Sciweavers

ESORICS
2009
Springer

Isolating JavaScript with Filters, Rewriting, and Wrappers

15 years 1 months ago
Isolating JavaScript with Filters, Rewriting, and Wrappers
Abstract. We study methods that allow web sites to safely combine JavaScript from untrusted sources. If implemented properly, filters can prevent dangerous code from loading into the execution environment, while rewriting allows greater expressiveness by inserting run-time checks. Wrapping properties of the execution environment can prevent misuse without requiring changes to imported JavaScript. Using a formal semantics for the ECMA 262-3 standard language, we prove security properties of a subset of JavaScript, comparable in expressiveness to Facebook FBJS, obtained by combining three isolation mechanisms. The isolation guarantees of the three mechanisms are interdependent, with rewriting and wrapper functions relying on the absence of JavaScript constructs eliminated by language filters.
Sergio Maffeis, John C. Mitchell, Ankur Taly
Added 23 Nov 2009
Updated 23 Nov 2009
Type Conference
Year 2009
Where ESORICS
Authors Sergio Maffeis, John C. Mitchell, Ankur Taly
Comments (0)