Static analysis tools are widely used for vulnerability detection as they understand programs
with complex behavior and millions of lines of code. Despite their popularity, static analysis …

In recent years, the Web witnessed a move towards sophis-ticated client-side functionality.
This shift caused a signifi-cant increase in complexity of deployed JavaScript code and thus …

JavaScript drives the evolution of the web into a powerful application platform. Increasingly,
web applications combine services from different providers. The script inclusion mechanism …

Due to the portability advantage, HTML5-based mobile apps are getting more and more
popular. Unfortunately, the web technology used by HTML5-based mobile apps has a …

JavaScript has been a de facto standard language for client-side web programs, and now it
is expanding its territory to general purpose programs. In this article, we classify the client …

This paper presents KJS, the most complete and throughly tested formal semantics of
JavaScript to date. Being executable, KJS has been tested against the ECMAScript 5.1 …

Prototype pollution is a type of vulnerability specific to prototype-based languages, such as
JavaScript, which allows an adversary to pollute a base object's property, leading to a further …

Node. js is a popular non-browser JavaScript platform that provides useful but sometimes
also vulnerable packages. On one hand, prior works have proposed many program analysis …

Security auditing of industry-scale software systems mandates automation. Static taint
analysis enables deep and exhaustive tracking of suspicious data flows for detection of …

The rapid rise of JavaScript as one of the most popular programming languages of the
present day has led to a demand for sophisticated IDE support similar to what is available for …