Software

Position Paper: The Case for JavaScript Transactions

Free registration required

Executive Summary

Modern Web applications combine and use JavaScript-based content from multiple untrusted sources. Without proper isolation, such content can compromise the security and privacy of these Web applications. Prior techniques for isolating untrusted JavaScript code do so by restricting dangerous constructs and inlining security checks into third-party code. This paper makes the case that JavaScript must be extended to make isolation a language-level primitive. The authors propose to extend the language using a new transaction construct that allows a Web application to speculatively execute untrusted code and isolate the changes and effects it performs.

  • Format: PDF
  • Size: 145.06 KB