Enhancing JavaScript with Transactions

  • Mohan Dhawan
  • Chung-chieh Shan
  • Vinod Ganapathy
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7313)


Transcript is a system that enhances JavaScript with support for transactions. Hosting Web applications can use transactions to demarcate regions that contain untrusted guest code. Actions performed within a transaction are logged and considered speculative until they are examined by the host and committed. Uncommitted actions simply do not take and cannot affect the host in any way. Transcript therefore provides hosting Web applications with powerful mechanisms to understand the behavior of untrusted guests, mediate their actions and also cleanly recover from the effects of security-violating guest code.

This paper describes the design of Transcript and its implementation in Firefox. Our exposition focuses on the novel features introduced by Transcript to support transactions, including a suspend/resume mechanism for JavaScript and support for speculative DOM updates. Our evaluation presents case studies showing that Transcript can be used to enforce powerful security policies on untrusted JavaScript code, and reports its performance on real-world applications and microbenchmarks.


Security Policy Activation Record Event Handler Speculative Execution Mandatory Part 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
  2. 2.
    AJS: The ultra lightweight JavaScript library,
  3. 3.
    BIGACE web content management system,
  4. 4.
  5. 5.
    jQuery: The write less, do more, JavaScript library,
  6. 6.
    Jquery UI slider plugin,
  7. 7.
    JavaScript widgets/menu,
  8. 8.
  9. 9.
    ECMAScript language spec., ECMA-262, 5th edn. (December 2009)Google Scholar
  10. 10.
    Bauer, L., Ligatti, J., Walker, D.: Composing security policies with Polymer. In: ACM PLDI (2005)Google Scholar
  11. 11.
    Cao, Y., Li, Z., Rastogi, V., Chen, Y.: Virtual browser: a Web-level sandbox to secure third-party JavaScript without sacrificing functionality (poster). In: ACM CCS (2010)Google Scholar
  12. 12.
    Chugh, R., Meister, J., Jhala, R., Lerner, S.: Staged information flow in JavaScript. In: ACM SIGPLAN PLDI (2009)Google Scholar
  13. 13.
    Crockford, D.: ADsafe - Making JavaScript safe for advertising,
  14. 14.
    Dhawan, M., Shan, C.-C., Ganapathy, V.: Position paper: The case for JavaScript transactions. In: 5th ACM SIGPLAN PLAS Workshop (June 2010)Google Scholar
  15. 15.
  16. 16.
    Erlingsson, Ú.: The Inlined Reference Monitor Approach to Security Policy Enforcement. PhD thesis, Cornell University (2004)Google Scholar
  17. 17.
    Evans, D., Twyman, A.: Flexible policy-directed code safety. In: IEEE S&P (1999)Google Scholar
  18. 18.
    Facebook. FBJS - Facebook developerwiki (2007)Google Scholar
  19. 19.
    Finifter, M., Weinberger, J., Barth, A.: Preventing capability leaks in secure JavaScript subsets. In: NDSS (2010)Google Scholar
  20. 20.
    Godefroid, P., Klarlund, N., Sen, K.: Dart: directed automated random testing. SIGPLAN Not. 40 (June 2005)Google Scholar
  21. 21.
    Guarnieri, S., Livshits, B.: GateKeeper: Mostly static enforcement of security and reliability policies for JavaScript code. In: USENIX Security (2009)Google Scholar
  22. 22.
    Guha, A., Krishnamurthi, S., Jim, T.: Using static analysis for Ajax intrusion detection. In: WWW (2009)Google Scholar
  23. 23.
    Washizaki, H., et al.: AOJS: Aspect-oriented JavaScript programming framework for Web development. In: Intl. Wkshp. Aspects, Components, and Patterns for Infrastructure Software (2009)Google Scholar
  24. 24.
  25. 25.
    Jim, T., Swamy, N., Hicks, M.: Defeating script injection attacks with browser-enforced embedded policies. In: WWW (2007)Google Scholar
  26. 26.
    Louw, M.T., Ganesh, K.T., Venkatakrishnan, V.N.: Adjail: Practical enforcement of confidentiality and integrity policies on Web advertisements. In: USENIX Security (2010)Google Scholar
  27. 27.
    Ter Louw, M., Venkatakrishnan, V.N.: Blueprint: Robust prevention of cross-site scripting attacks for existing browsers. In: IEEE S&P (2009)Google Scholar
  28. 28.
    Maffeis, S., Mitchell, J.C., Taly, A.: An Operational Semantics for JavaScript. In: Ramalingam, G. (ed.) APLAS 2008. LNCS, vol. 5356, pp. 307–325. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  29. 29.
    Maffeis, S., Mitchell, J.C., Taly, A.: Isolating JavaScript with Filters, Rewriting, and Wrappers. In: Backes, M., Ning, P. (eds.) ESORICS 2009. LNCS, vol. 5789, pp. 505–522. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  30. 30.
    Maffeis, S., Mitchell, J.C., Taly, A.: Object capabilities and isolation of untrusted Web applications. In: IEEE S&P (2010)Google Scholar
  31. 31.
    Maffeis, S., Taly, A.: Language based isolation of untrusted JavaScript. In: IEEE CSF (2009)Google Scholar
  32. 32.
    Mehrara, M., Hsu, P.-C., Samadi, M., Mahlke, S.: Dynamic parallelization of javascript applications using an ultra-lightweight speculation mechanism. In: International Symposium on High-Performance Computer Architecture, pp. 87–98 (2011)Google Scholar
  33. 33.
    Meyerovich, L., Porter Felt, A., Miller, M.S.: Object views: Fine-grained sharing in browsers. In: WWW (2010)Google Scholar
  34. 34.
    Meyerovich, L., Livshits, B.: Conscript: Specifying and enforcing fine-grained security policies for JavaScript in the browser. In: IEEE S&P (2010)Google Scholar
  35. 35.
    Mickens, J., Elson, J., Howell, J., Lorch, J.: Crom: Faster Web browsing using speculative execution. In: NSDI (2010)Google Scholar
  36. 36.
    Miller, M.S., Samuel, M., Laurie, B., Awad, I., Stay, M.: Caja: Safe active content in sanitized JavaScript (2008) (manuscript)Google Scholar
  37. 37.
    Mozilla Developer Center. HTTP access control,
  38. 38.
    Orangoo-Labs. GoogieSpell,
  39. 39.
    Orangoo-Labs GreyBox,
  40. 40.
    Orangoo-Labs. Sortable list widget,
  41. 41.
    Di Paola, S., Fedon, G.: Subverting Ajax: Next generation vulnerabilities in 2.0 Web applications. In: 23rd Chaos Communication Congress (2006)Google Scholar
  42. 42.
    Phung, P., Sands, D., Chudnov, A.: Lightweight self-protecting JavaScript. In: ASIACCS (2009)Google Scholar
  43. 43.
    Reis, C., Dunagan, J., Wang, H.J., Dubrovsky, O., Esmeir, S.: Browsershield: Vulnerability-driven filtering of dynamic HTML. ACM Trans. Web 1(3), 11 (2007)CrossRefGoogle Scholar
  44. 44.
    Sen, K., Marinov, D., Agha, G.: Cute: a concolic unit testing engine for c. SIGSOFT Softw. Eng. Notes 30 (September 2005)Google Scholar
  45. 45.
    Wang, H.J., Fan, X., Howell, J., Jackson, C.: Protection and communication abstractions for web browsers in MashupOS. In: ACM SOSP (2007)Google Scholar
  46. 46.
    Warth, A., Ohshima, Y., Kaehler, T., Kay, A.: Worlds: Controlling the Scope of Side Effects. In: Mezini, M. (ed.) ECOOP 2011. LNCS, vol. 6813, pp. 179–203. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  47. 47.
    WWW-Consortium. Document object model events (November 2000),
  48. 48.
    Yu, D., Chander, A., Islam, N., Serikov, I.: JavaScript instrumentation for browser security. In: ACM POPL (2007)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2012

Authors and Affiliations

  • Mohan Dhawan
    • 1
  • Chung-chieh Shan
    • 2
  • Vinod Ganapathy
    • 1
  1. 1.Rutgers UniversityUSA
  2. 2.University of TsukubaJapan

Personalised recommendations