Protecting Private Web Content From Embedded Scripts
Many web pages display personal information provided by users. The goal of this work is to protect that content from untrusted scripts that are embedded in host pages. The authors present a browser modification that provides fine-grained control over what parts of a document are visible to different scripts, and executes untrusted scripts in isolated environments where private information is not accessible. To ease deployment, they present a method for automatically inferring what nodes in a web page contain private content. This paper describes how they modify the Chromium browser to enforce newly defined security policies, presents their automatic policy generation method, and reports on experiments inferring and enforcing privacy policies for a variety of web applications.