We identify a class of Web browser implementation vulnerabilities, cross-origin JavaScript capability leaks, which occur when the browser leaks a JavaScript pointer from one security origin to another. We devise an algorithm for detecting these vulnerabilities by monitoring the “points-to” relation of the JavaScript heap. Our algorithm finds a number of new vulnerabilities in the opensource Web...

JavaScript is a powerful imperative object based language made popular by its use in web pages. It supports flexible program development by allowing dynamic addition of members to objects. Code is dynamically typed: a runtime access to a non-existing member causes an error. We suggest two static type systems for JavaScript that will detect such runtime type errors. Therefore, programmers can ha...

Visualizing Resource Description Framework (RDF) data to support decision-making processes is an important and challenging aspect of consuming Linked Data. With the recent development of JavaScript libraries for data visualization, new opportunities for Web-based visualization of Linked Data arise. This paper presents an extensive evaluation of JavaScript-based libraries for visualizing RDF dat...

This paper presents the core algorithm for a tool implementing a declarative approach to web form development. Instead of writing Javascript to implement error detection and implied value computation, web developers write an ontology in classical logic that describes the relationships between web form fields, and the Javascript is generated automatically. To meet performance demands, the compil...

Web application designers and users alike are interested in isolation properties for trusted JavaScript code in order to prevent confidential resources from being leaked to untrusted parties. Noninterference provides the mathematical foundation for reasoning precisely about the information flows that take place during the execution of a program. Due to the dynamicity of the language, research o...

Javascript is a scripting language that is commonly used to create sophisticated interactive client-side web applications. It can also be used to carry out browser-based attacks on users. Malicious JavaScript code is usually highly obfuscated, making detection a challenge. This paper describes a simple approach to deobfuscation of JavaScript code based on dynamic analysis and slicing. Experimen...

Dr. Stephan Herhut began the HotPar ’12 workshop with a discussion of how to enable more parallel programming for Web applications, which are commonly programmed in JavaScript. His talk introduced River Trail (https://github. com/RiverTrail/RiverTrail), an open source system which makes expressing parallelism in JavaScript programs easy and doesn’t require programmers to write parallel code. Th...

JavaScript is the dominant language of modern web applications. In this research, we have investigated the battery-consumption of JavaScript applications running on mobile phones. In our empirical study, we developed and analysed eight implementations of the same application using different JavaScript libraries. The results show that there are significant differences between different implement...

Providing security guarantees for systems built out of untrusted components requires the ability to define and enforce access control policies over untrusted code. In Web 2.0 applications, JavaScript code from different origins is often combined on a single page, leading to well-known vulnerabilities. We present a security infrastructure which allows users and content providers to specify acces...

Contracts enable mutually suspicious parties to cooperate safely through the exchange of rights. Smart contracts are programs whose behavior enforces the terms of the contract. This paper shows how such contracts can be specified elegantly and executed safely, given an appropriate distributed, secure, persistent, and ubiquitous computational fabric. JavaScript provides the ubiquity but must be ...