JavaScript malware-based attacks account for a large fraction of successful mass-scale exploitation happening today. Attackers like JavaScript-based attacks because they can be mounted against an unsuspecting user visiting a seemingly innocent web page. While several techniques for addressing these types of exploits have been proposed, in-browser adoption has been slow, in part because of the p...

Websites today routinely combine JavaScript from multiple sources, both trusted and untrusted. Hence, JavaScript security is of paramount importance. A specific interesting problem is information flow control (IFC) for JavaScript. In this paper, we develop, formalize and implement a dynamic IFC mechanism for the JavaScript engine of a production Web browser (specifically, Safari’s WebKit engine...

Many of the programmers move towards object oriented programming languages due to its reusability nature, whereas in procedural programming languages reusability is not allowed, which may contribute to the high cost of development. Most of web browsers make use of JavaScript as a user interactive program that is a client side program due to its active nature. In the client side programming it i...

Web pages routinely incorporate JavaScript code from third-party sources. However, all code in a page runs in the same security context, regardless of provenance. When Web pages incorporate third-party JavaScript without any checks, as many do, they open themselves to attack. A third-party can trivially inject malicious JavaScript into such a page, causing all manner of harm. Several such attac...

Concurrently executing arbitrary JavaScript on many webpages is hard. For free-standing JavaScript — JavaScript that does not interact with a DOM — parallelization is easy. Many of the parallelization approaches that have been applied to other mainstream languages have been applied also to JavaScript. Existing testing frameworks such as Selenium Grid [19] and PhantomJS [16] allow developers to ...

This paper presents SCM2JS a compiler that translates a variant of the Scheme programming language into JavaScript. On the one hand, some Scheme features are missing, amongst which the most important are the lack of support for continuations, the absence of exact numbers, and a partial treatment of tail recursions. On the other hand, some extensions are added for improving the connection betwee...

Libraries, Eric Elliott, Eric Hamilton, O'Reilly Media, Incorporated, 2013, 1449320945, 9781449320942, 300 pages. Take your existing JavaScript skills to the next level and learn how to build complete web scale or enterprise applications that are easy to extend and maintain. By applying the design patterns outlined in this book, youÐ2Ђ™ll learn how to write flexible and resilient code thatÐ2...

Although JavaScript is an important part of Web 2.0, it has historically been a major source of security holes. Code from malicious advertisers and cross-site-scripting (XSS) attacks are particularly pervasive problems. In this paper, we explore dynamic information flow to prevent the loss of confidential information from malicious JavaScript code. In particular, we extend prior dynamic informa...

There is a plethora of research articles describing the deep semantics of JavaScript. Nevertheless, such articles are often difficult to grasp for readers not familiar with formal semantics. In this report, we propose a digest of the semantics of JavaScript centered around security concerns. This document proposes an overview of the JavaScript language and the misleading semantic points in its ...

In this paper we present a pure JavaScript implementation of an RDF store supporting the SPARQL query language that can be executed in modern browsers as well as in server side JavaScript platforms. We also present a declarative JavaScript library, built on top of the store, that makes it possible to build rich web clients combining the power of structured linked data, lightweight RDF notations...