Conference Proceedings

Language-based isolation of untrusted javascript

Proceedings - IEEE Computer Security Foundations Symposium (2009) 77-91
DOI: 10.1109/CSF.2009.11
69Citations
Citations of this article
64Readers
Mendeley users who have this article in their library.
Get full text

Abstract

Web sites that incorporate untrusted content may use browser- or language-based methods to keep such content from maliciously altering pages, stealing sensitive information, or causing other harm. We study language-based methods for filtering and rewriting JavaScript code, using Yahoo! ADSafe and Facebook FBJS as motivating examples. We explain the core problems by describing previously unknown vulnerabilities and subtleties, and develop a foundation for improved solutions based on an operational semantics of the full ECMA-262 language. We also discuss how to apply our analysis to address the JavaScript isolation problems we discovered. © 2009 IEEE.

Cite

CITATION STYLE

APA

Maffeis, S., & Taly, A. (2009). Language-based isolation of untrusted javascript. In Proceedings - IEEE Computer Security Foundations Symposium (pp. 77–91). https://doi.org/10.1109/CSF.2009.11

Register to see more suggestions

Mendeley helps you to discover research relevant for your work.

Already have an account?

Save time finding and organizing research with Mendeley

Sign up for free