Semantics and Security Issues in JavaScript

Semantics and Security Issues in JavaScript. Ducasse, S., Petton, N., Polito, G., & Cassou, D. Technical Report RMod – INRIA Lille-Nord Europe, 2012.
abstract bibtex

There is a plethora of research articles describing the deep semantics of JavaScript. Nevertheless, such articles are often difficult to grasp for readers not familiar with formal semantics. In this report, we propose a digest of the semantics of JavaScript centered around security concerns. This document proposes an overview of the JavaScript language and the misleading semantic points in its design. The first part of the document describes the main characteristics of the language itself. The second part presents how those characteristics can lead to problems. It finishes by showing some coding patterns to avoid certain traps and presents some ECMAScript 5 new features.

@techreport{Duca12a,
  author = {Ducasse, St\'ephane and Petton, Nicolas and Polito, Guillermo and Cassou, Damien},
  title = {Semantics and Security Issues in JavaScript},
  year = {2012},
  abstract = {There is a plethora of research articles describing the deep semantics of JavaScript. Nevertheless, such articles are often difficult to grasp for readers not familiar with formal semantics. In this report, we propose a digest of the semantics of JavaScript centered around security concerns. This document proposes an overview of the JavaScript language and the misleading semantic points in its design. The first part of the document describes the main characteristics of the language itself. The second part presents how those characteristics can lead to problems. It finishes by showing some coding patterns to avoid certain traps and presents some ECMAScript 5 new features.},
  annote = {techreport},
  institution = {RMod -- INRIA Lille-Nord Europe},
  keywords = {JavaScript Dynamic Language Security Isolation Semantics Web HTTP lse-pub stefPub kzLanguageDesign}}

Downloads: 0

{"_id":"4t7h4eJxSdyXKwsPX","bibbaseid":"ducasse-petton-polito-cassou-semanticsandsecurityissuesinjavascript-2012","author_short":["Ducasse, S.","Petton, N.","Polito, G.","Cassou, D."],"bibdata":{"bibtype":"techreport","type":"techreport","author":[{"propositions":[],"lastnames":["Ducasse"],"firstnames":["Stéphane"],"suffixes":[]},{"propositions":[],"lastnames":["Petton"],"firstnames":["Nicolas"],"suffixes":[]},{"propositions":[],"lastnames":["Polito"],"firstnames":["Guillermo"],"suffixes":[]},{"propositions":[],"lastnames":["Cassou"],"firstnames":["Damien"],"suffixes":[]}],"title":"Semantics and Security Issues in JavaScript","year":"2012","abstract":"There is a plethora of research articles describing the deep semantics of JavaScript. Nevertheless, such articles are often difficult to grasp for readers not familiar with formal semantics. In this report, we propose a digest of the semantics of JavaScript centered around security concerns. This document proposes an overview of the JavaScript language and the misleading semantic points in its design. The first part of the document describes the main characteristics of the language itself. The second part presents how those characteristics can lead to problems. It finishes by showing some coding patterns to avoid certain traps and presents some ECMAScript 5 new features.","annote":"techreport","institution":"RMod – INRIA Lille-Nord Europe","keywords":"JavaScript Dynamic Language Security Isolation Semantics Web HTTP lse-pub stefPub kzLanguageDesign","bibtex":"@techreport{Duca12a,\n author = {Ducasse, St\\'ephane and Petton, Nicolas and Polito, Guillermo and Cassou, Damien},\n title = {Semantics and Security Issues in JavaScript},\n year = {2012},\n abstract = {There is a plethora of research articles describing the deep semantics of JavaScript. Nevertheless, such articles are often difficult to grasp for readers not familiar with formal semantics. In this report, we propose a digest of the semantics of JavaScript centered around security concerns. This document proposes an overview of the JavaScript language and the misleading semantic points in its design. The first part of the document describes the main characteristics of the language itself. The second part presents how those characteristics can lead to problems. It finishes by showing some coding patterns to avoid certain traps and presents some ECMAScript 5 new features.},\n annote = {techreport},\n institution = {RMod -- INRIA Lille-Nord Europe},\n keywords = {JavaScript Dynamic Language Security Isolation Semantics Web HTTP lse-pub stefPub kzLanguageDesign}}\n \n","author_short":["Ducasse, S.","Petton, N.","Polito, G.","Cassou, D."],"key":"Duca12a","id":"Duca12a","bibbaseid":"ducasse-petton-polito-cassou-semanticsandsecurityissuesinjavascript-2012","role":"author","urls":{},"keyword":["JavaScript Dynamic Language Security Isolation Semantics Web HTTP lse-pub stefPub kzLanguageDesign"],"metadata":{"authorlinks":{}}},"bibtype":"techreport","biburl":"https://guillep.github.io/mybib.bib","dataSources":["6nk36bPQjjpq3s62d"],"keywords":["javascript dynamic language security isolation semantics web http lse-pub stefpub kzlanguagedesign"],"search_terms":["semantics","security","issues","javascript","ducasse","petton","polito","cassou"],"title":"Semantics and Security Issues in JavaScript","year":2012}