I
nte
rna
t
io
na
l J
o
urna
l o
f
E
lect
rica
l a
nd
Co
m
p
ute
r
E
ng
in
ee
ring
(
I
J
E
CE
)
Vo
l.
9
,
No
.
2
,
A
p
r
il
201
9
,
p
p
.
1393
~
1
3
9
8
I
SS
N:
2088
-
8708
,
DOI
: 1
0
.
1
1
5
9
1
/
i
j
ec
e
.
v
9
i
2
.
pp
139
3
-
1398
1393
J
o
ur
na
l ho
m
ep
a
g
e
:
h
ttp
:
//ia
e
s
co
r
e
.
co
m/
jo
u
r
n
a
ls
/in
d
ex
.
p
h
p
/
I
JE
C
E
I
m
a
g
eSub
X
S
S:
a
n i
m
a
g
e s
ubstit
ut
e t
ech
nique
to
prev
ent
Cro
ss
-
Site
Sc
ripting
a
tt
a
ck
s
P
.
M
.
D
.
Na
g
a
rj
un
1
,
Sh
a
ik
S
ha
k
ee
l A
ha
m
a
d
2
1,
2
De
p
a
rtm
e
n
t
o
f
CS
E,
K L
Un
iv
e
rsity
,
V
ij
a
y
a
w
a
d
a
,
In
d
ia
1
Na
g
a
b
o
t
S
o
f
tw
a
r
e
De
v
e
lo
p
m
e
n
t
P
v
t.
L
td
.
,
Ne
ll
o
re
,
In
d
ia
2
CCIS
,
M
a
jm
a
a
h
Un
iv
e
rsit
y
,
M
a
jma
a
h
,
Kin
g
d
o
m
o
f
S
a
u
d
i
A
ra
b
ia
Art
icle
I
nfo
AB
ST
RAC
T
A
r
ticle
his
to
r
y:
R
ec
eiv
ed
A
p
r
2
0
,
2
0
1
8
R
ev
i
s
ed
No
v
6
,
2
0
1
8
A
cc
ep
ted
No
v
30
,
2
0
1
8
Cro
ss
-
S
it
e
S
c
ri
p
ti
n
g
(
X
S
S
)
is
o
n
e
o
f
se
rio
u
s
w
e
b
a
p
p
li
c
a
ti
o
n
a
t
tac
k
.
W
e
b
a
p
p
li
c
a
ti
o
n
s
a
re
in
v
o
lv
e
d
in
e
v
e
ry
a
c
ti
v
it
y
o
f
h
u
m
a
n
li
f
e
.
J
a
v
a
S
c
r
ip
t
p
lay
s
a
m
a
jo
r
ro
le
in
th
e
se
w
e
b
a
p
p
li
c
a
ti
o
n
s.
In
X
S
S
a
tt
a
c
k
s
h
a
c
k
e
r
in
jec
t
m
a
li
c
io
u
s
Ja
v
a
S
c
rip
t
in
to
a
tru
ste
d
w
e
b
a
p
p
li
c
a
ti
o
n
,
e
x
e
c
u
ti
o
n
o
f
th
a
t
m
a
li
c
io
u
s
sc
rip
t
m
a
y
st
e
a
l
se
n
siti
v
e
in
f
o
rm
a
ti
o
n
fro
m
th
e
u
se
r.
P
re
v
io
u
s
so
l
u
ti
o
n
s
to
p
re
v
e
n
t
X
S
S
a
t
tac
k
s
re
q
u
ire
a
lo
t
o
f
e
ff
o
rt
to
i
n
teg
ra
te
in
to
e
x
isti
n
g
w
e
b
a
p
p
li
c
a
ti
o
n
s,
so
m
e
so
lu
ti
o
n
s
w
o
rk
s
a
t
c
li
e
n
t
-
sid
e
a
n
d
s
o
m
e
so
lu
ti
o
n
s
w
o
rk
s
b
a
se
d
o
n
f
il
ter
l
ist
w
h
ich
n
e
e
d
s
to
b
e
u
p
d
a
ted
re
g
u
larly
.
In
th
is
p
a
p
e
r,
w
e
p
ro
p
o
s
e
a
n
I
m
a
g
e
S
u
b
sti
tu
te
tec
h
n
i
q
u
e
(Im
a
g
e
S
u
b
XSS
)
to
p
re
v
e
n
t
Cro
ss
-
S
it
e
S
c
ri
p
ti
n
g
a
tt
a
c
k
s
w
h
ich
w
o
rk
s
a
t
th
e
se
rv
e
r
-
sid
e
.
T
h
e
p
ro
p
o
se
d
so
l
u
ti
o
n
is
im
p
lem
e
n
ted
a
n
d
e
v
a
lu
a
ted
o
n
a
n
u
m
b
e
r
o
f
X
S
S
a
tt
a
c
k
s.
W
it
h
a
sin
g
le
li
n
e
,
d
e
v
e
lo
p
e
rs
c
a
n
in
teg
ra
te
I
m
a
g
e
S
u
b
X
S
S
in
t
o
th
e
i
r
a
p
p
li
c
a
ti
o
n
s
a
n
d
th
e
p
r
o
p
o
se
d
so
lu
ti
o
n
is
a
b
le t
o
p
re
v
e
n
t
XSS
a
tt
a
c
k
s eff
e
c
ti
v
e
l
y
.
K
ey
w
o
r
d
s
:
C
r
o
s
s
-
s
it
e
s
cr
ip
tin
g
I
m
ag
e
Su
b
XS
S
Ma
licio
u
s
J
av
a
Scr
ip
t
W
eb
ap
p
licatio
n
attac
k
s
XSS
a
ttac
k
s
Co
p
y
rig
h
t
©
2
0
1
9
In
stit
u
te o
f
A
d
v
a
n
c
e
d
E
n
g
i
n
e
e
rin
g
a
n
d
S
c
ien
c
e
.
Al
l
rig
h
ts
re
se
rv
e
d
.
C
o
r
r
e
s
p
o
nd
ing
A
uth
o
r
:
P
.
M
.
D
.
Nag
ar
j
u
n
,
Dep
ar
t
m
en
t o
f
C
SE
,
K
L
U
n
iv
er
s
it
y
,
Vad
d
es
w
ar
a
m
-
5
2
2
5
0
2
,
Gu
n
tu
r
Dis
tr
ict,
An
d
h
r
a
P
r
ad
esh
,
I
n
d
ia.
E
m
ail: p
m
d
n
r
@
n
a
g
ab
o
t.c
o
m
1.
I
NT
RO
D
UCT
I
O
N
A
cc
o
r
d
in
g
to
th
e
Op
en
W
eb
A
p
p
licatio
n
Sec
u
r
it
y
P
r
o
j
ec
t
(
OW
A
SP
)
,
C
r
o
s
s
-
Sit
e
Scr
ip
ti
n
g
attac
k
s
[
1
]
ar
e
p
o
p
u
lar
an
d
d
an
g
er
o
u
s
w
eb
ap
p
licatio
n
attac
k
s
.
A
t
ta
ck
er
s
i
n
j
ec
t
m
alic
io
u
s
J
av
aScr
ip
t
in
to
v
u
l
n
er
ab
le
w
eb
ap
p
licatio
n
s
.
W
h
e
n
a
u
s
er
o
p
en
s
t
h
at
in
f
ec
ted
w
eb
ap
p
li
ca
tio
n
i
n
t
h
eir
b
r
o
w
s
er
,
m
alici
o
u
s
J
av
a
Scr
ip
t
w
ill
b
e
ex
ec
u
ted
an
d
s
teal
s
co
o
k
ie
s
an
d
o
th
er
s
en
s
iti
v
e
in
f
o
r
m
a
tio
n
f
r
o
m
t
h
e
u
s
er
[
2
]
.
XSS
v
u
l
n
er
ab
ilit
ies
ar
e
g
r
o
w
i
n
g
e
v
er
y
y
ea
r
,
XSS
attac
k
s
i
n
cr
ea
s
ed
b
y
3
9
%
in
2
0
1
7
an
d
a
l
m
o
s
t
7
9
%
o
f
w
eb
ap
p
licatio
n
s
h
a
v
i
n
g
v
u
ln
er
ab
le
J
av
aScr
ip
t lib
r
ar
y
[
3
]
.
P
HP
is
a
p
o
p
u
lar
p
r
o
g
r
a
m
m
in
g
lan
g
u
ag
e
u
s
ed
to
d
ev
elo
p
w
eb
ap
p
licatio
n
s
.
I
t
is
ea
s
y
to
lear
n
an
d
w
it
h
t
h
is
,
it
is
ea
s
y
to
d
ev
elo
p
w
eb
s
ites
.
So
a
lo
t
o
f
d
ev
elo
p
er
s
w
it
h
o
u
t p
r
o
p
er
k
n
o
w
led
g
e
o
f
s
ec
u
r
it
y
d
e
v
elo
p
in
g
w
eb
ap
p
licatio
n
s
w
i
th
a
lo
t o
f
v
u
l
n
er
ab
ilit
ie
s
.
P
r
o
p
o
s
ed
I
m
a
g
eS
u
b
XS
S
w
i
ll
p
r
ev
en
t
C
r
o
s
s
-
S
ite
Scr
ip
tin
g
attac
k
s
,
t
h
is
s
o
l
u
tio
n
w
o
r
k
s
at
th
e
s
er
v
er
s
id
e.
I
m
ag
e
Su
b
X
SS
is
i
m
p
le
m
en
ted
an
d
test
ed
w
i
th
P
HP
lan
g
u
a
g
e.
T
h
e
r
est
o
f
t
h
e
p
a
p
er
is
o
r
g
an
ized
as
f
o
llo
w
s
:
Sect
io
n
2
s
h
o
w
s
d
i
f
f
er
en
t
t
y
p
es
o
f
X
SS
attac
k
s
.
S
ec
tio
n
3
d
is
cu
s
s
es
r
elate
d
w
o
r
k
.
I
n
Sectio
n
4
w
e
d
escr
ib
e
th
e
p
r
o
p
o
s
ed
s
o
lu
tio
n
to
p
r
ev
en
t
XSS
attac
k
s
.
I
n
Se
ctio
n
5
w
e
e
v
al
u
ated
t
h
e
p
r
o
p
o
s
ed
to
o
l.
Sectio
n
6
d
is
cu
s
s
es t
h
e
li
m
itatio
n
s
a
n
d
f
u
tu
r
e
w
o
r
k
s
.
Fi
n
all
y
,
Sectio
n
7
co
n
clu
d
es b
r
ief
l
y
.
2.
CRO
SS
-
SI
T
E
SCR
I
P
T
I
N
G
AT
T
ACK
T
YP
E
S
T
w
o
m
o
s
t
p
o
p
u
lar
XSS
attac
k
t
y
p
es
ar
e
r
e
f
lecte
d
(
No
n
-
p
e
r
s
is
te
n
t)
a
n
d
Sto
r
ed
(
P
er
s
is
te
n
t)
attac
k
s
[
4
]
.
T
h
e
p
r
o
p
o
s
ed
s
o
lu
tio
n
in
t
h
is
p
ap
er
is
ab
le
to
p
r
ev
en
t b
o
th
o
f
t
h
ese
attac
k
s
.
Evaluation Warning : The document was created with Spire.PDF for Python.
I
SS
N
:
2
0
8
8
-
8708
I
n
t J
E
lec
&
C
o
m
p
E
n
g
,
Vo
l.
9
,
No
.
2
,
A
p
r
il
201
9
:
1
3
9
3
-
1398
1394
2
.
1
.
Ref
lec
t
ed
(
n
on
-
persis
t
e
nt)
I
n
R
ef
lec
ted
XSS
attac
k
s
,
m
al
icio
u
s
s
cr
ip
t
w
ill
b
e
s
en
t
to
th
e
s
er
v
er
th
r
o
u
g
h
r
eq
u
est
an
d
s
er
v
er
w
ill
r
ef
lect
b
ac
k
t
h
at
m
alicio
u
s
co
d
e
in
r
esp
o
n
s
e.
T
h
at
m
alicio
u
s
co
d
e
w
ill
b
e
e
x
ec
u
ted
at
u
s
e
r
b
r
o
w
s
er
a
n
d
s
teal
s
u
s
er
‟
s
s
e
n
s
iti
v
e
in
f
o
r
m
atio
n
.
No
r
m
a
ll
y
R
e
f
lecte
d
attac
k
s
r
ea
c
h
u
s
er
th
r
o
u
g
h
E
-
m
ail
o
r
m
a
licio
u
s
w
eb
s
i
tes.
E
x
a
m
p
le
m
alicio
u
s
li
n
k
:
h
ttp
://e
x
a
m
p
le.
n
et/
s
ea
r
ch
p
ag
e.
p
h
p
?
s
ea
r
ch
k
e
y
w
o
r
d
=<
s
cr
ip
t>
aler
t (
"
XSS A
ttac
k
"
)
;
</scr
ip
t>
2
.
2
.
St
o
re
d (
p
er
s
is
t
ent
)
I
n
Sto
r
ed
X
SS
at
tack
s
,
m
alici
o
u
s
s
cr
ip
ts
w
ill
b
e
s
to
r
ed
p
er
m
an
e
n
tl
y
o
n
th
e
w
eb
s
er
v
er
d
atab
ase
[
5
]
.
An
attac
k
er
ca
n
i
n
j
ec
t
s
cr
ip
ts
in
a
v
u
l
n
er
ab
le
w
eb
ap
p
licatio
n
b
y
w
r
iti
n
g
m
alic
io
u
s
s
cr
i
p
ts
in
th
e
co
m
m
e
n
t
s
ec
tio
n
,
p
o
s
t
m
es
s
ag
e
s
ec
tio
n
,
etc.
W
h
en
e
v
er
a
n
o
r
m
al
u
s
er
v
is
i
ts
t
h
at
co
m
m
en
t
s
ec
tio
n
o
f
t
h
e
w
eb
s
ite,
t
h
e
n
th
o
s
e
i
n
j
ec
ted
s
cr
ip
ts
w
ill b
e
e
x
ec
u
ted
a
n
d
m
a
y
s
teal
u
s
er
‟
s
s
en
s
it
iv
e
i
n
f
o
r
m
atio
n
.
E
x
a
m
p
le:
T
h
e
attac
k
er
in
j
ec
ts
m
alicio
u
s
co
d
e
in
t
h
e
co
m
m
en
t sectio
n
i
n
th
e
v
u
ln
er
ab
le
w
eb
p
ag
e.
<scr
ip
t>
aler
t(
"
X
SS
A
ttac
k
"
)
;
</scr
ip
t>
3.
L
I
T
E
R
AT
U
RE
WO
RK
H
y
d
ar
a
et
a
l.
[
6
]
co
n
d
u
cted
a
liter
atu
r
e
s
t
u
d
y
o
n
1
1
5
r
esear
ch
p
ap
er
s
r
elate
d
to
XSS
att
ac
k
s
f
r
o
m
2
0
0
4
to
2
0
1
2
.
T
h
eir
s
tu
d
y
s
h
o
w
s
t
h
at
R
e
f
lecte
d
X
SS
a
ttack
s
ar
e
p
o
p
u
lar
XSS
attac
k
s
co
m
p
ar
ed
to
o
th
er
t
y
p
es
o
f
XSS
att
ac
k
s
.
T
h
eir
s
t
u
d
y
s
h
o
w
s
t
h
at
m
o
s
t
o
f
t
h
e
w
o
r
k
d
o
n
e
o
n
d
etec
tin
g
a
n
d
p
r
ev
en
ti
n
g
X
SS
attac
k
v
u
l
n
er
ab
ilit
ie
s
in
s
tead
o
f
r
e
m
o
v
in
g
v
u
l
n
er
ab
ilit
ie
s
f
r
o
m
s
o
u
r
ce
co
d
e.
Sh
a
n
m
u
g
as
u
n
d
ar
a
m
,
R
av
iv
a
r
m
an
,
an
d
T
h
an
g
a
v
ell
u
[
7
]
s
tated
th
at
w
eb
s
ite
s
co
n
tain
XS
S
v
u
l
n
er
ab
ilit
i
e
s
b
ec
au
s
e
d
e
v
el
o
p
er
lack
r
eq
u
ir
ed
k
n
o
w
led
g
e
o
n
X
SS
a
ttack
s
a
n
d
d
ev
el
o
p
er
s
ar
e
u
n
ab
le
to
i
m
p
le
m
en
t
e
x
is
t
in
g
s
o
l
u
tio
n
s
in
th
eir
ap
p
licatio
n
s
.
T
h
er
e
ar
e
d
if
f
er
en
t
s
o
lu
tio
n
s
e
x
is
t
to
p
r
ev
en
t
X
SS
attac
k
s
at
clien
t
-
s
id
e
a
n
d
s
er
v
er
-
s
id
e.
No
x
es:
C
lie
n
t
-
Sid
e
So
lu
t
io
n
.
Dev
elo
p
ed
b
y
Kir
d
a
et
a
l.
[
8
]
,
it
is
a
clie
n
t
-
s
id
e
w
eb
ap
p
licatio
n
f
ir
e
w
all.
No
x
es
w
o
r
k
s
o
n
a
clien
t
b
r
o
w
s
er
.
I
t
ac
t
s
as
a
p
er
s
o
n
al
f
ir
e
w
all
in
th
e
u
s
er
b
r
o
w
s
er
.
I
f
t
h
e
u
s
er
r
eq
u
ests
an
y
U
R
L
,
ch
ec
k
s
th
e
f
ilter
lis
t
to
v
al
id
ate
UR
L
b
ef
o
r
e
s
en
d
in
g
s
er
v
e
r
r
eq
u
est.
T
h
er
e
w
ill
b
e
an
aler
t
b
o
x
f
o
r
ev
er
y
n
e
w
U
R
L
to
v
a
lid
ate
th
e
U
R
L
b
y
t
h
e
u
s
er
.
T
o
av
o
id
s
o
m
a
n
y
aler
t
s
t
h
er
e
w
il
l
b
e
a
th
r
es
h
o
ld
(
k
)
,
f
o
r
ea
ch
p
a
g
e
ca
n
h
av
e
k
ex
ter
n
al
li
n
k
s
a
n
d
th
e
s
e
ar
e
co
n
s
id
er
ed
v
al
id
f
o
r
o
n
e
cl
ick
o
r
th
at
s
es
s
io
n
.
I
n
t
h
i
s
so
lu
tio
n
,
th
e
u
s
er
n
ee
d
s
to
h
a
v
e
k
n
o
w
led
g
e
o
n
d
ec
id
in
g
w
h
ic
h
UR
L
i
s
s
a
f
e
an
d
w
h
ich
i
s
n
o
t saf
e.
SW
A
P
:
Ser
v
er
-
S
id
e
So
lu
t
io
n
.
Dev
elo
p
ed
b
y
W
u
r
zin
g
er
et
a
l.
[
9
]
,
SW
A
P
m
ea
n
s
Se
cu
r
e
W
eb
A
p
p
licatio
n
P
r
o
x
y
.
I
t
is
a
r
ev
er
s
e
p
r
o
x
y
tec
h
n
iq
u
e.
I
n
p
u
t
r
eq
u
est
is
i
g
n
o
r
ed
an
d
o
n
l
y
o
u
tp
u
t
r
esp
o
n
s
es
ar
e
f
ilter
ed
to
f
i
n
d
XS
S
attac
k
s
.
I
n
w
eb
ap
p
licatio
n
‟
s
J
av
aScr
i
p
t,
it
w
il
l
m
o
d
i
f
y
co
d
e
b
y
r
e
p
lacin
g
Scr
ip
t
w
it
h
Scr
ip
t
I
d
s
(
ex
:
<scr
ip
t>
to
<scr
ip
5
>)
.
So
ex
ec
u
tab
le
J
av
aScr
ip
t
w
il
l
b
e
co
n
v
er
ted
in
to
n
o
n
-
e
x
ec
u
tab
l
e
J
av
aScr
ip
t.
W
h
il
e
s
e
n
d
in
g
a
r
esp
o
n
s
e
to
t
h
e
clie
n
t
it
c
h
ec
k
s
f
o
r
J
av
aScr
ip
t.
I
f
i
t
f
in
d
s
a
n
y
J
av
aScr
ip
t
t
h
en
it
co
n
s
id
er
ed
as
a
n
attac
k
a
n
d
i
f
th
er
e
is
n
o
J
av
a
Scr
ip
t
m
ea
n
s
s
af
e
t
h
e
n
it
w
ill
d
ec
o
d
e
all
Scr
i
p
t
I
d
s
an
d
s
e
n
d
t
h
e
r
esp
o
n
s
e
to
th
e
clie
n
t.
SW
A
P
m
a
y
n
o
t b
e
s
u
i
tab
l
e
f
o
r
ap
p
licatio
n
s
w
it
h
r
ap
id
co
d
e
ch
an
g
e
s
.
B
I
XSA
N:
Ser
v
er
-
S
id
e
So
lu
ti
o
n
.
Dev
e
lo
p
ed
b
y
C
h
a
n
d
r
a
an
d
Sel
v
a
k
u
m
ar
[
1
0
]
,
B
I
XSA
N
m
ea
n
s
B
r
o
w
s
er
I
n
d
ep
en
d
e
n
t
X
SS
San
itizer
.
B
I
XS
AN
o
n
l
y
all
o
w
s
s
tat
ic
ta
g
s
an
d
r
e
m
o
v
e
all
d
y
n
a
m
ic
tag
s
.
J
av
aScr
ip
t
test
er
i
n
B
I
XS
A
N
f
i
n
d
s
e
x
is
t
in
g
i
n
-
li
n
e
J
av
aSc
r
ip
t
co
d
e
in
s
tatic
tag
s
,
f
ilter
s
s
cr
ip
ted
tag
s
a
n
d
f
i
n
all
y
cr
ea
tes
D
OM
f
o
r
co
n
te
n
t.
T
h
at
DOM
w
ill
b
e
s
to
r
ed
in
a
d
atab
ase
o
r
r
etu
r
n
to
t
h
e
cl
ien
t.
B
I
XS
A
N
ca
n
p
r
ev
en
t
R
e
f
lecte
d
an
d
Sto
r
ed
XSS
attac
k
s
.
Do
cu
m
en
t
DO
M
w
ill
b
e
cr
ea
ted
at
s
er
v
er
-
s
i
d
e
u
s
es
th
i
s
DOM
in
th
e
clie
n
t b
r
o
w
s
er
.
E
W
A
F:
Ser
v
er
-
S
id
e
So
lu
tio
n
.
Dev
elo
p
ed
b
y
Kaz
an
av
ic
iu
s
et
a
l.
[
1
1
]
,
E
W
A
F
m
ea
n
s
E
m
b
ed
d
ed
W
eb
A
p
p
licatio
n
Fire
w
all.
E
W
A
F
w
o
r
k
s
b
ased
o
n
t
h
e
b
la
ck
lis
t
a
n
d
w
h
iteli
s
t
f
ilter
s
.
B
ased
o
n
u
s
er
r
eq
u
est
E
W
A
F
an
a
l
y
ze
w
h
ich
attac
k
s
w
er
e
p
o
s
s
ib
le
lik
e
XSS,
SQ
L
I
n
j
ec
tio
n
,
etc.
Af
ter
an
al
y
z
in
g
p
o
s
s
ib
il
ities
o
f
attac
k
s
,
t
h
e
r
eq
u
est
s
e
n
t
th
r
o
u
g
h
co
r
r
esp
o
n
d
in
g
X
SS
m
o
d
u
le
o
r
SQL
I
n
j
ec
tio
n
o
r
o
th
er
m
o
d
u
le
s
b
ased
o
n
attac
k
t
y
p
e.
T
h
en
tak
e
a
d
ec
is
io
n
w
h
et
h
er
it
is
co
m
m
o
n
r
eq
u
es
t
o
r
attac
k
r
eq
u
es
t
b
ased
o
n
r
es
u
lts
o
f
co
r
r
esp
o
n
d
in
g
attac
k
m
o
d
u
le
.
4.
I
M
AG
E
SUB
XS
S:
T
H
E
P
R
O
P
O
SE
D
T
E
CH
NI
Q
U
E
T
O
P
RE
VE
N
T
XS
S AT
T
ACK
S
4
.
1
.
O
v
er
v
ie
w
I
m
ag
e
Su
b
XS
S
is
I
m
a
g
e
S
u
b
s
t
itu
te
tec
h
n
iq
u
e
to
p
r
ev
e
n
t
C
r
o
s
s
-
Sit
e
Scr
ip
tin
g
attac
k
s
.
I
n
th
is
s
y
s
te
m
,
ch
ar
ac
ter
s
in
v
o
lv
ed
in
XS
S
attac
k
s
ar
e
r
ep
lace
d
w
it
h
co
r
r
esp
o
n
d
i
n
g
i
m
a
g
es.
Fi
g
u
r
e
1
s
h
o
w
s
th
e
I
m
ag
e
Su
b
XS
S s
y
s
te
m
o
v
er
v
ie
w
.
Evaluation Warning : The document was created with Spire.PDF for Python.
I
n
t J
E
lec
&
C
o
m
p
E
n
g
I
SS
N:
2088
-
8708
I
ma
g
eS
u
b
X
S
S
:
a
n
ima
g
e
s
u
b
s
t
itu
te
tech
n
iq
u
e
to
p
r
ev
en
t c
r
o
s
s
-
s
ite
s
c
r
ip
tin
g
a
tta
ck
s
(
P
MD
N
a
g
a
r
ju
n
)
1395
Fig
u
r
e
1
.
I
m
a
g
eS
u
b
XS
S s
y
s
te
m
o
v
er
v
ie
w
Dev
elo
p
er
s
n
ee
d
to
i
n
cl
u
d
e
s
in
g
le
I
m
a
g
eS
u
b
XSS
to
o
l
f
il
e
to
av
o
id
X
SS
attac
k
s
i
n
t
h
eir
w
eb
ap
p
licatio
n
s
.
T
h
is
to
o
l
w
ill
a
n
al
y
ze
ev
er
y
P
OST
an
d
GE
T
d
ata
at
s
er
v
er
-
s
id
e
a
n
d
ch
ec
k
s
f
o
r
m
a
licio
u
s
ch
ar
ac
ter
s
i
n
u
s
er
i
n
p
u
t
d
ata
[
1
2
]
.
I
f
th
er
e
ar
e
an
y
t
h
o
s
e
ch
ar
ac
ter
s
it
w
ill
r
ep
lace
t
h
o
s
e
ch
ar
ac
ter
s
w
i
th
co
r
r
esp
o
n
d
in
g
i
m
ag
e
s
.
Af
ter
m
o
d
i
f
icat
io
n
s
,
t
h
e
d
ata
w
ill
p
r
o
ce
ed
to
th
e
r
em
ai
n
i
n
g
ap
p
licatio
n
.
B
ased
o
n
a
w
eb
ap
p
licatio
n
t
h
at
d
ata
m
a
y
b
e
r
ef
lect
ed
b
ac
k
to
th
e
u
s
er
‟
s
b
r
o
w
s
er
o
r
s
to
r
ed
in
a
d
atab
ase.
Fig
u
r
e
2
s
h
o
w
s
h
o
w
t
h
e
in
p
u
t
d
ata
h
an
d
led
b
y
th
e
I
m
ag
e
Su
b
X
SS
s
y
s
t
e
m
b
y
s
i
m
p
l
y
co
n
s
id
er
in
g
“<
”
as
a
m
alic
io
u
s
ch
ar
ac
ter
[
1
3
]
an
d
r
e
p
lacin
g
it
w
it
h
(
lt.p
n
g
)
i
m
a
g
e
.
Fig
u
r
e
2
.
T
h
e
f
lo
w
o
f
i
n
p
u
t d
a
ta
in
I
m
a
g
eS
u
b
XSS
s
y
s
te
m
4
.
2
.
I
m
a
g
eSub
XS
S
i
m
a
g
es
I
m
ag
e
Su
b
XS
S
to
o
l
u
s
es
i
m
ag
es
to
p
r
ev
e
n
t
C
r
o
s
s
-
Sit
e
Scr
ip
tin
g
attac
k
s
.
T
h
is
to
o
l
w
il
l
ch
ec
k
m
alicio
u
s
c
h
ar
ac
ter
s
li
k
e
“
,
‟
,
(,
\
,
<,
an
d
&#
.
I
t
w
ill
r
ep
lac
e
th
o
s
e
m
alicio
u
s
c
h
ar
ac
ter
s
w
it
h
co
r
r
esp
o
n
d
in
g
i
m
a
g
es.
All
t
h
e
s
e
i
m
a
g
es
ar
e
h
ig
h
l
y
co
m
p
r
ess
ed
to
i
m
p
r
o
v
e
p
er
f
o
r
m
a
n
ce
.
Size
s
o
f
t
h
ese
i
m
ag
e
s
ar
e
b
et
w
ee
n
2
0
0
to
6
0
0
B
y
tes.
T
ab
le
1
s
h
o
w
s
t
h
e
c
h
ar
ac
ter
s
an
d
co
r
r
esp
o
n
d
in
g
i
m
ag
e
s
,
th
e
s
e
ch
ar
ac
te
r
s
ar
e
th
e
m
o
s
t
f
r
eq
u
en
t sp
ec
ial
ch
ar
ac
ter
s
i
n
v
o
lv
e
in
X
SS
attac
k
s
.
I
m
ag
e
Su
b
XS
S
to
o
l
allo
w
s
d
ev
elo
p
er
s
to
ch
o
o
s
e
d
if
f
er
en
t
co
lo
r
im
a
g
es
b
ased
o
n
th
eir
w
eb
ap
p
licatio
n
b
ac
k
g
r
o
u
n
d
.
B
lack
I
m
a
g
es
:
T
h
ese
i
m
ag
e
s
ar
e
cl
ea
r
l
y
v
i
s
ib
le
o
n
w
eb
ap
p
licati
o
n
s
w
it
h
li
g
h
t
co
lo
r
r
elate
d
b
ac
k
g
r
o
u
n
d
s
,
ch
ec
k
e
x
a
m
p
le
s
h
o
w
n
i
n
Fi
g
u
r
e
3
.
W
h
ite
I
m
a
g
es:
T
h
ese
i
m
a
g
e
s
ca
n
b
e
u
s
ed
i
n
w
eb
ap
p
licatio
n
s
w
it
h
d
ar
k
co
lo
r
r
e
lated
b
ac
k
g
r
o
u
n
d
s
,
ch
ec
k
ex
a
m
p
le
s
h
o
w
n
i
n
Fi
g
u
r
e
4
.
Fig
u
r
e
3
.
B
lack
i
m
a
g
es o
n
t
h
e
l
ig
h
t
co
lo
r
b
ac
k
g
r
o
u
n
d
Fig
u
r
e
4
.
W
h
ite
i
m
a
g
es o
n
t
h
e
d
ar
k
co
lo
r
b
ac
k
g
r
o
u
n
d
U
se
r
i
n
p
u
t
d
a
t
a
w
i
t
h
a
t
t
a
c
k
s
c
r
i
p
t
i
n
s
e
a
r
c
h
f
i
e
l
d
–
A
t
B
r
o
w
se
r
se
a
r
c
h
=
<
s
c
r
i
p
t
>
a
l
e
r
t
(
“
a
t
t
a
c
k
”
)
;
<
/
scri
p
t
>
U
se
r
i
n
p
u
t
d
a
t
a
w
i
l
l
b
e
c
o
n
v
e
r
t
e
d
i
n
t
o
b
e
l
o
w
c
o
d
e
–
A
t
S
e
r
v
e
r
$
_
P
O
S
T
[
„
se
a
r
c
h
‟]
=
<
i
mg
sr
c
=
"
l
t
.
p
n
g
"
>
scr
i
p
t
>
a
l
e
r
t
(
“
a
t
t
a
c
k
”
)
;
<
i
mg
sr
c
=
"
l
t
.
p
n
g
"
>
/
scr
i
p
t
>
P
r
o
c
e
sse
d
u
se
r
i
n
p
u
t
d
a
t
a
w
i
l
l
l
o
o
k
s l
i
k
e
b
e
l
o
w
c
o
d
e
–
A
t
B
r
o
w
se
r
se
a
r
c
h
=
scri
p
t
>
a
l
e
r
t
(
“
a
t
t
a
c
k
”
)
;
/
scri
p
t
>
I
mag
e
S
u
b
X
S
S
Evaluation Warning : The document was created with Spire.PDF for Python.
I
SS
N
:
2
0
8
8
-
8708
I
n
t J
E
lec
&
C
o
m
p
E
n
g
,
Vo
l.
9
,
No
.
2
,
A
p
r
il
201
9
:
1
3
9
3
-
1398
1396
T
ab
le
1
.
C
h
ar
ac
ter
s
an
d
C
o
r
r
esp
o
n
d
in
g
I
m
a
g
e
C
h
a
r
a
c
t
e
r
B
l
a
c
k
I
mag
e
W
h
i
t
e
I
mag
e
“
„
(
\
<
&#
4
.
3
.
T
esting
o
n r
ea
l
w
o
rld
web
a
pp
lica
t
io
n
W
e
test
ed
w
eb
ap
p
licatio
n
with
o
u
r
p
r
o
p
o
s
ed
s
y
s
te
m
.
I
m
ag
eS
u
b
XSS
i
s
ab
le
to
p
r
ev
en
t
all
X
S
S
attac
k
s
.
W
e
i
m
p
le
m
en
ted
t
h
e
s
y
s
te
m
in
P
HP
p
r
o
g
r
am
m
i
n
g
la
n
g
u
a
g
e
b
u
t
i
t
ca
n
b
e
i
m
p
le
m
en
ted
i
n
a
n
y
lan
g
u
a
g
e
a
n
d
ca
n
b
e
u
s
ed
o
n
an
y
w
eb
ap
p
licatio
n
.
A
s
a
d
e
v
elo
p
er
,
th
e
y
n
ee
d
to
i
n
cl
u
d
e
I
m
ag
e
Su
b
XS
S
to
o
l
f
ile.
So
t
h
e
o
n
l
y
m
o
d
i
f
icatio
n
r
eq
u
ir
ed
to
i
m
p
le
m
e
n
t
I
m
a
g
eS
u
b
XSS
in
e
x
i
s
ti
n
g
w
eb
a
p
p
licatio
n
is
to
ad
d
b
elo
w
co
d
e
at
b
eg
in
n
in
g
o
f
P
HP
f
ile,
w
h
ic
h
h
a
n
d
les
u
s
er
i
n
p
u
t d
ata.
<?
p
h
p
//In
p
u
t d
a
ta
in
th
is
file is filter
ed
b
y
I
ma
g
eS
u
b
X
S
S
to
ol
in
cl
u
d
e
"
I
ma
g
e
S
u
b
X
S
S
.
p
h
p
"
;
…
//Re
ma
in
in
g
co
d
e
ma
y
co
n
ta
in
co
d
e
to
s
h
o
w
d
a
ta
to
u
s
er o
r
//s
to
r
e
d
a
ta
in
d
a
ta
b
a
s
e
?>
Fro
m
th
e
ab
o
v
e
co
d
e
,
I
m
ag
e
Su
b
XS
S.p
h
p
f
ile
co
n
tai
n
s
f
u
n
ctio
n
s
to
f
il
ter
an
d
r
ep
lace
m
alicio
u
s
ch
ar
ac
ter
s
w
i
th
co
r
r
esp
o
n
d
in
g
i
m
a
g
es
.
Fi
g
u
r
e
5
s
h
o
w
s
a
web
p
ag
e
w
it
h
o
u
t
an
y
XSS
s
ec
u
r
it
y
an
d
F
ig
u
r
e
6
s
h
o
w
s
a
w
eb
p
ag
e
w
it
h
t
h
e
I
m
ag
eS
u
b
XSS
s
y
s
te
m
to
p
r
ev
en
t
XSS attac
k
s
.
Fig
u
r
e
5
.
A
w
eb
p
ag
e
w
it
h
o
u
t
an
y
X
SS
s
ec
u
r
it
y
m
ea
s
u
r
es
Fig
u
r
e
6
.
A
w
eb
p
ag
e
w
it
h
an
I
m
ag
e
Su
b
XS
S
s
ec
u
r
it
y
s
y
s
te
m
5.
E
VA
L
UA
T
I
O
N
W
e
m
an
u
all
y
te
s
ted
an
d
v
er
i
f
ied
o
u
r
s
o
lu
t
io
n
w
i
th
m
o
r
e
t
h
an
1
0
0
XSS
attac
k
s
[
1
4
]
f
r
o
m
d
i
f
f
er
e
n
t
s
o
u
r
ce
s
li
k
e
OW
S
A
P
X
SS
Fi
lter
E
v
asio
n
C
h
ea
t
S
h
ee
t
[
1
5
]
etc.
I
m
ag
e
Su
b
X
SS
s
y
s
te
m
ab
le
to
p
r
ev
en
t
all
attac
k
v
ec
to
r
s
w
i
th
1
0
0
%
p
r
ev
en
t
io
n
r
ate,
F
ig
u
r
e
7
a
n
d
F
ig
u
r
e
8
s
h
o
w
s
e
x
a
m
p
le
X
SS
attac
k
v
ec
to
r
s
.
I
m
ag
e
Su
b
XS
S
w
ill
n
o
t b
r
ea
k
t
h
e
w
eb
ap
p
licatio
n
lo
o
k
ev
e
n
i
f
th
er
e
i
s
an
XS
S a
ttac
k
.
Evaluation Warning : The document was created with Spire.PDF for Python.
I
n
t J
E
lec
&
C
o
m
p
E
n
g
I
SS
N:
2088
-
8708
I
ma
g
eS
u
b
X
S
S
:
a
n
ima
g
e
s
u
b
s
t
itu
te
tech
n
iq
u
e
to
p
r
ev
en
t c
r
o
s
s
-
s
ite
s
c
r
ip
tin
g
a
tta
ck
s
(
P
MD
N
a
g
a
r
ju
n
)
1397
Fig
u
r
e
7
.
XSS
attac
k
1
an
d
co
r
r
esp
o
n
d
in
g
I
m
ag
e
Su
b
XS
S o
u
tp
u
t
Fig
u
r
e
8
.
XSS
attac
k
2
an
d
co
r
r
esp
o
n
d
in
g
I
m
ag
e
Su
b
XS
S
o
u
tp
u
t
6.
L
I
M
I
T
AT
I
O
NS A
N
D
F
UT
U
RE
WO
RK
I
m
ag
e
Su
b
XS
S
s
y
s
te
m
ca
n
b
e
i
m
p
le
m
en
ted
in
to
ex
is
ti
n
g
w
e
b
ap
p
licatio
n
w
i
th
a
s
i
n
g
le
li
n
e
o
f
co
d
e
b
u
t
s
o
m
eti
m
e
s
d
ev
elo
p
er
s
n
ee
d
to
c
o
n
f
i
g
u
r
e
p
r
o
p
er
ly
to
in
te
g
r
ate
th
i
s
s
o
lu
tio
n
in
to
th
eir
web
ap
p
lic
atio
n
s
.
I
f
d
ev
elo
p
er
s
h
av
e
t
h
eir
o
w
n
X
S
S
p
r
ev
en
tio
n
f
u
n
ctio
n
s
th
o
s
e
n
ee
d
to
b
e
ex
ec
u
ted
f
ir
s
t
o
th
er
w
i
s
e
I
m
a
g
eS
u
b
XSS
m
a
y
ca
u
s
e
p
r
o
b
le
m
s
w
h
ile
h
a
n
d
lin
g
u
s
er
d
ata.
C
o
m
p
ar
ed
to
lar
g
e
an
d
co
m
p
lex
w
eb
ap
p
licatio
n
s
p
r
o
p
o
s
ed
s
o
lu
tio
n
w
o
r
k
s
m
o
s
t e
f
f
ec
tiv
el
y
o
n
s
m
al
l a
n
d
s
i
m
p
le
w
eb
ap
p
licatio
n
s
.
C
u
r
r
en
tl
y
,
I
m
a
g
e
S
u
b
s
tit
u
te
s
y
s
te
m
to
p
r
ev
e
n
t
X
SS
attac
k
s
w
as
i
m
p
le
m
e
n
ted
in
P
HP
,
s
o
it
o
n
l
y
s
u
p
p
o
r
ts
P
HP
w
eb
ap
p
licatio
n
s
.
W
e
ar
e
w
o
r
k
i
n
g
o
n
i
m
p
le
m
en
tatio
n
s
i
n
o
t
h
er
p
r
o
g
r
a
m
m
i
n
g
la
n
g
u
a
g
es
lik
e
J
av
a,
P
y
t
h
o
n
,
A
SP
,
etc.
I
m
ag
e
Su
b
XS
S s
y
s
te
m
s
h
o
w
s
n
e
g
li
g
i
b
le
p
er
f
o
r
m
an
ce
is
s
u
e
s
w
h
ile
h
an
d
li
n
g
lar
g
e
u
s
er
in
p
u
t d
ata
7.
CO
NCLU
SI
O
N
W
eb
ap
p
licatio
n
s
ar
e
g
r
o
w
in
g
r
ap
id
l
y
.
C
r
o
s
s
-
Sit
e
Scr
ip
tin
g
attac
k
s
ar
e
p
o
p
u
lar
w
eb
ap
p
licatio
n
attac
k
s
,
X
SS
attac
k
s
ar
e
d
if
f
i
cu
lt
to
p
r
ev
en
t.
P
r
ev
io
u
s
s
o
lu
tio
n
s
h
av
e
d
i
f
f
ic
u
lt
ies
i
n
in
te
g
r
atin
g
i
n
to
ex
i
s
ti
n
g
w
eb
s
i
tes.
I
m
ag
e
S
u
b
s
tit
u
te
T
ec
h
n
iq
u
e
n
a
m
ed
I
m
a
g
e
S
u
b
X
SS
w
a
s
p
r
o
p
o
s
ed
to
p
r
ev
en
t
C
r
o
s
s
-
Sit
e
Scr
ip
ti
n
g
attac
k
s
i
n
w
eb
ap
p
licatio
n
s
.
I
m
ag
e
Su
b
X
SS
ca
n
b
e
in
teg
r
ate
d
in
to
ex
is
ti
n
g
w
eb
s
ites
w
i
th
a
s
in
g
le
li
n
e
o
f
co
d
e.
I
m
ag
e
Su
b
XS
S
i
s
m
o
s
t
e
f
f
ec
ti
v
e
i
n
s
i
m
p
le
w
eb
ap
p
licatio
n
s
.
O
u
r
ev
a
lu
at
io
n
s
h
o
w
s
t
h
at
I
m
ag
e
Su
b
XS
S
ca
n
p
r
ev
en
t e
v
er
y
p
o
s
s
ib
le
XS
S a
t
tack
ex
i
s
ted
o
n
p
o
p
u
lar
XSS
C
h
ea
t
Sh
ee
t
s
.
Evaluation Warning : The document was created with Spire.PDF for Python.
I
SS
N
:
2
0
8
8
-
8708
I
n
t J
E
lec
&
C
o
m
p
E
n
g
,
Vo
l.
9
,
No
.
2
,
A
p
r
il
201
9
:
1
3
9
3
-
1398
1398
RE
F
E
R
E
NC
E
S
[1
]
S
.
G
u
p
ta
a
n
d
B.
B.
G
u
p
ta,
“
Cro
ss
-
S
it
e
S
c
rip
ti
n
g
(XSS
)
A
tt
a
c
k
s
a
n
d
De
f
e
n
se
M
e
c
h
a
n
ism
s:
Clas
si
f
ic
a
ti
o
n
a
n
d
St
a
te
-
of
-
th
e
-
a
rt,
”
In
ter
n
a
ti
o
n
a
l
J
o
u
r
n
a
l
o
f
S
y
ste
m
Assu
ra
n
c
e
En
g
in
e
e
rin
g
a
n
d
M
a
n
a
g
e
me
n
t
,
v
o
l
.
8
(
1
)
,
p
p
.
5
1
2
–
5
3
0
,
Ja
n
2
0
1
7
.
[2
]
B.
Re
x
h
a
,
A
.
Ha
li
li
,
K.
Rrm
o
k
u
,
a
n
d
D.
Im
e
ra
j,
“
I
m
p
a
c
t
o
f
S
e
c
u
re
P
ro
g
ra
m
m
in
g
on
W
e
b
A
p
p
li
c
a
ti
o
n
V
u
l
n
e
ra
b
il
i
ti
e
s
,
”
in
2
0
1
5
IEE
E
I
n
ter
n
a
ti
o
n
a
l
Co
n
fer
e
n
c
e
o
n
Co
mp
u
ter
Gr
a
p
h
ics
,
Vi
sio
n
a
n
d
In
fo
r
ma
ti
o
n
S
e
c
u
rity
(
CGVIS
)
,
p
p
.
6
1
–
6
6
,
2
0
1
5
.
[3
]
G
.
P
o
d
jarn
y
,
“
X
S
S
A
tt
a
c
k
s: T
h
e
Ne
x
t
Wav
e
|
S
n
y
k
,
”
S
n
y
k
,
0
8
-
Ju
n
-
2
0
1
7
.
[
On
li
n
e
].
Av
a
il
a
b
le:
h
tt
p
s://
s
n
y
k
.
io
/b
lo
g
/x
ss
-
a
tt
a
c
k
s
-
th
e
-
n
e
x
t
-
wa
v
e
.
[4
]
V
.
Nit
h
y
a
,
S
.
L
.
P
a
n
d
ian
,
a
n
d
C.
M
a
larv
izh
i,
“
A
S
u
rv
e
y
on
De
tec
ti
o
n
a
n
d
P
re
v
e
n
ti
o
n
o
f
Cro
s
s
-
site
S
c
rip
ti
n
g
A
tt
a
c
k
,
”
In
ter
n
a
ti
o
n
a
l
J
o
u
r
n
a
l
o
f
S
e
c
u
rity a
n
d
Its
Ap
p
li
c
a
t
io
n
s
,
v
o
l.
9
(
3
)
,
p
p
.
1
3
9
-
1
5
2
,
2
0
1
5
.
[5
]
X
.
L
i
a
n
d
Y.
Xu
e
,
“
A
S
u
rv
e
y
o
n
S
e
rv
e
r
-
sid
e
A
p
p
ro
a
c
h
e
s
to
S
e
c
u
ri
n
g
W
e
b
A
p
p
li
c
a
ti
o
n
s,”
ACM
Co
mp
u
t.
S
u
rv
.
,
v
o
l
.
46(
4
)
,
p
p
.
5
4
:1
–
5
4
:
2
9
,
M
a
r
2
0
1
4
.
[6
]
I.
H
y
d
a
ra
,
A
.
B.
S
u
lt
a
n
,
H.
Zu
l
z
a
li
l,
a
n
d
N.
A
d
m
o
d
isa
stro
,
“
Cu
rre
n
t
St
a
te
o
f
R
e
se
a
rc
h
o
n
Cro
s
s
-
site
S
c
rip
ti
n
g
(X
S
S
)
–
A
S
y
ste
m
a
ti
c
L
it
e
ra
tu
re
Re
v
ie
w
,
”
In
fo
rm
a
ti
o
n
a
n
d
S
o
ft
wa
re
T
e
c
h
n
o
l
o
g
y
,
v
o
l
.
5
8
,
p
p
.
1
7
0
–
1
8
6
,
F
e
b
2
0
1
5
.
[7
]
G
.
S
h
a
n
m
u
g
a
su
n
d
a
ra
m
,
S
.
Ra
v
i
v
a
r
m
a
n
,
a
n
d
P
.
T
h
a
n
g
a
v
e
ll
u
,
“
A
S
tu
d
y
on
Re
m
o
v
a
l
Tec
h
n
iq
u
e
s
o
f
Cro
ss
-
S
it
e
S
c
rip
ti
n
g
f
ro
m
Web
A
p
p
li
c
a
ti
o
n
s
,
”
in
2
0
1
5
I
n
ter
n
a
ti
o
n
a
l
Co
n
fer
e
n
c
e
o
n
C
o
mp
u
ta
ti
o
n
o
f
P
o
we
r,
En
e
rg
y
,
In
fo
rm
a
t
io
n
a
n
d
Co
mm
u
n
ica
ti
o
n
(
ICCPE
IC
)
,
p
p
.
0
4
3
6
–
0
4
4
2
,
2
0
1
5
.
[8
]
E.
Kird
a
,
C
.
Kr
u
e
g
e
l,
G
.
V
ig
n
a
,
a
n
d
N.
Jo
v
a
n
o
v
ic,
“
No
x
e
s:
A
Cli
e
n
t
-
si
d
e
S
o
lu
ti
o
n
f
o
r
M
it
ig
a
ti
n
g
Cro
ss
-
site
S
c
rip
ti
n
g
A
tt
a
c
k
s,”
in
Pro
c
e
e
d
in
g
s
o
f
t
h
e
2
0
0
6
ACM
S
y
mp
o
siu
m
o
n
Ap
p
li
e
d
C
o
mp
u
ti
n
g
,
Dijo
n
,
F
ra
n
c
e
,
p
p
.
3
3
0
–
3
3
7
,
2
0
0
6
.
[9
]
P
.
W
u
rz
in
g
e
r,
C.
P
latz
e
r,
C.
L
u
d
l,
E.
Kird
a
,
a
n
d
C.
Kru
e
g
e
l,
“
S
WA
P
:
M
i
ti
g
a
ti
n
g
X
S
S
A
tt
a
c
k
s
Us
in
g
a
Re
v
e
rse
P
r
o
x
y
,
”
in
Pro
c
e
e
d
in
g
s
o
f
t
h
e
2
0
0
9
ICS
E
W
o
rk
sh
o
p
o
n
S
o
ft
w
a
re
En
g
in
e
e
rin
g
fo
r
S
e
c
u
re
S
y
ste
ms
,
p
p
.
3
3
–
3
9
,
2
0
0
9
.
[1
0
]
S
.
C.
V
.
a
n
d
S
.
S
e
lv
a
k
u
m
a
r,
“
B
IX
S
A
N:
Bro
w
se
r
In
d
e
p
e
n
d
e
n
t
X
S
S
S
a
n
it
ize
r
f
o
r
P
re
v
e
n
t
io
n
o
f
X
S
S
A
tt
a
c
k
s,”
S
IGS
OFT
S
o
ft
w.
E
n
g
.
No
tes
,
v
o
l.
3
6
(
5
),
p
p
.
1
–
7
,
S
e
p
2
0
1
1
.
[1
1
]
E.
Ka
z
a
n
a
v
iciu
s,
V
.
Ka
z
a
n
a
v
iciu
s,
A
.
V
e
n
c
k
a
u
sk
a
s,
a
n
d
R.
P
a
sk
e
v
iciu
s,
“
S
e
c
u
rin
g
W
e
b
A
p
p
li
c
a
ti
o
n
b
y
E
m
b
e
d
d
e
d
F
irew
a
ll
,
”
El
e
k
tro
n
ika
ir
El
e
k
tro
t
e
c
h
n
ika
,
v
o
l
.
1
1
9
(
3
),
p
p
.
6
5
–
6
8
,
M
a
r
2
0
1
2
.
[1
2
]
T
.
S
c
h
o
lt
e
,
W
.
Ro
b
e
rtso
n
,
D.
Ba
l
z
a
ro
tt
i,
a
n
d
E.
Kird
a
,
“
A
n
Em
p
iri
c
a
l
A
n
a
l
y
sis
o
f
In
p
u
t
V
a
li
d
a
ti
o
n
M
e
c
h
a
n
ism
s
in
W
e
b
A
p
p
li
c
a
ti
o
n
s
a
n
d
L
a
n
g
u
a
g
e
s,”
in
Pro
c
e
e
d
in
g
s
o
f
th
e
2
7
th
A
n
n
u
a
l
ACM
S
y
mp
o
si
u
m
o
n
Ap
p
li
e
d
Co
mp
u
t
in
g
,
T
re
n
to
,
Ita
ly
,
p
p
.
1
4
1
9
–
1
4
2
6
,
2
0
1
2
.
[1
3
]
A
.
Ja
v
e
d
a
n
d
J.
S
c
h
w
e
n
k
,
“
S
y
ste
m
a
ti
c
a
ll
y
Bre
a
k
in
g
On
li
n
e
W
YSIW
Y
G
Ed
it
o
rs,”
in
I
n
f
o
rm
a
ti
o
n
S
e
c
u
rit
y
Ap
p
li
c
a
ti
o
n
s
,
p
p
.
1
2
2
–
1
3
3
,
2
0
1
5
.
[1
4
]
R.
A
ss
is
,
“
X
S
S
Ch
e
a
t
S
h
e
e
t
,”
L
e
a
n
p
u
b
,
2
0
1
8
.
[1
5
]
OWA
S
P
,
“
XSS
F
il
ter E
v
a
sio
n
Ch
e
a
t
S
h
e
e
t
-
OWA
S
P
.
”
[
On
l
in
e
]
.
Av
a
il
a
b
le:
h
tt
p
s://
w
ww
.
o
wa
sp
.
o
rg
/i
n
d
e
x
.
p
h
p
/
X
S
S
_
F
il
ter_
Ev
a
sio
n
_
Ch
e
a
t_
S
h
e
e
t.
Evaluation Warning : The document was created with Spire.PDF for Python.