The JSC language is a superset of JavaScript designed to ease the development of large web applications. This language extends JavaScript’s own object system by isolating code in a class declaration, simplifying multiple inheritance and using method implementation agreements. 1 Motivation As web applications have been gaining more dynamic behavior, JavaScript has become more important in web de...

Web pages have become more like applications that documents. Not only do they provide dynamic content, they also allow users to play games, send email, and do many other tasks that used to be reserved for traditional applications. One of the major technologies enabling web application creation is JavaScript, which allows execution of code in the browser. Unfortunately, because it is so powerful...

Context. : The increasing popularity of JavaScript has lead to a variety of frameworks that aim to help developers to address programming tasks. However, the number of JavaScript Frameworks has risen rapidly to thousands and more. It is difficult for practitioners to identify the frameworks that best fit to their needs and to develop new frameworks that fit such needs. Existing research has foc...

We describe JSAI, an abstract interpreter for JavaScript. JSAI uses novel abstract domains to compute a reduced product of type inference, pointer analysis, string analysis, integer and boolean constant propagation, and control-flow analysis. In addition, JSAI allows for analysis control-flow sensitivity (i.e., context-, path-, and heap-sensitivity) to be modularly configured without requiring ...

JavaScript is the most widely used web language for client-side applications. Whilst the development of JavaScript was initially just led by implementation, there is now increasing momentum behind the ECMA standardisation process. The time is ripe for a formal, mechanised specification of JavaScript, to clarify ambiguities in the ECMA standards, to serve as a trusted reference for high-level la...

Many important security problems in JavaScript, such as browser extension security, untrusted JavaScript libraries and safe integration of mutually distrustful websites (mash-ups), may be effectively addressed using an efficient implementation of information flow control (IFC). Unfortunately existing fine-grained approaches to JavaScript IFC require modifications to the language semantics and i...

In this paper, we propose a novel system, named BridgeScope, for precise and scalable vetting of JavaScript Bridge security issues in Android hybrid apps. BridgeScope is flexible and can be leveraged to analyze a diverse set of WebView implementations, such as Android’s default WebView, and Mozilla’s Rhino-based WebView. Furthermore, BridgeScope can automatically generate test exploit code to f...

Recent advances in execution environments for JavaScript and WebAssembly that run on a broad range of devices, from workstations to IoT devices, provides new opportunities for portable and web-based numerical computing. The aim of this paper is to evaluate the current state of the art through a comprehensive experiment using the Ostrich benchmark suite, a collection of numerical programs repres...

The drastic increase of JavaScript exploitation attacks has led to a strong interest in developing techniques to enable malicious JavaScript analysis. Existing analysis techniques fall into two general categories: static analysis and dynamic analysis. Static analysis tends to produce inaccurate results (both false positive and false negative) and is vulnerable to a wide series of obfuscation te...