Add reference for window.name property
This commit is contained in:
parent
51f79405b1
commit
5c7c0a9a7a
32
methods.tex
32
methods.tex
@ -193,22 +193,22 @@ individual parts to be altered when a specific event happens (e.g., user
|
||||
interaction). Furthermore, each object has properties which are either applied to
|
||||
all \gls{HTML} elements or only to a subset of all elements.
|
||||
|
||||
One useful property for tracking purposes is the \texttt{window.name} property.
|
||||
Its original intention was to allow client-side JavaScript to get or set the
|
||||
name of the current window. Since windows do not have to have names, the
|
||||
window.name property is being used mostly for setting targets for hyperlinks and
|
||||
forms. Modern browsers allow storing up to two megabytes of data in the
|
||||
window.name property, which makes it a viable option for using it as a data
|
||||
storage or---more specifically---maintaining session variables. In order to
|
||||
store multiple variables in the window.name property, the values have first to
|
||||
be packed in some way because only a single string is allowed. A \gls{JSON}
|
||||
stringifier converts a normal string into a \gls{JSON} string which is then
|
||||
ready to be stored in the \gls{DOM} property. Additionally, serializers can also
|
||||
convert JavaScript objects into a \gls{JSON} string. Normally JavaScript's
|
||||
same-origin policy prohibits making requests to servers in another domain, but
|
||||
the window.name property is accessible from other domains and resistant to page
|
||||
reloads. Maintaining a session across domains and without cookies is therefore
|
||||
possible and multiple implementations exist
|
||||
One useful property for tracking purposes is the \texttt{window.name} property
|
||||
\cite{whatwgWindowNameHTML2020}. Its original intention was to allow
|
||||
client-side JavaScript to get or set the name of the current window. Since
|
||||
windows do not have to have names, the window.name property is being used mostly
|
||||
for setting targets for hyperlinks and forms. Modern browsers allow storing up
|
||||
to two megabytes of data in the window.name property, which makes it a viable
|
||||
option for using it as a data storage or---more specifically---maintaining
|
||||
session variables. In order to store multiple variables in the window.name
|
||||
property, the values have first to be packed in some way because only a single
|
||||
string is allowed. A \gls{JSON} stringifier converts a normal string into a
|
||||
\gls{JSON} string which is then ready to be stored in the \gls{DOM} property.
|
||||
Additionally, serializers can also convert JavaScript objects into a \gls{JSON}
|
||||
string. Normally JavaScript's same-origin policy prohibits making requests to
|
||||
servers in another domain, but the window.name property is accessible from other
|
||||
domains and resistant to page reloads. Maintaining a session across domains and
|
||||
without cookies is therefore possible and multiple implementations exist
|
||||
\cite{frankSessionVariablesCookies2008,zypWindowNameTransport2008}.
|
||||
|
||||
\section{Storage-based Tracking Methods}
|
||||
|
||||
@ -1546,6 +1546,16 @@ The goal of the DOM specification is to define a programmatic interface for XML
|
||||
note = {Accessed 2020-02-27}
|
||||
}
|
||||
|
||||
@misc{whatwgWindowNameHTML2020,
|
||||
title = {Window.Name - {{HTML Standard}}},
|
||||
author = {WHATWG},
|
||||
year = {2020},
|
||||
month = aug,
|
||||
url = {https://html.spec.whatwg.org/multipage/window-object.html\#dom-name},
|
||||
urldate = {2020-08-10},
|
||||
note = {Accessed 2020-08-07}
|
||||
}
|
||||
|
||||
@inproceedings{wondracekPracticalAttackDeanonymize2010,
|
||||
title = {A {{Practical Attack}} to {{De}}-Anonymize {{Social Network Users}}},
|
||||
booktitle = {2010 {{IEEE Symposium}} on {{Security}} and {{Privacy}}},
|
||||
@ -1598,9 +1608,10 @@ The goal of the DOM specification is to define a programmatic interface for XML
|
||||
year = {2008},
|
||||
month = jul,
|
||||
url = {https://www.sitepen.com/blog/windowname-transport/},
|
||||
urldate = {2020-02-10},
|
||||
urldate = {2020-08-10},
|
||||
abstract = {The window.name transport is a new technique for secure cross-domain browser based data transfer, and can be utilized for creating secure mashups with untrusted sources. window.name is implemented in Dojo in the new dojox.io.windowName module, and it is very easy to make web services available through the window.name protocol. window.name works by loading a cross-domain \ldots},
|
||||
journal = {SitePen}
|
||||
journal = {SitePen},
|
||||
note = {Accessed 2020-08-10}
|
||||
}
|
||||
|
||||
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user