Semantics and Security Issues in JavaScript
St\'ephane Ducasse (INRIA Lille - Nord Europe), Nicolas Petton (INRIA, Lille - Nord Europe), Guillermo Polito (INRIA Lille - Nord Europe), Damien, Cassou (INRIA Lille - Nord Europe)
TL;DR
This paper provides an accessible overview of JavaScript semantics focused on security issues, highlighting language features that can lead to vulnerabilities and offering coding best practices and ECMAScript 5 updates.
Contribution
It offers a digest of JavaScript semantics emphasizing security concerns, making complex formal semantics accessible and practical for developers.
Findings
Identifies semantic features leading to security vulnerabilities
Provides coding patterns to mitigate common traps
Highlights ECMAScript 5 features enhancing security
Abstract
There is a plethora of research articles describing the deep semantics of JavaScript. Nevertheless, such articles are often difficult to grasp for readers not familiar with formal semantics. In this report, we propose a digest of the semantics of JavaScript centered around security concerns. This document proposes an overview of the JavaScript language and the misleading semantic points in its design. The first part of the document describes the main characteristics of the language itself. The second part presents how those characteristics can lead to problems. It finishes by showing some coding patterns to avoid certain traps and presents some ECMAScript 5 new features.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsLogic, programming, and type systems · Parallel Computing and Optimization Techniques · Distributed systems and fault tolerance