• ETRI Journal
• /
• v.38 no.2
• /
• pp.376-386
• /
• 2016

Currently, web applications are gaining in prevalence. In a web application, an input may not be appropriately validated, making the web application susceptible to cross-site scripting (XSS), which poses serious security problems for Internet users and websites to whom such trusted web pages belong. A taint inference is a type of information flow analysis technique that is useful in detecting XSS on the client side. However, in existing techniques, two current practical issues have yet to be handled properly. One is URL rewriting, which transforms a standard URL into a clearer and more manageable form. Another is HTML sanitization, which filters an input against blacklists or whitelists of HTML tags or attributes. In this paper, we make an analogy between the taint inference problem and the molecule sequence alignment problem in bioinformatics, and transfer two techniques related to the latter over to the former to solve the aforementioned yet-to-be-handled-properly practical issues. In particular, in our method, URL rewriting is addressed using local sequence alignment and HTML sanitization is modeled by introducing a removal gap penalty. Empirical results demonstrate the effectiveness and efficiency of our method.

• Journal of the Korea Society of Computer and Information
• /
• v.13 no.5
• /
• pp.247-253
• /
• 2008

Web 2.0 and Semantic Web technology will be merged to be a next generation Web that leads presentation-oriented Web to data-centric Web. In the next generation Web. semantic processing. Web Platform, and data fusion are most important technology factors. Resolving the Link Rot is the one of the essential technologies to enable these features. The Link Rot causes not only simple annoyances to users but also more serious problems including data integrity. loss of knowledge. breach of service. and so forth. We have suggested a new XRI-based persistent Web link architecture to cure the Link Rot that has been considered as a deep-seated Problem of the Web. The Proposed architecture is based on the XRI suggested by OASIS and it is designed to support a persistent link by using URL rewriting. Since the architecture is designed as a server-side technology, it is superior to existing research especially in Interoperability. Transparency and Adoptability. In addition to this, the architecture provides a metadata identification to be used fer context-aware link resolution.