Code-Injection Attacks in Browsers Supporting Policies
Code-injection attacks can take place in a large variety of layers, from native code to databases and web applications. The latter case involves mainly client-side code injection in the browser environment, also known as Cross-Site Scripting (XSS). There are numerous ways to defeat XSS attacks, from static and taint analysis to policy enforcement in the web browser. This paper enlists new forms of XSS attacks that seek to bypass browser enforced policies. The attacks outlined in this paper resemble the classic return-to-libc attack in native code. The paper proposes a new form of code isolation, based on browser actions, in order to mitigate the problem.