usenix conference policies
JavaScript in JavaScript (js.js): Sandboxing Third-Party Scripts
| 12 Tuesday | 13 Wednesday | 14 Thursday | 15 Friday |
|---|---|---|---|
| HotCloud '12 | TaPP '12 | ||
| WiAC '12 | USENIX ATC '12 | ||
| UCMS '12 | HotStorage '12 | NSDR '12 | |
| USENIX Cyberlaw '12 | WebApps '12 |
||
Jeff Terrace, Stephen R. Beard, and Naga Praveen Kumar Katta, Princeton University
View the slides online.
Running on billions of today’s computing devices, JavaScript has become a ubiquitous platform for deploying web applications. Unfortunately, an application developer who wishes to include a third-party script must enter into an implicit trust relationship with the third-party—granting it unmediated access to its entire application content.
In this paper, we present js.js, a JavaScript interpreter (which runs in JavaScript) that allows an application to execute a third-party script inside a completely isolated, sandboxed environment. An application can, at runtime, create and interact with the objects, properties, and methods available from within the sandboxed environment, giving it complete control over the third-party script. js.js supports the full range of the JavaScript language, is compatible with major browsers, and is resilient to attacks from malicious scripts.
We conduct a performance evaluation quantifying the overhead of using js.js and present an example of using js.js to execute Twitter’s Tweet Button API.
Open Access Media
USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.
author = {Jeff Terrace and Stephen R. Beard and Naga Praveen Kumar Katta},
title = {{JavaScript} in {JavaScript} (js.js): Sandboxing {Third-Party} Scripts},
booktitle = {3rd USENIX Conference on Web Application Development (WebApps 12)},
year = {2012},
isbn = {978-931971-94-2},
address = {Boston, MA},
pages = {95--100},
url = {https://www.usenix.org/conference/webapps12/technical-sessions/presentation/terrace},
publisher = {USENIX Association},
month = jun
}
connect with us