Chinese Journal of Network and Information Security ›› 2018, Vol. 4 ›› Issue (11): 69-77.doi: 10.11959/j.issn.2096-109x.2018093

• Papers • Previous Articles    

Rule-defect oriented browser XSS filter test method

Zhijie GUI1,2,Hui SHU1,2   

  1. 1 School of Cyberspace Security,Information Support Engineering University of PLA,Zhengzhou 450001,China
    2 State Key Laboratory of Mathematical Engineering and Advanced Computing,Zhengzhou 450001,China
  • Revised:2018-11-05 Online:2018-11-01 Published:2019-01-03


In order to alleviate XSS (cross-site scripting) attacks,modern browsers use XSS filters for defense.It is difficult to effectively test and evaluate the security of browser XSS filters.The rule-defect is the defect and security problem in the implementation process of browser XSS filter.The formal definition,design test sample and scene generation algorithm were presented for browser XSS filter rule-defects.In order to quantitatively test and evaluate the filtering level of different browser XSS filters,combined with filtering success rate,false positive rate,input loss calculation filtering ability.Based on the proposed method,the prototype system is designed to automate the testing of several mainstream browser XSS filters,and the XSS filtering capabilities of different browsers are obtained.Further,after actual testing,the system also has the ability to discover undisclosed vulnerabilities.

Key words: cross-site scripting attack, browser XSS filter, rule-defect, filtering capabilitiy

CLC Number: 

No Suggested Reading articles found!