How the Web Tangled Itself: Uncovering the History of Client-Side Web (In)Security

Ben Stock -USENIX 2017 -How the Web Tangled Itself Motivation... • Web's client side becomes more powerful every day • grew from static HTML rendering to fully-fledged applications • many "enabling" APIs such as postMessages • Development also carries security issues • specific to the Web, e.g., XSS • general issues: e.g., trusting data from untrusted sources • Web grew without a security blueprint into the "Tangled Web"