Language-Based Isolation of Untrusted JavaScript

Sergio Maffeis, Ankur Taly
2009 2009 22nd IEEE Computer Security Foundations Symposium  
Web sites that incorporate untrusted content may use browseror language-based methods to keep such content from maliciously altering pages, stealing sensitive information, or causing other harm. We study methods for filtering and rewriting JavaScript code, using Yahoo! ADsafe and Facebook FBJS as motivating examples. We explain the core problems by describing previously unknown vulnerabilities and shortcomings, and give a foundation for improved solutions based on an operational semantics of
more » ... nal semantics of the full ECMA262-3 language. We also discuss how to apply our analysis to address the problems we discovered. Plan of the paper. In Section 2, we describe FBJS, ADsafe, and vulnerabilities we discovered. Language properties supporting filtering and rewriting are discussed in Section 3. In Section 4, we briefly review our previous work [12] on JavaScript operational semantics. In Section 5 we use the operational semantics to identify safe subsets of JavaScript, and prove their properties. In Section 6, we discuss how our results can solve the problems found in FBJS and ADsafe, and discuss the solutions currently adopted. Concluding remarks are in Section 7.
doi:10.1109/csf.2009.11 dblp:conf/csfw/MaffeisT09 fatcat:cdl3hbdf4bervlebp6d5pejpd4