On the Integrity of Cross-Origin JavaScripts - ICT Systems Security and Privacy Protection Access content directly
Conference Papers Year : 2018

On the Integrity of Cross-Origin JavaScripts

Jukka Ruohonen
  • Function : Author
  • PersonId : 1042910
Joonas Salovaara
  • Function : Author
  • PersonId : 1042911
Ville Leppänen
  • Function : Author
  • PersonId : 1042912


The same-origin policy is a fundamental part of the Web. Despite the restrictions imposed by the policy, embedding of third-party JavaScript code is allowed and commonly used. Nothing is guaranteed about the integrity of such code. To tackle this deficiency, solutions such as the subresource integrity standard have been recently introduced. Given this background, this paper presents the first empirical study on the temporal integrity of cross-origin JavaScript code. According to the empirical results based on a ten day polling period of over 35 thousand scripts collected from popular websites, (i) temporal integrity changes are relatively common; (ii) the adoption of the subresource integrity standard is still in its infancy; and (iii) it is possible to statistically predict whether a temporal integrity change is likely to occur. With these results and the accompanying discussion, the paper contributes to the ongoing attempts to better understand security and privacy in the current Web.
Fichier principal
Vignette du fichier
472722_1_En_27_Chapter.pdf (172.15 Ko) Télécharger le fichier
Origin Files produced by the author(s)

Dates and versions

hal-02023735 , version 1 (21-02-2019)




Jukka Ruohonen, Joonas Salovaara, Ville Leppänen. On the Integrity of Cross-Origin JavaScripts. 33th IFIP International Conference on ICT Systems Security and Privacy Protection (SEC), Sep 2018, Poznan, Poland. pp.385-398, ⟨10.1007/978-3-319-99828-2_27⟩. ⟨hal-02023735⟩
52 View
55 Download



Gmail Mastodon Facebook X LinkedIn More