{"bundle_type":"pith_open_graph_bundle","bundle_version":"1.0","pith_number":"pith:2018:7CFSB5EQVVTC522UGLQ5QKFRCG","short_pith_number":"pith:7CFSB5EQ","canonical_record":{"source":{"id":"1804.01862","kind":"arxiv","version":1},"metadata":{"license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.CR","submitted_at":"2018-04-03T01:16:58Z","cross_cats_sorted":[],"title_canon_sha256":"aa1774db0d699bc5a0afa3abecab577fc1a15b59b5e84e8042db2f2c6801e7c7","abstract_canon_sha256":"eb93708e508c6f26c3ddec9c58701049132644507d65bb443795227a18dcc6bd"},"schema_version":"1.0"},"canonical_sha256":"f88b20f490ad662eeb5432e1d828b111ab5305b630de0a1692502b8cf91e4bb7","source":{"kind":"arxiv","id":"1804.01862","version":1},"source_aliases":[{"alias_kind":"arxiv","alias_value":"1804.01862","created_at":"2026-05-18T00:19:09Z"},{"alias_kind":"arxiv_version","alias_value":"1804.01862v1","created_at":"2026-05-18T00:19:09Z"},{"alias_kind":"doi","alias_value":"10.48550/arxiv.1804.01862","created_at":"2026-05-18T00:19:09Z"},{"alias_kind":"pith_short_12","alias_value":"7CFSB5EQVVTC","created_at":"2026-05-18T12:32:11Z"},{"alias_kind":"pith_short_16","alias_value":"7CFSB5EQVVTC522U","created_at":"2026-05-18T12:32:11Z"},{"alias_kind":"pith_short_8","alias_value":"7CFSB5EQ","created_at":"2026-05-18T12:32:11Z"}],"events":[{"event_type":"record_created","subject_pith_number":"pith:2018:7CFSB5EQVVTC522UGLQ5QKFRCG","target":"record","payload":{"canonical_record":{"source":{"id":"1804.01862","kind":"arxiv","version":1},"metadata":{"license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.CR","submitted_at":"2018-04-03T01:16:58Z","cross_cats_sorted":[],"title_canon_sha256":"aa1774db0d699bc5a0afa3abecab577fc1a15b59b5e84e8042db2f2c6801e7c7","abstract_canon_sha256":"eb93708e508c6f26c3ddec9c58701049132644507d65bb443795227a18dcc6bd"},"schema_version":"1.0"},"canonical_sha256":"f88b20f490ad662eeb5432e1d828b111ab5305b630de0a1692502b8cf91e4bb7","receipt":{"kind":"pith_receipt","key_id":"pith-v1-2026-05","algorithm":"ed25519","signed_at":"2026-05-18T00:19:09.687685Z","signature_b64":"rsRZJlq7GEILziWGyYrQlYn7VQxJvF+B/xXpUjJC/IU/KECEdYYVf+N2gtTPZaDVf6d9Zqh8MDm/9XI9bwF8Dw==","signed_message":"canonical_sha256_bytes","builder_version":"pith-number-builder-2026-05-17-v1","receipt_version":"0.3","canonical_sha256":"f88b20f490ad662eeb5432e1d828b111ab5305b630de0a1692502b8cf91e4bb7","last_reissued_at":"2026-05-18T00:19:09.686443Z","signature_status":"signed_v1","first_computed_at":"2026-05-18T00:19:09.686443Z","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54"},"source_kind":"arxiv","source_id":"1804.01862","source_version":1,"attestation_state":"computed"},"signer":{"signer_id":"pith.science","signer_type":"pith_registry","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54"},"created_at":"2026-05-18T00:19:09Z","supersedes":[],"prev_event":null,"signature":{"signature_status":"signed_v1","algorithm":"ed25519","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signature_b64":"qZz73on2+zMlXmuuZOuhsMayrRQ1qNk3YG7woumDbvAKCvgsA0+UDWX1HxHsICBsW82GNeS8hKqY5PGlxJo7AQ==","signed_message":"open_graph_event_sha256_bytes","signed_at":"2026-05-29T15:10:58.501824Z"},"content_sha256":"ead1de9a07c9a9fd9ebe2dc3de487ed9779ea37bed67efc4aa771bff29ae3fea","schema_version":"1.0","event_id":"sha256:ead1de9a07c9a9fd9ebe2dc3de487ed9779ea37bed67efc4aa771bff29ae3fea"},{"event_type":"graph_snapshot","subject_pith_number":"pith:2018:7CFSB5EQVVTC522UGLQ5QKFRCG","target":"graph","payload":{"graph_snapshot":{"paper":{"title":"Automated Detecting and Repair of Cross-Site Scripting Vulnerabilities","license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","headline":"","cross_cats":[],"primary_cat":"cs.CR","authors_text":"Bei-Tseng Chu, Heather Richter Lipford, Mahmoud Mohammadi","submitted_at":"2018-04-03T01:16:58Z","abstract_excerpt":"The best practice to prevent Cross Site Scripting (XSS) attacks is to apply encoders to sanitize untrusted data. To balance security and functionality, encoders should be applied to match the web page context, such as HTML body, JavaScript, and style sheets. A common programming error is the use of a wrong type of encoder to sanitize untrusted data, leaving the application vulnerable. We present a security unit testing approach to detect XSS vulnerabilities caused by improper encoding of untrusted data. Unit tests for the XSS vulnerability are constructed out of each web page and then evaluate"},"claims":{"count":0,"items":[],"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"source":{"id":"1804.01862","kind":"arxiv","version":1},"verdict":{"id":null,"model_set":{},"created_at":null,"strongest_claim":"","one_line_summary":"","pipeline_version":null,"weakest_assumption":"","pith_extraction_headline":""},"references":{"count":0,"sample":[],"resolved_work":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57","internal_anchors":0},"formal_canon":{"evidence_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"author_claims":{"count":0,"strong_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"builder_version":"pith-number-builder-2026-05-17-v1"},"verdict_id":null},"signer":{"signer_id":"pith.science","signer_type":"pith_registry","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54"},"created_at":"2026-05-18T00:19:09Z","supersedes":[],"prev_event":null,"signature":{"signature_status":"signed_v1","algorithm":"ed25519","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signature_b64":"gF4c247N8zd1FZLcjfTrM+GnNrgT40H7uxSTFEHSd/T03U53QAiczbPzNNe09FIpspRXs6l5VW8uyKTJnk7HCQ==","signed_message":"open_graph_event_sha256_bytes","signed_at":"2026-05-29T15:10:58.502468Z"},"content_sha256":"6051d37e084eb46ab484f74c300382ef6923bd6db66f3cac2982c039c85f02dd","schema_version":"1.0","event_id":"sha256:6051d37e084eb46ab484f74c300382ef6923bd6db66f3cac2982c039c85f02dd"}],"timestamp_proofs":[],"mirror_hints":[{"mirror_type":"https","name":"Pith Resolver","base_url":"https://pith.science","bundle_url":"https://pith.science/pith/7CFSB5EQVVTC522UGLQ5QKFRCG/bundle.json","state_url":"https://pith.science/pith/7CFSB5EQVVTC522UGLQ5QKFRCG/state.json","well_known_bundle_url":"https://pith.science/.well-known/pith/7CFSB5EQVVTC522UGLQ5QKFRCG/bundle.json","status":"primary"}],"public_keys":[{"key_id":"pith-v1-2026-05","algorithm":"ed25519","format":"raw","public_key_b64":"stVStoiQhXFxp4s2pdzPNoqVNBMojDU/fJ2db5S3CbM=","public_key_hex":"b2d552b68890857171a78b36a5dccf368a953413288c353f7c9d9d6f94b709b3","fingerprint_sha256_b32_first128bits":"RVFV5Z2OI2J3ZUO7ERDEBCYNKS","fingerprint_sha256_hex":"8d4b5ee74e4693bcd1df2446408b0d54","rotates_at":null,"url":"https://pith.science/pith-signing-key.json","notes":"Pith uses this Ed25519 key to sign canonical record SHA-256 digests. Verify with: ed25519_verify(public_key, message=canonical_sha256_bytes, signature=base64decode(signature_b64))."}],"merge_version":"pith-open-graph-merge-v1","built_at":"2026-05-29T15:10:58Z","links":{"resolver":"https://pith.science/pith/7CFSB5EQVVTC522UGLQ5QKFRCG","bundle":"https://pith.science/pith/7CFSB5EQVVTC522UGLQ5QKFRCG/bundle.json","state":"https://pith.science/pith/7CFSB5EQVVTC522UGLQ5QKFRCG/state.json","well_known_bundle":"https://pith.science/.well-known/pith/7CFSB5EQVVTC522UGLQ5QKFRCG/bundle.json"},"state":{"state_type":"pith_open_graph_state","state_version":"1.0","pith_number":"pith:2018:7CFSB5EQVVTC522UGLQ5QKFRCG","merge_version":"pith-open-graph-merge-v1","event_count":2,"valid_event_count":2,"invalid_event_count":0,"equivocation_count":0,"current":{"canonical_record":{"metadata":{"abstract_canon_sha256":"eb93708e508c6f26c3ddec9c58701049132644507d65bb443795227a18dcc6bd","cross_cats_sorted":[],"license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.CR","submitted_at":"2018-04-03T01:16:58Z","title_canon_sha256":"aa1774db0d699bc5a0afa3abecab577fc1a15b59b5e84e8042db2f2c6801e7c7"},"schema_version":"1.0","source":{"id":"1804.01862","kind":"arxiv","version":1}},"source_aliases":[{"alias_kind":"arxiv","alias_value":"1804.01862","created_at":"2026-05-18T00:19:09Z"},{"alias_kind":"arxiv_version","alias_value":"1804.01862v1","created_at":"2026-05-18T00:19:09Z"},{"alias_kind":"doi","alias_value":"10.48550/arxiv.1804.01862","created_at":"2026-05-18T00:19:09Z"},{"alias_kind":"pith_short_12","alias_value":"7CFSB5EQVVTC","created_at":"2026-05-18T12:32:11Z"},{"alias_kind":"pith_short_16","alias_value":"7CFSB5EQVVTC522U","created_at":"2026-05-18T12:32:11Z"},{"alias_kind":"pith_short_8","alias_value":"7CFSB5EQ","created_at":"2026-05-18T12:32:11Z"}],"graph_snapshots":[{"event_id":"sha256:6051d37e084eb46ab484f74c300382ef6923bd6db66f3cac2982c039c85f02dd","target":"graph","created_at":"2026-05-18T00:19:09Z","signer":{"key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signer_id":"pith.science","signer_type":"pith_registry"},"payload":{"graph_snapshot":{"author_claims":{"count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57","strong_count":0},"builder_version":"pith-number-builder-2026-05-17-v1","claims":{"count":0,"items":[],"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"formal_canon":{"evidence_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"paper":{"abstract_excerpt":"The best practice to prevent Cross Site Scripting (XSS) attacks is to apply encoders to sanitize untrusted data. To balance security and functionality, encoders should be applied to match the web page context, such as HTML body, JavaScript, and style sheets. A common programming error is the use of a wrong type of encoder to sanitize untrusted data, leaving the application vulnerable. We present a security unit testing approach to detect XSS vulnerabilities caused by improper encoding of untrusted data. Unit tests for the XSS vulnerability are constructed out of each web page and then evaluate","authors_text":"Bei-Tseng Chu, Heather Richter Lipford, Mahmoud Mohammadi","cross_cats":[],"headline":"","license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.CR","submitted_at":"2018-04-03T01:16:58Z","title":"Automated Detecting and Repair of Cross-Site Scripting Vulnerabilities"},"references":{"count":0,"internal_anchors":0,"resolved_work":0,"sample":[],"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"source":{"id":"1804.01862","kind":"arxiv","version":1},"verdict":{"created_at":null,"id":null,"model_set":{},"one_line_summary":"","pipeline_version":null,"pith_extraction_headline":"","strongest_claim":"","weakest_assumption":""}},"verdict_id":null}}],"author_attestations":[],"timestamp_anchors":[],"storage_attestations":[],"citation_signatures":[],"replication_records":[],"corrections":[],"mirror_hints":[],"record_created":{"event_id":"sha256:ead1de9a07c9a9fd9ebe2dc3de487ed9779ea37bed67efc4aa771bff29ae3fea","target":"record","created_at":"2026-05-18T00:19:09Z","signer":{"key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signer_id":"pith.science","signer_type":"pith_registry"},"payload":{"attestation_state":"computed","canonical_record":{"metadata":{"abstract_canon_sha256":"eb93708e508c6f26c3ddec9c58701049132644507d65bb443795227a18dcc6bd","cross_cats_sorted":[],"license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.CR","submitted_at":"2018-04-03T01:16:58Z","title_canon_sha256":"aa1774db0d699bc5a0afa3abecab577fc1a15b59b5e84e8042db2f2c6801e7c7"},"schema_version":"1.0","source":{"id":"1804.01862","kind":"arxiv","version":1}},"canonical_sha256":"f88b20f490ad662eeb5432e1d828b111ab5305b630de0a1692502b8cf91e4bb7","receipt":{"algorithm":"ed25519","builder_version":"pith-number-builder-2026-05-17-v1","canonical_sha256":"f88b20f490ad662eeb5432e1d828b111ab5305b630de0a1692502b8cf91e4bb7","first_computed_at":"2026-05-18T00:19:09.686443Z","key_id":"pith-v1-2026-05","kind":"pith_receipt","last_reissued_at":"2026-05-18T00:19:09.686443Z","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","receipt_version":"0.3","signature_b64":"rsRZJlq7GEILziWGyYrQlYn7VQxJvF+B/xXpUjJC/IU/KECEdYYVf+N2gtTPZaDVf6d9Zqh8MDm/9XI9bwF8Dw==","signature_status":"signed_v1","signed_at":"2026-05-18T00:19:09.687685Z","signed_message":"canonical_sha256_bytes"},"source_id":"1804.01862","source_kind":"arxiv","source_version":1}}},"equivocations":[],"invalid_events":[],"applied_event_ids":["sha256:ead1de9a07c9a9fd9ebe2dc3de487ed9779ea37bed67efc4aa771bff29ae3fea","sha256:6051d37e084eb46ab484f74c300382ef6923bd6db66f3cac2982c039c85f02dd"],"state_sha256":"72909a5a5b039657c9276a72fbafa83f71a49e31b02ee338642d53eeabbfd99c"},"bundle_signature":{"signature_status":"signed_v1","algorithm":"ed25519","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signature_b64":"8hY2FU6Z/mD4pQ5cwtGmbn12OvIMHjx6O/yIMFxnYjPreG82WdaWJi/mcROen58rlD4uKTl2+3sqHTUL2SehAA==","signed_message":"bundle_sha256_bytes","signed_at":"2026-05-29T15:10:58.505360Z","bundle_sha256":"87e517e4e6caf4cacf0573549016aaa291fc0a98d5d52d270cf463ebebb00fd9"}}