Enhancing JavaScript with Transactions

Dhawan, Mohan; Shan, Chung-chieh; Ganapathy, Vinod

doi:10.1007/978-3-642-31057-7_18

Cited by 8 publications

(17 citation statements)

References 23 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…When a transaction is rolled back, the program's state is restored to the point right before the transactional code started execution. To avail this powerful mechanism to Web applications, Dhawan et al [9] added transactions to JavaScript. As their implementation strategy, they extended the language with a new keyword, transaction that the programmer can use to delineate transaction boundaries; the implementation also includes a library, called Transcript, with the API for managing transactions.…”

Section: Transactions For Javascriptmentioning

confidence: 99%

“…For our case studies, we replicated the functionalities provided by three third-party libraries that enhance JavaScript programs with persistence [6], security [26], and transactions [9].…”

Section: Case Studiesmentioning

confidence: 99%

“…If each concern's implementation is modularized, programmers can change concerns in isolation without perturbing the rest of the program. Recent state-of-the-art approaches add various (mostly non-functional) concerns to JavaScript programs by providing libraries and frameworks that enhance JavaScript programs with persistence [6], security [26], and transactions [9].…”

Section: Introductionmentioning

confidence: 99%

“…The annotation processor instartIndex, StringBuilder buf);9 String getAspecTemplate(String entrypoint);10 String getMultiLine(List<String> f_contents,11 int startIndex); 12 } Figure A.2. The annotation processing interface.…”

mentioning

confidence: 99%

See 3 more Smart Citations

Tae-Js

Song

Tilevich

2013

Proceedings of the 2013 International Conference on Principles and Practices of Programming on the Java Platform: Virtual Machi

View full text Add to dashboard Cite

Recent state-of-the-art approaches enhance JavaScript programs with concerns (e.g., persistence, security, transactions, etc.) by modifying the source code by hand to use special libraries. As a result, adding concerns to a JavaScript program creates divergent codebases that must be maintained separately. At the core of the problem is that JavaScript lacks metadata to express concerns declaratively. In this paper, we present a declarative approach to enhancing JavaScript programs that applies the Java annotations infrastructure to JavaScript, without extending the JavaScript language. An IDE combines JavaScript and Java during the development, but processes the languages separately. Programmers declare how concerns should be added to a JavaScript program using Java annotations. Based on the annotations, a code generator synthesizes aspect code that adds the specified concerns. Although these enhancements are implemented as third-party libraries, our approach can transparently insert them into JavaScript programs given a declarative specification.

show abstract

Section: Transactions For Javascriptmentioning

confidence: 99%

“…For our case studies, we replicated the functionalities provided by three third-party libraries that enhance JavaScript programs with persistence [6], security [26], and transactions [9].…”

Section: Case Studiesmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

mentioning

confidence: 99%

See 2 more Smart Citations

Tae-Js

Song

Tilevich

2013

Proceedings of the 2013 International Conference on Principles and Practices of Programming on the Java Platform: Virtual Machi

View full text Add to dashboard Cite

show abstract

“…Other mashup systems provide more complicated (but more expressive) policy languages. For example, several frameworks modify the JavaScript engine to support transactional JavaScript, such that, if untrusted code violates a security policy, the effects of that code can be rolled back [8], [29]. Mash-IF [17] uses an IFC approach, associating each domain's JavaScript objects with security labels, and using a modified browser to track taint and enforce disclosure policies.…”

Section: Related Workmentioning

confidence: 99%

Pivot: Fast, Synchronous Mashup Isolation Using Generator Chains

Mickens

2014

2014 IEEE Symposium on Security and Privacy

View full text Add to dashboard Cite

Abstract-Pivot is a new JavaScript isolation framework for web applications. Pivot uses iframes as its low-level isolation containers, but it uses code rewriting to implement synchronous cross-domain interfaces atop the asynchronous crossframe postMessage() primitive. Pivot layers a distributed scheduling abstraction across the frames, essentially treating each frame as a thread which can invoke RPCs that are serviced by external threads. By rewriting JavaScript call sites, Pivot can detect RPC invocations; Pivot exchanges RPC requests and responses via postMessage(), and it pauses and restarts frames using a novel rewriting technique that translates each frame's JavaScript code into a restartable generator function. By leveraging both iframes and rewriting, Pivot does not need to rewrite all code, providing an orderof-magnitude performance improvement over rewriting-only solutions. Compared to iframe-only approaches, Pivot provides synchronous RPC semantics, which developers typically prefer over asynchronous RPCs. Pivot also allows developers to use the full, unrestricted JavaScript language, including powerful statements like eval().

show abstract

Flexible access control for javascript

Richards

Hammer

Nardelli

et al. 2013

Proceedings of the 2013 ACM SIGPLAN International Conference on Object Oriented Programming Systems Languages &Amp; Application

View full text Add to dashboard Cite

Providing security guarantees for systems built out of untrusted components requires the ability to define and enforce access control policies over untrusted code. In Web 2.0 applications, JavaScript code from different origins is often combined on a single page, leading to well-known vulnerabilities. We present a security infrastructure which allows users and content providers to specify access control policies over subsets of a JavaScript program by leveraging the concept of delimited histories with revocation. We implement our proposal in WebKit and evaluate it with three policies on 50 widely used websites with no changes to their JavaScript code and report performance overheads and violations.

show abstract

Enhancing JavaScript with Transactions

Cited by 8 publications

References 23 publications

Tae-Js

Tae-Js

Pivot: Fast, Synchronous Mashup Isolation Using Generator Chains

Flexible access control for javascript

Contact Info

Product

Resources

About