zenon/bachelorarbeit
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Add reference for window.name property

Browse Source
This commit is contained in:
Tobias Eidelpes 2020-08-10 18:12:47 +02:00
parent 51f79405b1
commit 5c7c0a9a7a
2 changed files with 29 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
methods.tex
View File

@ -193,22 +193,22 @@ individual parts to be altered when a specific event happens (e.g., user
interaction). Furthermore, each object has properties which are either applied to interaction). Furthermore, each object has properties which are either applied to
all \gls{HTML} elements or only to a subset of all elements. all \gls{HTML} elements or only to a subset of all elements.
One useful property for tracking purposes is the \texttt{window.name} property. One useful property for tracking purposes is the \texttt{window.name} property
Its original intention was to allow client-side JavaScript to get or set the \cite{whatwgWindowNameHTML2020}. Its original intention was to allow
name of the current window. Since windows do not have to have names, the client-side JavaScript to get or set the name of the current window. Since
window.name property is being used mostly for setting targets for hyperlinks and windows do not have to have names, the window.name property is being used mostly
forms. Modern browsers allow storing up to two megabytes of data in the for setting targets for hyperlinks and forms. Modern browsers allow storing up
window.name property, which makes it a viable option for using it as a data to two megabytes of data in the window.name property, which makes it a viable
storage or---more specifically---maintaining session variables. In order to option for using it as a data storage or---more specifically---maintaining
store multiple variables in the window.name property, the values have first to session variables. In order to store multiple variables in the window.name
be packed in some way because only a single string is allowed. A \gls{JSON} property, the values have first to be packed in some way because only a single
stringifier converts a normal string into a \gls{JSON} string which is then string is allowed. A \gls{JSON} stringifier converts a normal string into a
ready to be stored in the \gls{DOM} property. Additionally, serializers can also \gls{JSON} string which is then ready to be stored in the \gls{DOM} property.
convert JavaScript objects into a \gls{JSON} string. Normally JavaScript's Additionally, serializers can also convert JavaScript objects into a \gls{JSON}
same-origin policy prohibits making requests to servers in another domain, but string. Normally JavaScript's same-origin policy prohibits making requests to
the window.name property is accessible from other domains and resistant to page servers in another domain, but the window.name property is accessible from other
reloads. Maintaining a session across domains and without cookies is therefore domains and resistant to page reloads. Maintaining a session across domains and
possible and multiple implementations exist without cookies is therefore possible and multiple implementations exist
\cite{frankSessionVariablesCookies2008,zypWindowNameTransport2008}. \cite{frankSessionVariablesCookies2008,zypWindowNameTransport2008}.
\section{Storage-based Tracking Methods} \section{Storage-based Tracking Methods}

15
references.bib
View File

@ -1546,6 +1546,16 @@ The goal of the DOM specification is to define a programmatic interface for XML
note = {Accessed 2020-02-27} note = {Accessed 2020-02-27}
} }
@misc{whatwgWindowNameHTML2020,
title = {Window.Name - {{HTML Standard}}},
author = {WHATWG},
year = {2020},
month = aug,
url = {https://html.spec.whatwg.org/multipage/window-object.html\#dom-name},
urldate = {2020-08-10},
note = {Accessed 2020-08-07}
}
@inproceedings{wondracekPracticalAttackDeanonymize2010, @inproceedings{wondracekPracticalAttackDeanonymize2010,
title = {A {{Practical Attack}} to {{De}}-Anonymize {{Social Network Users}}}, title = {A {{Practical Attack}} to {{De}}-Anonymize {{Social Network Users}}},
booktitle = {2010 {{IEEE Symposium}} on {{Security}} and {{Privacy}}}, booktitle = {2010 {{IEEE Symposium}} on {{Security}} and {{Privacy}}},
@ -1598,9 +1608,10 @@ The goal of the DOM specification is to define a programmatic interface for XML
year = {2008}, year = {2008},
month = jul, month = jul,
url = {https://www.sitepen.com/blog/windowname-transport/}, url = {https://www.sitepen.com/blog/windowname-transport/},
urldate = {2020-02-10}, urldate = {2020-08-10},
abstract = {The window.name transport is a new technique for secure cross-domain browser based data transfer, and can be utilized for creating secure mashups with untrusted sources. window.name is implemented in Dojo in the new dojox.io.windowName module, and it is very easy to make web services available through the window.name protocol. window.name works by loading a cross-domain \ldots}, abstract = {The window.name transport is a new technique for secure cross-domain browser based data transfer, and can be utilized for creating secure mashups with untrusted sources. window.name is implemented in Dojo in the new dojox.io.windowName module, and it is very easy to make web services available through the window.name protocol. window.name works by loading a cross-domain \ldots},
journal = {SitePen} journal = {SitePen},
note = {Accessed 2020-08-10}
} }