Software

ADsafety: Type-Based Verification of JavaScript Sandboxing

Download Now Free registration required

Executive Summary

Web sites routinely incorporate JavaScript programs from several sources into a single page. These sources must be protected from one another, which require robust sandboxing. The many entry-points of sandboxes and the subtleties of JavaScript demand robust verification of the actual sandbox source. The authors use a novel type system for JavaScript to encode and verify sandboxing properties. The resulting verifier is lightweight and efficient, and operates on actual source. They demonstrate the effectiveness of the authors' technique by applying it to ADsafe, which revealed several bugs and other weaknesses.

  • Format: PDF
  • Size: 224.9 KB