Language-Based Isolation of Untrusted JavaScript

Language-Based Isolation of Untrusted JavaScript

Web sites that incorporate untrusted content may use browser- or language-based methods to keep such content from maliciously altering pages, stealing sensitive information, or causing other harm. We study language-based methods for filtering and rewriting JavaScript code, using Yahoo! ADSafe and Fa...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: Maffeis, S., Taly, A.
Format: Tagungsbericht
Sprache:eng
Schlagworte:
Advertising
Computer science
Computer security
Educational institutions
Electronic mail
Facebook
Filtering
Isolation
Java
JavaScript
Security
Social network services
Subsetting
USA Councils
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:Web sites that incorporate untrusted content may use browser- or language-based methods to keep such content from maliciously altering pages, stealing sensitive information, or causing other harm. We study language-based methods for filtering and rewriting JavaScript code, using Yahoo! ADSafe and Facebook FBJS as motivating examples. We explain the core problems by describing previously unknown vulnerabilities and subtleties, and develop a foundation for improved solutions based on an operational semantics of the full ECMA-262 language. We also discuss how to apply our analysis to address the JavaScript isolation problems we discovered.
ISSN:1063-6900
2377-5459
DOI:10.1109/CSF.2009.11