReinhardt, Delphine
dc.date.accessioned2018-03-22T12:40:43Z
dc.date.available2018-03-22T12:40:43Z
dc.date.issued2018
dc.description.abstractHTML5 forms the basis for modern web development and merges different standards. One of these standards is MathML. It is used to express and display mathematical statements. However, with more standards being natively integrated into HTML5 the processing model gets inherently more complex. In this paper, we evaluate the security risks of MathML. We created a semi-automatic test suite and studied the JavaScript code execution and the XML processing in MathML. We added also the Content-Type handling of major browsers to the picture. We discovered a novel way to manipulate the browser’s status line without JavaScript and found two novel ways to execute JavaScript code, which allowed us to bypass several sanitizers. The fact, that JavaScript code embedded in MathML can access session cookies worsens matters even more.de
dc.identifier.doi10.18420/sicherheit2018_09
dc.identifier.isbn978-3-88579-675-6
dc.identifier.pissn1617-5468
dc.identifier.urihttps://dl.gi.de/handle/20.500.12116/16299
dc.language.isode
dc.publisherGesellschaft für Informatik e.V.
dc.relation.ispartofSICHERHEIT 2018
dc.relation.ispartofseriesLecture Notes in Informatics (LNI) - Proceedings, Volume P-281
dc.subjectMathML
dc.subjectWeb Security
dc.subjectXSS
dc.titleIs MathML dangerous?de
dc.typeText/Conference Paper
gi.citation.endPage132
gi.citation.publisherPlaceBonn
gi.citation.startPage119
gi.conference.date25.-27. April 2018
gi.conference.locationKonstanz, Germany
gi.conference.sessiontitleWissenschaftliche Beiträge

Dateien

Originalbündel
1 - 1 von 1
Lade...
Vorschaubild
Name:
sicherheit2018-09.pdf
Größe:
260.34 KB
Format:
Adobe Portable Document Format