4
IRUS TotalDownloads
Altmetric
Isolating JavaScript with filters, rewriting, and wrappers
| File | Description | Size | Format | |
|---|---|---|---|---|
 DTR09-6.pdf | Published version | 366.98 kB | Adobe PDF | View/Open |
| Title: | Isolating JavaScript with filters, rewriting, and wrappers |
| Authors: | Maffeis, S Mitchell, JC Taly, A |
| Item Type: | Report |
| Abstract: | We study methods that allow web sites to safely combine JavaScript from untrusted sources. If implemented properly, lters can prevent dangerous code from loading into the execution environment, while rewriting allows greater expressiveness by inserting run-time checks. Wrapping properties of the execu- tion environment can prevent misuse without requiring changes to imported JavaScript. Using a formal semantics for the ECMA 262-3 standard language, we prove security properties of a subset of JavaScript, comparable in expressiveness to Facebook FBJS, obtained by combining three isolation mechanisms. The isola- tion guarantees of the three mechanisms are interdependent, with rewriting and wrapper functions relying on the absence of JavaScript constructs eliminated by language lters. |
| Issue Date: | 1-Jan-2009 |
| URI: | http://hdl.handle.net/10044/1/95277 |
| DOI: | https://doi.org/10.25561/95277 |
| Publisher: | Department of Computing, Imperial College London |
| Start Page: | 1 |
| End Page: | 29 |
| Journal / Book Title: | Departmental Technical Report: 09/6 |
| Copyright Statement: | © 2009 The Author(s). This report is available open access under a CC-BY-NC-ND (https://creativecommons.org/licenses/by-nc-nd/4.0/) |
| Publication Status: | Published |
| Article Number: | 09/6 |
| Appears in Collections: | Computing Computing Technical Reports |
This item is licensed under a Creative Commons License
