{"bundle_type":"pith_open_graph_bundle","bundle_version":"1.0","pith_number":"pith:2018:GS34KXXQFCLW4DGS2JZCBU2ONY","short_pith_number":"pith:GS34KXXQ","canonical_record":{"source":{"id":"1812.03939","kind":"arxiv","version":2},"metadata":{"license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.CR","submitted_at":"2018-12-10T17:45:24Z","cross_cats_sorted":[],"title_canon_sha256":"31fd8a8323b8eb373e4f86650e41820a8d4e6d4f0f89c0dc500c3eaf4ea63d08","abstract_canon_sha256":"66c88d7bacf3474feaa579bab1b534a4898dac0df4ab2b01c50ccac0b6cdf505"},"schema_version":"1.0"},"canonical_sha256":"34b7c55ef028976e0cd2d27220d34e6e3b769e4464807e69088561cd614d7da5","source":{"kind":"arxiv","id":"1812.03939","version":2},"source_aliases":[{"alias_kind":"arxiv","alias_value":"1812.03939","created_at":"2026-05-17T23:54:28Z"},{"alias_kind":"arxiv_version","alias_value":"1812.03939v2","created_at":"2026-05-17T23:54:28Z"},{"alias_kind":"doi","alias_value":"10.48550/arxiv.1812.03939","created_at":"2026-05-17T23:54:28Z"},{"alias_kind":"pith_short_12","alias_value":"GS34KXXQFCLW","created_at":"2026-05-18T12:32:25Z"},{"alias_kind":"pith_short_16","alias_value":"GS34KXXQFCLW4DGS","created_at":"2026-05-18T12:32:25Z"},{"alias_kind":"pith_short_8","alias_value":"GS34KXXQ","created_at":"2026-05-18T12:32:25Z"}],"events":[{"event_type":"record_created","subject_pith_number":"pith:2018:GS34KXXQFCLW4DGS2JZCBU2ONY","target":"record","payload":{"canonical_record":{"source":{"id":"1812.03939","kind":"arxiv","version":2},"metadata":{"license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.CR","submitted_at":"2018-12-10T17:45:24Z","cross_cats_sorted":[],"title_canon_sha256":"31fd8a8323b8eb373e4f86650e41820a8d4e6d4f0f89c0dc500c3eaf4ea63d08","abstract_canon_sha256":"66c88d7bacf3474feaa579bab1b534a4898dac0df4ab2b01c50ccac0b6cdf505"},"schema_version":"1.0"},"canonical_sha256":"34b7c55ef028976e0cd2d27220d34e6e3b769e4464807e69088561cd614d7da5","receipt":{"kind":"pith_receipt","key_id":"pith-v1-2026-05","algorithm":"ed25519","signed_at":"2026-05-17T23:54:28.115343Z","signature_b64":"aV1IgvrBp7ahkfrdLUUp4SjncVJG+zpkL2a8s3pW+nVeXEdWZNDaDgf6R4w8yaM6rRr5VxvgZMBCrYeqezpZBA==","signed_message":"canonical_sha256_bytes","builder_version":"pith-number-builder-2026-05-17-v1","receipt_version":"0.3","canonical_sha256":"34b7c55ef028976e0cd2d27220d34e6e3b769e4464807e69088561cd614d7da5","last_reissued_at":"2026-05-17T23:54:28.114774Z","signature_status":"signed_v1","first_computed_at":"2026-05-17T23:54:28.114774Z","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54"},"source_kind":"arxiv","source_id":"1812.03939","source_version":2,"attestation_state":"computed"},"signer":{"signer_id":"pith.science","signer_type":"pith_registry","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54"},"created_at":"2026-05-17T23:54:28Z","supersedes":[],"prev_event":null,"signature":{"signature_status":"signed_v1","algorithm":"ed25519","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signature_b64":"3Nkzg7nJH3MJDrDl80mXhJloXdBJ6u0CrTkOAQc6GpEXT8smSGqdWonFHas12D/bGZTsWpnLHvtMOj14OzYQDQ==","signed_message":"open_graph_event_sha256_bytes","signed_at":"2026-06-05T02:23:19.724825Z"},"content_sha256":"9639d51864f69e1f2ef4c559021b98726e1f26c0921a727e666a3566aea500d9","schema_version":"1.0","event_id":"sha256:9639d51864f69e1f2ef4c559021b98726e1f26c0921a727e666a3566aea500d9"},{"event_type":"graph_snapshot","subject_pith_number":"pith:2018:GS34KXXQFCLW4DGS2JZCBU2ONY","target":"graph","payload":{"graph_snapshot":{"paper":{"title":"JSSignature: Eliminating Third-Party-Hosted JavaScript Infection Threats Using Digital Signatures","license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","headline":"","cross_cats":[],"primary_cat":"cs.CR","authors_text":"Ebrahim Ansari, Fateme Ansari, Kousha Nakhaei","submitted_at":"2018-12-10T17:45:24Z","abstract_excerpt":"Today, third-party JavaScript resources are indispensable part of the web platform. More than 88% of world's top websites include at least one JavaScript resource from a remote host. However, there is a great security risk behind using a third-party JavaScript resource, if an attacker can infect one of these remote JavaScript resources all websites those have included the script would be at risk. In this paper, we present JSSignature, an entirely at the client-side pure JavaScript framework in order to validate third-party JavaScript resources using digital signature. Therefore, all included J"},"claims":{"count":0,"items":[],"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"source":{"id":"1812.03939","kind":"arxiv","version":2},"verdict":{"id":null,"model_set":{},"created_at":null,"strongest_claim":"","one_line_summary":"","pipeline_version":null,"weakest_assumption":"","pith_extraction_headline":""},"references":{"count":0,"sample":[],"resolved_work":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57","internal_anchors":0},"formal_canon":{"evidence_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"author_claims":{"count":0,"strong_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"builder_version":"pith-number-builder-2026-05-17-v1"},"verdict_id":null},"signer":{"signer_id":"pith.science","signer_type":"pith_registry","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54"},"created_at":"2026-05-17T23:54:28Z","supersedes":[],"prev_event":null,"signature":{"signature_status":"signed_v1","algorithm":"ed25519","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signature_b64":"F+aog6cNJKKrS3cQaDFjclXpKE9OAmExo4REBsVIiukQi6IgbKEnPQIsqSVQrEIyZOv7u0OJqxlrNRH5785ODw==","signed_message":"open_graph_event_sha256_bytes","signed_at":"2026-06-05T02:23:19.725396Z"},"content_sha256":"b6e9ceaa93974d7d6fa2b01a5c8a64327de09cd49f17703308f93e0ec48fd247","schema_version":"1.0","event_id":"sha256:b6e9ceaa93974d7d6fa2b01a5c8a64327de09cd49f17703308f93e0ec48fd247"}],"timestamp_proofs":[],"mirror_hints":[{"mirror_type":"https","name":"Pith Resolver","base_url":"https://pith.science","bundle_url":"https://pith.science/pith/GS34KXXQFCLW4DGS2JZCBU2ONY/bundle.json","state_url":"https://pith.science/pith/GS34KXXQFCLW4DGS2JZCBU2ONY/state.json","well_known_bundle_url":"https://pith.science/.well-known/pith/GS34KXXQFCLW4DGS2JZCBU2ONY/bundle.json","status":"primary"}],"public_keys":[{"key_id":"pith-v1-2026-05","algorithm":"ed25519","format":"raw","public_key_b64":"stVStoiQhXFxp4s2pdzPNoqVNBMojDU/fJ2db5S3CbM=","public_key_hex":"b2d552b68890857171a78b36a5dccf368a953413288c353f7c9d9d6f94b709b3","fingerprint_sha256_b32_first128bits":"RVFV5Z2OI2J3ZUO7ERDEBCYNKS","fingerprint_sha256_hex":"8d4b5ee74e4693bcd1df2446408b0d54","rotates_at":null,"url":"https://pith.science/pith-signing-key.json","notes":"Pith uses this Ed25519 key to sign canonical record SHA-256 digests. Verify with: ed25519_verify(public_key, message=canonical_sha256_bytes, signature=base64decode(signature_b64))."}],"merge_version":"pith-open-graph-merge-v1","built_at":"2026-06-05T02:23:19Z","links":{"resolver":"https://pith.science/pith/GS34KXXQFCLW4DGS2JZCBU2ONY","bundle":"https://pith.science/pith/GS34KXXQFCLW4DGS2JZCBU2ONY/bundle.json","state":"https://pith.science/pith/GS34KXXQFCLW4DGS2JZCBU2ONY/state.json","well_known_bundle":"https://pith.science/.well-known/pith/GS34KXXQFCLW4DGS2JZCBU2ONY/bundle.json"},"state":{"state_type":"pith_open_graph_state","state_version":"1.0","pith_number":"pith:2018:GS34KXXQFCLW4DGS2JZCBU2ONY","merge_version":"pith-open-graph-merge-v1","event_count":2,"valid_event_count":2,"invalid_event_count":0,"equivocation_count":0,"current":{"canonical_record":{"metadata":{"abstract_canon_sha256":"66c88d7bacf3474feaa579bab1b534a4898dac0df4ab2b01c50ccac0b6cdf505","cross_cats_sorted":[],"license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.CR","submitted_at":"2018-12-10T17:45:24Z","title_canon_sha256":"31fd8a8323b8eb373e4f86650e41820a8d4e6d4f0f89c0dc500c3eaf4ea63d08"},"schema_version":"1.0","source":{"id":"1812.03939","kind":"arxiv","version":2}},"source_aliases":[{"alias_kind":"arxiv","alias_value":"1812.03939","created_at":"2026-05-17T23:54:28Z"},{"alias_kind":"arxiv_version","alias_value":"1812.03939v2","created_at":"2026-05-17T23:54:28Z"},{"alias_kind":"doi","alias_value":"10.48550/arxiv.1812.03939","created_at":"2026-05-17T23:54:28Z"},{"alias_kind":"pith_short_12","alias_value":"GS34KXXQFCLW","created_at":"2026-05-18T12:32:25Z"},{"alias_kind":"pith_short_16","alias_value":"GS34KXXQFCLW4DGS","created_at":"2026-05-18T12:32:25Z"},{"alias_kind":"pith_short_8","alias_value":"GS34KXXQ","created_at":"2026-05-18T12:32:25Z"}],"graph_snapshots":[{"event_id":"sha256:b6e9ceaa93974d7d6fa2b01a5c8a64327de09cd49f17703308f93e0ec48fd247","target":"graph","created_at":"2026-05-17T23:54:28Z","signer":{"key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signer_id":"pith.science","signer_type":"pith_registry"},"payload":{"graph_snapshot":{"author_claims":{"count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57","strong_count":0},"builder_version":"pith-number-builder-2026-05-17-v1","claims":{"count":0,"items":[],"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"formal_canon":{"evidence_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"paper":{"abstract_excerpt":"Today, third-party JavaScript resources are indispensable part of the web platform. More than 88% of world's top websites include at least one JavaScript resource from a remote host. However, there is a great security risk behind using a third-party JavaScript resource, if an attacker can infect one of these remote JavaScript resources all websites those have included the script would be at risk. In this paper, we present JSSignature, an entirely at the client-side pure JavaScript framework in order to validate third-party JavaScript resources using digital signature. Therefore, all included J","authors_text":"Ebrahim Ansari, Fateme Ansari, Kousha Nakhaei","cross_cats":[],"headline":"","license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.CR","submitted_at":"2018-12-10T17:45:24Z","title":"JSSignature: Eliminating Third-Party-Hosted JavaScript Infection Threats Using Digital Signatures"},"references":{"count":0,"internal_anchors":0,"resolved_work":0,"sample":[],"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"source":{"id":"1812.03939","kind":"arxiv","version":2},"verdict":{"created_at":null,"id":null,"model_set":{},"one_line_summary":"","pipeline_version":null,"pith_extraction_headline":"","strongest_claim":"","weakest_assumption":""}},"verdict_id":null}}],"author_attestations":[],"timestamp_anchors":[],"storage_attestations":[],"citation_signatures":[],"replication_records":[],"corrections":[],"mirror_hints":[],"record_created":{"event_id":"sha256:9639d51864f69e1f2ef4c559021b98726e1f26c0921a727e666a3566aea500d9","target":"record","created_at":"2026-05-17T23:54:28Z","signer":{"key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signer_id":"pith.science","signer_type":"pith_registry"},"payload":{"attestation_state":"computed","canonical_record":{"metadata":{"abstract_canon_sha256":"66c88d7bacf3474feaa579bab1b534a4898dac0df4ab2b01c50ccac0b6cdf505","cross_cats_sorted":[],"license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.CR","submitted_at":"2018-12-10T17:45:24Z","title_canon_sha256":"31fd8a8323b8eb373e4f86650e41820a8d4e6d4f0f89c0dc500c3eaf4ea63d08"},"schema_version":"1.0","source":{"id":"1812.03939","kind":"arxiv","version":2}},"canonical_sha256":"34b7c55ef028976e0cd2d27220d34e6e3b769e4464807e69088561cd614d7da5","receipt":{"algorithm":"ed25519","builder_version":"pith-number-builder-2026-05-17-v1","canonical_sha256":"34b7c55ef028976e0cd2d27220d34e6e3b769e4464807e69088561cd614d7da5","first_computed_at":"2026-05-17T23:54:28.114774Z","key_id":"pith-v1-2026-05","kind":"pith_receipt","last_reissued_at":"2026-05-17T23:54:28.114774Z","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","receipt_version":"0.3","signature_b64":"aV1IgvrBp7ahkfrdLUUp4SjncVJG+zpkL2a8s3pW+nVeXEdWZNDaDgf6R4w8yaM6rRr5VxvgZMBCrYeqezpZBA==","signature_status":"signed_v1","signed_at":"2026-05-17T23:54:28.115343Z","signed_message":"canonical_sha256_bytes"},"source_id":"1812.03939","source_kind":"arxiv","source_version":2}}},"equivocations":[],"invalid_events":[],"applied_event_ids":["sha256:9639d51864f69e1f2ef4c559021b98726e1f26c0921a727e666a3566aea500d9","sha256:b6e9ceaa93974d7d6fa2b01a5c8a64327de09cd49f17703308f93e0ec48fd247"],"state_sha256":"831a300c291ab74afac773c76fee98429b5bff6c5e55674a9e128f8b81facc13"},"bundle_signature":{"signature_status":"signed_v1","algorithm":"ed25519","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signature_b64":"SALrvxIaoG4z2cwM77w7nPZBizTno1TC3fG7P8XsUc/zqDbP8UW/3o2S+zEdgt0UY8jeERkrFDAvWmeMHR38BA==","signed_message":"bundle_sha256_bytes","signed_at":"2026-06-05T02:23:19.728170Z","bundle_sha256":"9b9d1a48ebe4cd0a63098d42895b9c4f4841502587d14b24cf59656a9ccf66cb"}}