{"bundle_type":"pith_open_graph_bundle","bundle_version":"1.0","pith_number":"pith:2022:DIWNOWIU4QKT3Z26RF5X7MD34J","short_pith_number":"pith:DIWNOWIU","canonical_record":{"source":{"id":"2204.08592","kind":"arxiv","version":2},"metadata":{"license":"http://creativecommons.org/licenses/by/4.0/","primary_cat":"cs.CR","submitted_at":"2022-04-19T00:14:28Z","cross_cats_sorted":[],"title_canon_sha256":"e09fbb3729e64365b2a8afaa7bcae274ba9b080adcbab9018474109a77e756ea","abstract_canon_sha256":"6fe4e087bf71b876f1278a4cc59825a3b747e0702c7e13dbc26c0bb190166553"},"schema_version":"1.0"},"canonical_sha256":"1a2cd75914e4153de75e897b7fb07be279107970fd15fcb7cce8278fb7643723","source":{"kind":"arxiv","id":"2204.08592","version":2},"source_aliases":[{"alias_kind":"arxiv","alias_value":"2204.08592","created_at":"2026-07-05T04:18:52Z"},{"alias_kind":"arxiv_version","alias_value":"2204.08592v2","created_at":"2026-07-05T04:18:52Z"},{"alias_kind":"doi","alias_value":"10.48550/arxiv.2204.08592","created_at":"2026-07-05T04:18:52Z"},{"alias_kind":"pith_short_12","alias_value":"DIWNOWIU4QKT","created_at":"2026-07-05T04:18:52Z"},{"alias_kind":"pith_short_16","alias_value":"DIWNOWIU4QKT3Z26","created_at":"2026-07-05T04:18:52Z"},{"alias_kind":"pith_short_8","alias_value":"DIWNOWIU","created_at":"2026-07-05T04:18:52Z"}],"events":[{"event_type":"record_created","subject_pith_number":"pith:2022:DIWNOWIU4QKT3Z26RF5X7MD34J","target":"record","payload":{"canonical_record":{"source":{"id":"2204.08592","kind":"arxiv","version":2},"metadata":{"license":"http://creativecommons.org/licenses/by/4.0/","primary_cat":"cs.CR","submitted_at":"2022-04-19T00:14:28Z","cross_cats_sorted":[],"title_canon_sha256":"e09fbb3729e64365b2a8afaa7bcae274ba9b080adcbab9018474109a77e756ea","abstract_canon_sha256":"6fe4e087bf71b876f1278a4cc59825a3b747e0702c7e13dbc26c0bb190166553"},"schema_version":"1.0"},"canonical_sha256":"1a2cd75914e4153de75e897b7fb07be279107970fd15fcb7cce8278fb7643723","receipt":{"kind":"pith_receipt","key_id":"pith-v1-2026-05","algorithm":"ed25519","signed_at":"2026-07-05T04:18:52.186103Z","signature_b64":"OxpffhCSsV5+yDxTuPGUFZn9QXjhMx9xNhOSjY/+z5loZEU/GM8EddSzqIcCNF+EqVJbYDZhqbC/yTaiLmESCg==","signed_message":"canonical_sha256_bytes","builder_version":"pith-number-builder-2026-05-17-v1","receipt_version":"0.3","canonical_sha256":"1a2cd75914e4153de75e897b7fb07be279107970fd15fcb7cce8278fb7643723","last_reissued_at":"2026-07-05T04:18:52.185693Z","signature_status":"signed_v1","first_computed_at":"2026-07-05T04:18:52.185693Z","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54"},"source_kind":"arxiv","source_id":"2204.08592","source_version":2,"attestation_state":"computed"},"signer":{"signer_id":"pith.science","signer_type":"pith_registry","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54"},"created_at":"2026-07-05T04:18:52Z","supersedes":[],"prev_event":null,"signature":{"signature_status":"signed_v1","algorithm":"ed25519","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signature_b64":"FNCHW1eR7y2QrWIh8eC5L4mDrWpsrwtpXmRFeLunBV4EKj6f5ydFtIG95r8o7YiwBW0m2NaCIjwU9oPO3+ANBQ==","signed_message":"open_graph_event_sha256_bytes","signed_at":"2026-07-06T17:47:38.935252Z"},"content_sha256":"378e9477a8cbbf6916d277753ee8df296a6b3e1a42e63957db6b4ffb6e2cb7a2","schema_version":"1.0","event_id":"sha256:378e9477a8cbbf6916d277753ee8df296a6b3e1a42e63957db6b4ffb6e2cb7a2"},{"event_type":"graph_snapshot","subject_pith_number":"pith:2022:DIWNOWIU4QKT3Z26RF5X7MD34J","target":"graph","payload":{"graph_snapshot":{"paper":{"title":"Context-Auditor: Context-sensitive Content Injection Mitigation","license":"http://creativecommons.org/licenses/by/4.0/","headline":"","cross_cats":[],"primary_cat":"cs.CR","authors_text":"Adam Doup\\'e, Faezeh Kalantari, Mehrnoosh Zaeifi, Ruoyu Wang, Tiffany Bao, Yan Shoshitaishvili","submitted_at":"2022-04-19T00:14:28Z","abstract_excerpt":"Cross-site scripting (XSS) is the most common vulnerability class in web applications over the last decade. Much research attention has focused on building exploit mitigation defenses for this problem, but no technique provides adequate protection in the face of advanced attacks. One technique that bypasses XSS mitigations is the scriptless attack: a content injection technique that uses (among other options) CSS and HTML injection to infiltrate data. In studying this technique and others, we realized that the common property among the exploitation of all content injection vulnerabilities, inc"},"claims":{"count":0,"items":[],"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"source":{"id":"2204.08592","kind":"arxiv","version":2},"verdict":{"id":null,"model_set":{},"created_at":null,"strongest_claim":"","one_line_summary":"","pipeline_version":null,"weakest_assumption":"","pith_extraction_headline":""},"integrity":{"clean":true,"summary":{"advisory":0,"critical":0,"by_detector":{},"informational":0},"endpoint":"/pith/2204.08592/integrity.json","findings":[],"available":true,"detectors_run":[],"snapshot_sha256":"c28c3603d3b5d939e8dc4c7e95fa8dfce3d595e45f758748cecf8e644a296938"},"references":{"count":0,"sample":[],"resolved_work":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57","internal_anchors":0},"formal_canon":{"evidence_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"author_claims":{"count":0,"strong_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"builder_version":"pith-number-builder-2026-05-17-v1"},"verdict_id":null},"signer":{"signer_id":"pith.science","signer_type":"pith_registry","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54"},"created_at":"2026-07-05T04:18:52Z","supersedes":[],"prev_event":null,"signature":{"signature_status":"signed_v1","algorithm":"ed25519","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signature_b64":"rSS89M3ol+ainmxmKuNlnodGli5wyr5puIPOmLofi3LYCdZo77jH/ZqFoq7zJZu3q+RxLpw0IoenkHVTI/E7BA==","signed_message":"open_graph_event_sha256_bytes","signed_at":"2026-07-06T17:47:38.935636Z"},"content_sha256":"3f51402a851e9ff5e7d709d2f0c41df5168bc9fb1926a7d1ee496bdfb42b02ab","schema_version":"1.0","event_id":"sha256:3f51402a851e9ff5e7d709d2f0c41df5168bc9fb1926a7d1ee496bdfb42b02ab"}],"timestamp_proofs":[],"mirror_hints":[{"mirror_type":"https","name":"Pith Resolver","base_url":"https://pith.science","bundle_url":"https://pith.science/pith/DIWNOWIU4QKT3Z26RF5X7MD34J/bundle.json","state_url":"https://pith.science/pith/DIWNOWIU4QKT3Z26RF5X7MD34J/state.json","well_known_bundle_url":"https://pith.science/.well-known/pith/DIWNOWIU4QKT3Z26RF5X7MD34J/bundle.json","status":"primary"}],"public_keys":[{"key_id":"pith-v1-2026-05","algorithm":"ed25519","format":"raw","public_key_b64":"stVStoiQhXFxp4s2pdzPNoqVNBMojDU/fJ2db5S3CbM=","public_key_hex":"b2d552b68890857171a78b36a5dccf368a953413288c353f7c9d9d6f94b709b3","fingerprint_sha256_b32_first128bits":"RVFV5Z2OI2J3ZUO7ERDEBCYNKS","fingerprint_sha256_hex":"8d4b5ee74e4693bcd1df2446408b0d54","rotates_at":null,"url":"https://pith.science/pith-signing-key.json","notes":"Pith uses this Ed25519 key to sign canonical record SHA-256 digests. Verify with: ed25519_verify(public_key, message=canonical_sha256_bytes, signature=base64decode(signature_b64))."}],"merge_version":"pith-open-graph-merge-v1","built_at":"2026-07-06T17:47:38Z","links":{"resolver":"https://pith.science/pith/DIWNOWIU4QKT3Z26RF5X7MD34J","bundle":"https://pith.science/pith/DIWNOWIU4QKT3Z26RF5X7MD34J/bundle.json","state":"https://pith.science/pith/DIWNOWIU4QKT3Z26RF5X7MD34J/state.json","well_known_bundle":"https://pith.science/.well-known/pith/DIWNOWIU4QKT3Z26RF5X7MD34J/bundle.json"},"state":{"state_type":"pith_open_graph_state","state_version":"1.0","pith_number":"pith:2022:DIWNOWIU4QKT3Z26RF5X7MD34J","merge_version":"pith-open-graph-merge-v1","event_count":2,"valid_event_count":2,"invalid_event_count":0,"equivocation_count":0,"current":{"canonical_record":{"metadata":{"abstract_canon_sha256":"6fe4e087bf71b876f1278a4cc59825a3b747e0702c7e13dbc26c0bb190166553","cross_cats_sorted":[],"license":"http://creativecommons.org/licenses/by/4.0/","primary_cat":"cs.CR","submitted_at":"2022-04-19T00:14:28Z","title_canon_sha256":"e09fbb3729e64365b2a8afaa7bcae274ba9b080adcbab9018474109a77e756ea"},"schema_version":"1.0","source":{"id":"2204.08592","kind":"arxiv","version":2}},"source_aliases":[{"alias_kind":"arxiv","alias_value":"2204.08592","created_at":"2026-07-05T04:18:52Z"},{"alias_kind":"arxiv_version","alias_value":"2204.08592v2","created_at":"2026-07-05T04:18:52Z"},{"alias_kind":"doi","alias_value":"10.48550/arxiv.2204.08592","created_at":"2026-07-05T04:18:52Z"},{"alias_kind":"pith_short_12","alias_value":"DIWNOWIU4QKT","created_at":"2026-07-05T04:18:52Z"},{"alias_kind":"pith_short_16","alias_value":"DIWNOWIU4QKT3Z26","created_at":"2026-07-05T04:18:52Z"},{"alias_kind":"pith_short_8","alias_value":"DIWNOWIU","created_at":"2026-07-05T04:18:52Z"}],"graph_snapshots":[{"event_id":"sha256:3f51402a851e9ff5e7d709d2f0c41df5168bc9fb1926a7d1ee496bdfb42b02ab","target":"graph","created_at":"2026-07-05T04:18:52Z","signer":{"key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signer_id":"pith.science","signer_type":"pith_registry"},"payload":{"graph_snapshot":{"author_claims":{"count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57","strong_count":0},"builder_version":"pith-number-builder-2026-05-17-v1","claims":{"count":0,"items":[],"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"formal_canon":{"evidence_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"integrity":{"available":true,"clean":true,"detectors_run":[],"endpoint":"/pith/2204.08592/integrity.json","findings":[],"snapshot_sha256":"c28c3603d3b5d939e8dc4c7e95fa8dfce3d595e45f758748cecf8e644a296938","summary":{"advisory":0,"by_detector":{},"critical":0,"informational":0}},"paper":{"abstract_excerpt":"Cross-site scripting (XSS) is the most common vulnerability class in web applications over the last decade. Much research attention has focused on building exploit mitigation defenses for this problem, but no technique provides adequate protection in the face of advanced attacks. One technique that bypasses XSS mitigations is the scriptless attack: a content injection technique that uses (among other options) CSS and HTML injection to infiltrate data. In studying this technique and others, we realized that the common property among the exploitation of all content injection vulnerabilities, inc","authors_text":"Adam Doup\\'e, Faezeh Kalantari, Mehrnoosh Zaeifi, Ruoyu Wang, Tiffany Bao, Yan Shoshitaishvili","cross_cats":[],"headline":"","license":"http://creativecommons.org/licenses/by/4.0/","primary_cat":"cs.CR","submitted_at":"2022-04-19T00:14:28Z","title":"Context-Auditor: Context-sensitive Content Injection Mitigation"},"references":{"count":0,"internal_anchors":0,"resolved_work":0,"sample":[],"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"source":{"id":"2204.08592","kind":"arxiv","version":2},"verdict":{"created_at":null,"id":null,"model_set":{},"one_line_summary":"","pipeline_version":null,"pith_extraction_headline":"","strongest_claim":"","weakest_assumption":""}},"verdict_id":null}}],"author_attestations":[],"timestamp_anchors":[],"storage_attestations":[],"citation_signatures":[],"replication_records":[],"corrections":[],"mirror_hints":[],"record_created":{"event_id":"sha256:378e9477a8cbbf6916d277753ee8df296a6b3e1a42e63957db6b4ffb6e2cb7a2","target":"record","created_at":"2026-07-05T04:18:52Z","signer":{"key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signer_id":"pith.science","signer_type":"pith_registry"},"payload":{"attestation_state":"computed","canonical_record":{"metadata":{"abstract_canon_sha256":"6fe4e087bf71b876f1278a4cc59825a3b747e0702c7e13dbc26c0bb190166553","cross_cats_sorted":[],"license":"http://creativecommons.org/licenses/by/4.0/","primary_cat":"cs.CR","submitted_at":"2022-04-19T00:14:28Z","title_canon_sha256":"e09fbb3729e64365b2a8afaa7bcae274ba9b080adcbab9018474109a77e756ea"},"schema_version":"1.0","source":{"id":"2204.08592","kind":"arxiv","version":2}},"canonical_sha256":"1a2cd75914e4153de75e897b7fb07be279107970fd15fcb7cce8278fb7643723","receipt":{"algorithm":"ed25519","builder_version":"pith-number-builder-2026-05-17-v1","canonical_sha256":"1a2cd75914e4153de75e897b7fb07be279107970fd15fcb7cce8278fb7643723","first_computed_at":"2026-07-05T04:18:52.185693Z","key_id":"pith-v1-2026-05","kind":"pith_receipt","last_reissued_at":"2026-07-05T04:18:52.185693Z","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","receipt_version":"0.3","signature_b64":"OxpffhCSsV5+yDxTuPGUFZn9QXjhMx9xNhOSjY/+z5loZEU/GM8EddSzqIcCNF+EqVJbYDZhqbC/yTaiLmESCg==","signature_status":"signed_v1","signed_at":"2026-07-05T04:18:52.186103Z","signed_message":"canonical_sha256_bytes"},"source_id":"2204.08592","source_kind":"arxiv","source_version":2}}},"equivocations":[],"invalid_events":[],"applied_event_ids":["sha256:378e9477a8cbbf6916d277753ee8df296a6b3e1a42e63957db6b4ffb6e2cb7a2","sha256:3f51402a851e9ff5e7d709d2f0c41df5168bc9fb1926a7d1ee496bdfb42b02ab"],"state_sha256":"5cf53254dff7b86008348e359c00cdeb0a63ca3e7c54c0811e3977f037ad2459"},"bundle_signature":{"signature_status":"signed_v1","algorithm":"ed25519","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signature_b64":"JRWQds2ky18yj1G0A+1js0+3Cz6x6cZIUlCpfQshP2zFH2Eyiq6aD3KZgJ12SdOFouCAL2BwnCDezodWbDYBCQ==","signed_message":"bundle_sha256_bytes","signed_at":"2026-07-06T17:47:38.937606Z","bundle_sha256":"4217bbeda15ed9c1bc66b884d468543f3266da144315921ed8572fe411e709ba"}}