Skip to main content
Conference ProceedingsOPEN ACCESS

Isolating javascript with filters, rewriting, and wrappers

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (2009) 5789 LNCS 505-522
DOI: 10.1007/978-3-642-04444-1_31
32Citations
Citations of this article
66Readers
Mendeley users who have this article in their library.

This article is free to access.

Abstract

We study methods that allow web sites to safely combine JavaScript from untrusted sources. If implemented properly, filters can prevent dangerous code from loading into the execution environment, while rewriting allows greater expressiveness by inserting run-time checks. Wrapping properties of the execution environment can prevent misuse without requiring changes to imported JavaScript. Using a formal semantics for the ECMA 262-3 standard language, we prove security properties of a subset of JavaScript, comparable in expressiveness to Facebook FBJS, obtained by combining three isolation mechanisms. The isolation guarantees of the three mechanisms are interdependent, with rewriting and wrapper functions relying on the absence of JavaScript constructs eliminated by language filters. © 2009 Springer Berlin Heidelberg.

Cite

CITATION STYLE

APA

Maffeis, S., Mitchell, J. C., & Taly, A. (2009). Isolating javascript with filters, rewriting, and wrappers. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 5789 LNCS, pp. 505–522). https://doi.org/10.1007/978-3-642-04444-1_31

Register to see more suggestions

Mendeley helps you to discover research relevant for your work.

Already have an account?

Save time finding and organizing research with Mendeley

Sign up for free