Javascript sandboxing: Isolating and restricting client-side javascript
Paper in proceeding, 2016

Today’s web applications rely on the same-origin policy, the primary security policy of the Web, to isolate their web origin from malicious client-side JavaScript. When an attacker can somehow breach the same-origin policy and execute JavaScript code inside a web application’s origin, he gains full control over all available functionality and data in that web origin. In the JavaScript sandboxing field, we assume that an attacker has the ability to execute JavaScript code in a web application’s origin. The goal of JavaScript sandboxing is to isolate the execution of certain JavaScript code and restrict what functionality and data is available to it. In this paper we discuss proposed JavaScript sandboxing systems divided into three categories: JavaScript sandboxing through JavaScript subsets and rewriting systems, JavaScript sandboxing using browser modifications and JavaScript sandboxing without browser modifications.

Author

Steven Van Acker

Chalmers, Computer Science and Engineering (Chalmers), Software Technology (Chalmers)

Andrei Sabelfeld

Chalmers, Computer Science and Engineering (Chalmers), Software Technology (Chalmers)

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

03029743 (ISSN) 16113349 (eISSN)

Vol. 9808 LNCS 32-86

16th International Summer School on Foundations of Security Analysis and Design, FOSAD 2016
Bertinoro, Italy,

Areas of Advance

Information and Communication Technology

Subject Categories

Computer and Information Science

Roots

Basic sciences

DOI

10.1007/978-3-319-43005-8_2

More information

Latest update

7/28/2021