Position Paper: The Case for JavaScript Transactions
نویسندگان
چکیده
Modern Web applications combine and use JavaScript-based content from multiple untrusted sources. Without proper isolation, such content can compromise the security and privacy of these Web applications. Prior techniques for isolating untrusted JavaScript code do so by restricting dangerous constructs and inlining security checks into third-party code. This paper presents a new approach that extends the JavaScript language to make isolation a language-level primitive. We propose to extend the language using a new transaction construct that allows a Web application to speculatively execute untrusted code and isolate its changes. The Web application can then inspect these speculative actions and commit them only if they comply with the application’s security policies. We discuss use-cases that can benefit from JavaScript support for transactions, present a formalization of JavaScript transactions and conclude with implementation considerations.
منابع مشابه
The Moral Position of Traditional and Electronic Transactions in the Absence of Intention and Consent
Background: Due to the increasing expansion of the electronic world in all aspects, e-commerce has found its place alongside traditional transactions and in turn are of particular importance and have left a significant share in commercial contracts. This has led to significant ethical challenges. E-commerce, due to the lack of necessary legal and legal grounds, lack of proper mechanism to prote...
متن کاملEnhancing JavaScript with Transactions
Transcript is a system that enhances JavaScript with support for transactions. Hosting Web applications can use transactions to demarcate regions that contain untrusted guest code. Actions performed within a transaction are logged and considered speculative until they are examined by the host and committed. Uncommitted actions simply do not take and cannot affect the host in any way. Transcript...
متن کاملTranscript: Speculative Execution of Untrusted JavaScript Code
Transcript is a system that enhances JavaScript with support for speculative execution. It introduces a new transaction construct, which hosting Web applications can use to demarcate regions that contain untrusted guest code. Actions performed within a transaction are logged and considered speculative until they are examined by the host and committed. Uncommitted actions simply do not take and ...
متن کاملAspectizing JavaScript Security
In this position paper we argue that aspects are wellsuited to describe and implement a range of strategies to make secure JavaScript-based applications. To this end, we review major categories of approaches to make client-side applications secure and discuss uses of aspects that exist for some of them. We also propose aspect-based techniques for the categories that have not yet been studied. W...
متن کاملDOM Transactions for Testing JavaScript
Unit testing in the presence of side e ects requires the construction of a suitable test xture before each test run. We consider the problem of providing test xtures for unit testing of client-side JavaScript code that manipulates its underlying web page. We propose using techniques from software transactional memory to restore the test xture after each test run.
متن کامل