Cross-domain (or “Universal XSS”) vulnerabilities have long plagued modern script-enabled web browsers. Shuo Chen of Microsoft Research has developed a new type of defense against these vulnerabilities. A paper on this new approach has been accepted to the 14th ACM Conference on Computer and Communications Security (CCS).
An Analysis of Browser Domain-Isolation Bugs and A Light-Weight Transparent Defense Mechanism
I contributed some time to Shuo’s project and assisted with providing technical background on historical cross-domain vulnerabilities in Internet Explorer.