Imperial College London
Portrait Picture

DrSergioMaffeis

Faculty of EngineeringDepartment of Computing

Senior Lecturer
 
 
 
//

Contact

 

+44 (0)20 7594 8390sergio.maffeis Website

 
 
//

Location

 

441Huxley BuildingSouth Kensington Campus

//

Summary

 

Publications

Citation

BibTex format

@techreport{Maffeis:2009:10.25561/95277,
author = {Maffeis, S and Mitchell, JC and Taly, A},
booktitle = {Departmental Technical Report: 09/6},
doi = {10.25561/95277},
publisher = {Department of Computing, Imperial College London},
title = {Isolating JavaScript with filters, rewriting, and wrappers},
url = {http://dx.doi.org/10.25561/95277},
year = {2009}
}
Download

RIS format (EndNote, RefMan)

TY  - RPRT
AB  - We study methods that allow web sites to safely combine JavaScriptfrom untrusted sources. If implemented properly,  lters can prevent dangerouscode from loading into the execution environment, while rewriting allows greaterexpressiveness by inserting run-time checks. Wrapping properties of the execu-tion environment can prevent misuse without requiring changes to importedJavaScript.Using a formal semantics for the ECMA 262-3 standard language, we provesecurity properties of a subset of JavaScript, comparable in expressiveness toFacebook FBJS, obtained by combining three isolation mechanisms. The isola-tion guarantees of the three mechanisms are interdependent, with rewriting andwrapper functions relying on the absence of JavaScript constructs eliminatedby language  lters.
AU  - Maffeis,S
AU  - Mitchell,JC
AU  - Taly,A
DO  - 10.25561/95277
PB  - Department of Computing, Imperial College London
PY  - 2009///
TI  - Isolating JavaScript with filters, rewriting, and wrappers
T1  - Departmental Technical Report: 09/6
UR  - http://dx.doi.org/10.25561/95277
UR  - http://hdl.handle.net/10044/1/95277
ER  -
Download