xJS: Practical XSS Prevention for Web Application Development

The authors present xJS, a practical framework for preventing code-injections in the web environment and thus assisting for the development of XSS-free web applications. xJS aims on being fast, developer-friendly and providing backwards compatibility. They implement and evaluate the solution in three leading web browsers and in the Apache web server. They show that the framework can successfully prevent all 1,380 real-world attacks that were collected from a well-known XSS attack repository. Furthermore, the framework imposes negligible computational overhead in both the server and the client side, and has no negative side-effects in the overall user's browsing experience.