Aojs

Washizaki, Hironori; Kubo, Atsushi; Mizumachi, Tomohiko; Eguchi, Kazuki; Fukazawa, Yoshiaki; Yoshioka, Nobukazu; Kanuka, Hideyuki; Kobayashi, Toshihiro; Sugimoto, Nobuhide; Nagai, Yoichi; Yamamoto, Ryōichi

doi:10.1145/1509276.1509285

Cited by 18 publications

References 5 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

Safe Wrappers and Sane Policies for Self Protecting JavaScript

Magazinius

Phung

Sands

2012

Information Security Technology for Applications

View full text Add to dashboard Cite

Abstract. Phung et al (ASIACCS'09) describe a method for wrapping built-in methods of JavaScript programs in order to enforce security policies. The method is appealing because it requires neither deep transformation of the code nor browser modification. Unfortunately the implementation outlined suffers from a range of vulnerabilities, and policy construction is restrictive and error prone. In this paper we address these issues to provide a systematic way to avoid the identified vulnerabilities, and make it easier for the policy writer to construct declarative policies -i.e. policies upon which attacker code has no side effects.

show abstract

Safe Wrappers and Sane Policies for Self Protecting JavaScript

Magazinius

Phung

Sands

2012

Information Security Technology for Applications

View full text Add to dashboard Cite

show abstract

Enhancing JavaScript with Transactions

Dhawan

Shan

Ganapathy

2012

ECOOP 2012 – Object-Oriented Programming

View full text Add to dashboard Cite

Systematic adaptation of dynamically generated source code via domain‐specific examples

Song

Tilevich

2018

IET softw.

View full text Add to dashboard Cite

In modern web-based applications, an increasing amount of source code is generated dynamically at runtime. Web applications commonly execute dynamically generated code (DGC) emitted by third-party, black-box generators, run at remote sites. Web developers often need to adapt DGC before it can be executed: embedded HTML can be vulnerable to cross-site scripting attacks; an API may be incompatible with some browsers; and the program's state created by DGC may not be persisting. Lacking any systematic approaches for adapting DGC, web developers resort to ad-hoc techniques that are unsafe and error-prone. This study presents an approach for adapting DGC systematically that follows the program-transformation-byexample paradigm. The proposed approach provides predefined, domain-specific before/after examples that capture the variability of commonly used adaptations. By approving or rejecting these examples, web developers determine the required adaptation transformations, which are encoded in an adaptation script operating on the generated code's abstract syntax tree. The proposed approach is a suite of practical JavaScript program adaptations and their corresponding before/after examples. The authors have successfully applied the approach to real web applications to adapt third-party generated JavaScript code for security, browser compatibility, and persistence.

show abstract

Aojs

Cited by 18 publications

References 5 publications

Safe Wrappers and Sane Policies for Self Protecting JavaScript

Safe Wrappers and Sane Policies for Self Protecting JavaScript

Enhancing JavaScript with Transactions

Systematic adaptation of dynamically generated source code via domain‐specific examples

Contact Info

Product

Resources

About