Modern web applications are conglomerations of JavaScript written by multiple authors:
application developers routinely incorporate code from third-party libraries, and mashup …

JavaScript applications are widely used in a range of scenarios, including Web applications,
mobile applications, and server-side applications. On one hand, due to its excellent cross …

DOM-based cross-site scripting (XSS) is a client-side code injection vulnerability that results
from unsafe dynamic code generation in JavaScript applications, and has few known …

Many important security problems in JavaScript, such as browser extension security,
untrusted JavaScript libraries and safe integration of mutually distrustful websites (mash …

The web execution model allows third-party JavaScript to be leveraged in a single execution
context. Access control for these scripts is currently all or nothing. It has been this way for …

Web servers are vulnerable to a large class of attacks which can allow network attacker to
steal sensitive web content. In this work, we investigate the feasibility of a web server …

Whitelisting has become a common practice to ensure the execution of trusted applications.
However, its effectiveness in protecting client-side web application code has not yet been …

Cross-site scripting (XSS) attacks keep plaguing the Web. Supported by most modern
browsers, Content Security Policy (CSP) prescribes the browser to restrict the features and …

Data containers enable users to control access to their data while untrusted applications
compute on it. However, they require replicating an application inside each container …

Once a web application authenticates a user, it loosely associates all resources owned by
the user to the web session established. Consequently, any scripts injected into the victim …