Abstract
We study methods that allow web sites to safely combine JavaScript from untrusted sources. If implemented properly, filters can prevent dangerous code from loading into the execution environment, while rewriting allows greater expressiveness by inserting run-time checks.
Wrapping properties of the execution environment can prevent misuse without requiring changes to imported JavaScript. Using a formal semantics for the ECMA 262-3 standard language, we prove security properties of a subset of JavaScript, comparable in expressiveness to Facebook FBJS, obtained by combining three isolation mechanisms. The isolation guarantees of the three mechanisms are interdependent, with rewriting and wrapper functions relying on the absence of JavaScript constructs eliminated by language filters.
Chapter PDF
Similar content being viewed by others
References
Aktug, I., Dam, M., Gurov, D.: Provably correct runtime monitoring. In: Cuellar, J., Maibaum, T., Sere, K. (eds.) FM 2008. LNCS, vol. 5014, pp. 262–277. Springer, Heidelberg (2008)
Anderson, C., Giannini, P., Drossopoulou, S.: Towards type inference for JavaScript. In: Black, A.P. (ed.) ECOOP 2005. LNCS, vol. 3586, pp. 429–452. Springer, Heidelberg (2005)
Barth, A., Jackson, C., Mitchell, J.C.: Securing browser frame communication. In: 17th USENIX Security Symposium (2008)
Google Caja Team. Google-Caja: A source-to-source translator for securing JavaScript-based web, http://code.google.com/p/google-caja/
Crockford, D.: ADsafe: Making JavaScript safe for advertising (2008), http://www.adsafe.org/
Eich, B.: JavaScript at ten years, http://www.mozilla.org/js/language/ICFP-Keynote.ppt
FaceBook, http://www.facebook.com/
Flanagan, D.: JavaScript: The Definitive Guide. O’Reilly, Sebastopol (2006), http://proquest.safaribooksonline.com/0596101996
Heidegger, P., Thiemann, P.: Recency types for dynamically-typed, object-based languages. In: Foundations of Object-Oriented Languages, FOOL 2009 (2009)
iGoogle, http://www.google.com/ig
ECMA International. ECMAScript language specification. stardard ECMA-262, 3rd edn. (1999), http://www.ecma-international.org/publications/files/ECMA-ST/Ecma-262.pdf
Livshits, B., Guarnieri, S.: Gatekeeper: Mostly static enforcement of security and reliability policies for JavaScript code. MSR-TR-2009-16 (February 2009)
Maffeis, S., Mitchell, J., Taly, A.: Complete ECMA 262-3 operational semantics, http://jssec.net/semantics/
Maffeis, S., Mitchell, J.C., Taly, A.: An operational semantics for JavaScript. In: Ramalingam, G. (ed.) APLAS 2008. LNCS, vol. 5356, pp. 307–325. Springer, Heidelberg (2008)
Maffeis, S., Mitchell, J.C., Taly, A.: Isolating JavaScript with filters, rewriting, and wrappers. Dep. of Computing, Imperial College London, Technical Report DTR09-6 (2009)
Maffeis, S., Mitchell, J.C., Taly, A.: Run-time enforcement of untrusted javascript subsets. In: Web 2.0 Security & Privacy, W2SP (2009)
Maffeis, S., Taly, A.: Language-based isolation of untrusted Javascript. In: Proc. of CSF 2009. IEEE, Los Alamitos (2009); See also: Dep. of Computing, Imperial College London, Technical Report DTR09-3 (2009)
OpenSocial, http://www.opensocial.org/
Sands, D., Phung, P.H., Chudnov, A.: Lightweight self protecting JavaScript. In: ASIACCS 2009. ACM Press, New York (2009)
Plotkin, G.D.: A structural approach to operational semantics. J. Log. Algebr. Program. 60-61, 117–139 (2004)
Reis, C., Dunagan, J., Wang, H., Dubrovsky, O., Esmeir, S.: BrowserShield: Vulnerability-driven filtering of Dynamic HTML. ACM Transactions on the Web 1(3) (2007)
Sabelfeld, A., Askarov, A.: Tight enforcement of flexible information-release policies for dynamic languages. In: Second International Workshop on Proof-Carrying Code 2008 (2008)
The FaceBook Team. FBJS, http://wiki.developers.facebook.com/index.php/FBJS
The FaceBook Team. FBML, http://wiki.developers.facebook.com/index.php/FBML
Thiemann, P.: Towards a type system for analyzing javascript programs. In: Sagiv, M. (ed.) ESOP 2005. LNCS, vol. 3444, pp. 408–422. Springer, Heidelberg (2005)
Thiemann, P.: A type safe DOM API. In: Proc. of DBPL, pp. 169–183 (2005)
Vikram, K., Steiner, M.: Mashup component isolation via server-side analysis and instrumentation. In: Web 2.0 Security & Privacy, W2SP (2008)
YahooApp., http://developer.yahoo.com/yap/
Yu, D., Chander, A., Islam, N., Serikov, I.: JavaScript instrumentation for browser security. In: Proc. of POPL 2007, pp. 237–249 (2007)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2009 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Maffeis, S., Mitchell, J.C., Taly, A. (2009). Isolating JavaScript with Filters, Rewriting, and Wrappers. In: Backes, M., Ning, P. (eds) Computer Security – ESORICS 2009. ESORICS 2009. Lecture Notes in Computer Science, vol 5789. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-04444-1_31
Download citation
DOI: https://doi.org/10.1007/978-3-642-04444-1_31
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-04443-4
Online ISBN: 978-3-642-04444-1
eBook Packages: Computer ScienceComputer Science (R0)