{"id":13357,"date":"2021-12-09T20:56:17","date_gmt":"2021-12-10T01:56:17","guid":{"rendered":"https:\/\/carleton.ca\/scs\/?page_id=13357"},"modified":"2021-12-09T20:56:17","modified_gmt":"2021-12-10T01:56:17","slug":"tr-11-04-enhancing-web-page-security-with-security-style-sheets","status":"publish","type":"page","link":"https:\/\/carleton.ca\/scs\/research\/scs-technical-reports\/technical-reports-2011\/tr-11-04-enhancing-web-page-security-with-security-style-sheets\/","title":{"rendered":"TR-11-04: Enhancing Web Page Security with Security Style Sheets"},"content":{"rendered":"<p>Carleton University<br \/>\n<a href=\"https:\/\/carleton.ca\/scs\/research\/scs-technical-reports\/technical-reports-2011\/\">Technical Report<\/a> TR-11-04<br \/>\nFebruary 22, 2011<\/p>\n<h2 class=\"tr_t1\">Enhancing Web Page Security with Security Style Sheets<\/h2>\n<div class=\"tr_t3\">\n<div class=\"tr_t3\">\n<div class=\"tr_t3\">\n<div class=\"tr_t3\">\n<div class=\"tr_t3\">\n<div class=\"tr_t3\">\n<div class=\"tr_t3\">\n<div class=\"tr_t3\">\n<div class=\"tr_t3\">Terri Oda &amp; Anil Somayaji<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<div>\n<h3>Abstract<\/h3>\n<p>Although the web security community now has a variety of techniques that could help web developers to defend against common attacks such as cross-site scripting and cross-site request forgery, this work is not in a form suitable for general use. What is needed is a web standard that unites these techniques using syntax and semantics that are easy for web developers to learn and straightforward for browser makers to implement. Here we propose such a standard, Security Style Sheets, a browser-enforced policy language modelled on Cascading Style Sheets. Security Style Sheets provides an extensible policy framework that allows for policy to be separated from content and to be specified at both coarse and fine levels of granularity. In this paper we present the syntax and semantics of Security Style Sheets, explain its relationship with past web security proposals and CSS, and give examples of how it could be used to protect mainstream websites such as Facebook. Also in the model of CSS and the Acid3 tests, we present a conformance suite for Security Style Sheets.<\/p>\n<p><a href=\"https:\/\/carleton.ca\/scs\/wp-content\/uploads\/TR-11-04.pdf\">TR-11-04.pdf<\/a><\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>Carleton University Technical Report TR-11-04 February 22, 2011 Enhancing Web Page Security with Security Style Sheets Terri Oda &amp; Anil Somayaji Abstract Although the web security community now has a variety of techniques that could help web developers to defend against common attacks such as cross-site scripting and cross-site request forgery, this work is not [&hellip;]<\/p>\n","protected":false},"author":49,"featured_media":0,"parent":12489,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_relevanssi_hide_post":"","_relevanssi_hide_content":"","_relevanssi_pin_for_all":"","_relevanssi_pin_keywords":"","_relevanssi_unpin_keywords":"","_relevanssi_related_keywords":"","_relevanssi_related_include_ids":"","_relevanssi_related_exclude_ids":"","_relevanssi_related_no_append":"","_relevanssi_related_not_related":"","_relevanssi_related_posts":"","_relevanssi_noindex_reason":"","_mi_skip_tracking":false,"_exactmetrics_sitenote_active":false,"_exactmetrics_sitenote_note":"","_exactmetrics_sitenote_category":0,"footnotes":"","_links_to":"","_links_to_target":""},"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v21.2 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>TR-11-04: Enhancing Web Page Security with Security Style Sheets - School of Computer Science<\/title>\n<meta name=\"description\" content=\"Carleton University Technical Report TR-11-04 February 22, 2011 Enhancing Web Page Security with Security Style Sheets Terri Oda &amp; Anil Somayaji\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/carleton.ca\/scs\/research\/scs-technical-reports\/technical-reports-2011\/tr-11-04-enhancing-web-page-security-with-security-style-sheets\/\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/carleton.ca\/scs\/research\/scs-technical-reports\/technical-reports-2011\/tr-11-04-enhancing-web-page-security-with-security-style-sheets\/\",\"url\":\"https:\/\/carleton.ca\/scs\/research\/scs-technical-reports\/technical-reports-2011\/tr-11-04-enhancing-web-page-security-with-security-style-sheets\/\",\"name\":\"TR-11-04: Enhancing Web Page Security with Security Style Sheets - School of Computer Science\",\"isPartOf\":{\"@id\":\"https:\/\/carleton.ca\/scs\/#website\"},\"datePublished\":\"2021-12-10T01:56:17+00:00\",\"dateModified\":\"2021-12-10T01:56:17+00:00\",\"description\":\"Carleton University Technical Report TR-11-04 February 22, 2011 Enhancing Web Page Security with Security Style Sheets Terri Oda &amp; Anil Somayaji\",\"breadcrumb\":{\"@id\":\"https:\/\/carleton.ca\/scs\/research\/scs-technical-reports\/technical-reports-2011\/tr-11-04-enhancing-web-page-security-with-security-style-sheets\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/carleton.ca\/scs\/research\/scs-technical-reports\/technical-reports-2011\/tr-11-04-enhancing-web-page-security-with-security-style-sheets\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/carleton.ca\/scs\/research\/scs-technical-reports\/technical-reports-2011\/tr-11-04-enhancing-web-page-security-with-security-style-sheets\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/carleton.ca\/scs\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Research\",\"item\":\"https:\/\/carleton.ca\/scs\/research\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"SCS Technical Reports\",\"item\":\"https:\/\/carleton.ca\/scs\/research\/scs-technical-reports\/\"},{\"@type\":\"ListItem\",\"position\":4,\"name\":\"Technical Reports 2011\",\"item\":\"https:\/\/carleton.ca\/scs\/research\/scs-technical-reports\/technical-reports-2011\/\"},{\"@type\":\"ListItem\",\"position\":5,\"name\":\"TR-11-04: Enhancing Web Page Security with Security Style Sheets\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/carleton.ca\/scs\/#website\",\"url\":\"https:\/\/carleton.ca\/scs\/\",\"name\":\"School of Computer Science\",\"description\":\"Carleton University\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/carleton.ca\/scs\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"TR-11-04: Enhancing Web Page Security with Security Style Sheets - School of Computer Science","description":"Carleton University Technical Report TR-11-04 February 22, 2011 Enhancing Web Page Security with Security Style Sheets Terri Oda &amp; Anil Somayaji","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/carleton.ca\/scs\/research\/scs-technical-reports\/technical-reports-2011\/tr-11-04-enhancing-web-page-security-with-security-style-sheets\/","twitter_misc":{"Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/carleton.ca\/scs\/research\/scs-technical-reports\/technical-reports-2011\/tr-11-04-enhancing-web-page-security-with-security-style-sheets\/","url":"https:\/\/carleton.ca\/scs\/research\/scs-technical-reports\/technical-reports-2011\/tr-11-04-enhancing-web-page-security-with-security-style-sheets\/","name":"TR-11-04: Enhancing Web Page Security with Security Style Sheets - School of Computer Science","isPartOf":{"@id":"https:\/\/carleton.ca\/scs\/#website"},"datePublished":"2021-12-10T01:56:17+00:00","dateModified":"2021-12-10T01:56:17+00:00","description":"Carleton University Technical Report TR-11-04 February 22, 2011 Enhancing Web Page Security with Security Style Sheets Terri Oda &amp; Anil Somayaji","breadcrumb":{"@id":"https:\/\/carleton.ca\/scs\/research\/scs-technical-reports\/technical-reports-2011\/tr-11-04-enhancing-web-page-security-with-security-style-sheets\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/carleton.ca\/scs\/research\/scs-technical-reports\/technical-reports-2011\/tr-11-04-enhancing-web-page-security-with-security-style-sheets\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/carleton.ca\/scs\/research\/scs-technical-reports\/technical-reports-2011\/tr-11-04-enhancing-web-page-security-with-security-style-sheets\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/carleton.ca\/scs\/"},{"@type":"ListItem","position":2,"name":"Research","item":"https:\/\/carleton.ca\/scs\/research\/"},{"@type":"ListItem","position":3,"name":"SCS Technical Reports","item":"https:\/\/carleton.ca\/scs\/research\/scs-technical-reports\/"},{"@type":"ListItem","position":4,"name":"Technical Reports 2011","item":"https:\/\/carleton.ca\/scs\/research\/scs-technical-reports\/technical-reports-2011\/"},{"@type":"ListItem","position":5,"name":"TR-11-04: Enhancing Web Page Security with Security Style Sheets"}]},{"@type":"WebSite","@id":"https:\/\/carleton.ca\/scs\/#website","url":"https:\/\/carleton.ca\/scs\/","name":"School of Computer Science","description":"Carleton University","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/carleton.ca\/scs\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"}]}},"acf":{"banner_image_type":"none","banner_button":"no"},"_links":{"self":[{"href":"https:\/\/carleton.ca\/scs\/wp-json\/wp\/v2\/pages\/13357"}],"collection":[{"href":"https:\/\/carleton.ca\/scs\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/carleton.ca\/scs\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/carleton.ca\/scs\/wp-json\/wp\/v2\/users\/49"}],"replies":[{"embeddable":true,"href":"https:\/\/carleton.ca\/scs\/wp-json\/wp\/v2\/comments?post=13357"}],"version-history":[{"count":1,"href":"https:\/\/carleton.ca\/scs\/wp-json\/wp\/v2\/pages\/13357\/revisions"}],"predecessor-version":[{"id":13358,"href":"https:\/\/carleton.ca\/scs\/wp-json\/wp\/v2\/pages\/13357\/revisions\/13358"}],"up":[{"embeddable":true,"href":"https:\/\/carleton.ca\/scs\/wp-json\/wp\/v2\/pages\/12489"}],"wp:attachment":[{"href":"https:\/\/carleton.ca\/scs\/wp-json\/wp\/v2\/media?parent=13357"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}