validating javascript from realworld websites in a
play

Validating Javascript from Realworld Websites in a Browser-like - PowerPoint PPT Presentation

Feb 07, 2023 •289 likes •492 views

Validating Javascript from Realworld Websites in a Browser-like Environment Sander Snajalg JavaScript (ECMAScript) Object-oriented / functional scripting language Dynamic typing Prototype inheritance Objects are dictionaries of properties

  1. Validating Javascript from Realworld Websites in a Browser-like Environment Sander Sõnajalg

  2. JavaScript (ECMAScript) Object-oriented / functional scripting language Dynamic typing Prototype inheritance Objects are dictionaries of properties Standardized by ECMA, spec. 262.

  3. JS in the Web - Example <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Tra.. <html xmlns= "http://www.w3.org/1999/xhtml" xml:l.. <head> <meta http-equiv= "content-type" content= "text/h.. <title>Images for David Bowie</title> LINKED <script type= "text/javascript" / src= "/js/global-v77.js" / > <script type= "text/javascript" > DISCOGS.set("Session", {loggedin: false , userna.. DISCOGS.set('static_server', ''); </script> EMBEDDED </head>

  4. JavaScript in the Web Every web page is a JavaScript “program” of: JS core functions (ECMA standard) Browser's DOM implementation All linked and embedded snippets of JavaScript Browsers use different JS engines .. and different DOM implementations

  5. Browser Environment General model: In a browser: The website Client's custom JS Custom JS Client's Libs Client's Libs DOM Browser DOM impl Browser JS Core APIs impl W3C standard ECMA's standard The browser

  6. The Goals (1) Statically validate web site JavaScript's syntax (2) Simulate the execution inside a browser, detect runtime errors (3) Report usage of properties/functions that might not work in some browsers

  7. Towards Goal 1: syntax errors Basically equal to parsing Implement myself? Reuse something available? Some browser's JS engine? Which one? Google's V8? Mozilla's SpiderMonkey?

  8. Rhino Mozilla's alternative JavaScript engine Open-source Parser detects syntactical mistakes GOAL 1 Evaluation detects some API-level mistakes Tests for language-extensions can be implemented

  9. Simulated browser environment General model: Simulated environment: Client's custom JS Client's Libs DOM Core APIs Rhino

  10. Env.js A JavaScript implementation of DOM Can be loaded with Rhino

  11. Simulated Browser Environment In a browser: Simulated environment: The website Custom JS Custom JS Client's Libs Client's Libs GOAL 2 Env.js Browser DOM impl Browser JS Rhino impl The browser

  12. Browser-Specific Code // Firefox if (window.addEventListener) { myObject.addEventListener("mouseover", myEventHandler, false ); // IE } else { myObject.attachEvent("onmouseover", myEventHandler); } Quite impossible to distinguish real errors from false positives Mostly in JS libraries

  13. Challenge 1: Eliminating libraries, generated code No point to validate them Contain lot of browser-specific code Various ways: By names of linked scripts By headers If compressed Case-by-case

  14. Challenge 2: Unknown types Example: property srcElement of class Event is undefined in some browsers // ======= e is an Event var e = window.event function MyElement(src) { this .srcElement = src; } // ======= f is something different var f = new MyElement("foo", "bar"); NEED TO REPORT var g = e.srcElement; FALSE POSITIVE IF var h = f.srcElement; REPORTED

  15. Challenge 2: Unknown types State of the Art Type-inference on formalized subset of JS [Anderson et al] Abstract interpretation of JS programs [Jensen et al] Can we do it in a simpler way?

  16. Challenge 2: Unknown types Suggested Approach Rewrite this ... GOAL 3 var g = e.srcElement; ?? var h = f.srcElement; .. to this: if (e instanceof Event) { _report_call$Event$srcElement("myScript.js", 233); } var g = e.srcElement; if (f instanceof Event) { _report_call$Event$srcElement("myScript.js", 234); } var h = f.srcElement;

  17. Demo output

  18. Demo Output (1) =============================================================== *** VALIDATION ERRORS FOR SCRIPT : [embedded javascript, 25 lines] =============================================================== [ERROR] uncaught JavaScript runtime exception: TypeError: Cannot call method "substring" of undefined (around line 2) [WARNING] Reference to undefined property "language" (around line 11) [WARNING] Reference to undefined property "browserLanguage" (around line 11) [WARNING] Reference to undefined property "characterSet" (around line 11) [WARNING] Reference to undefined property "charset" (around line 11) [WARNING] Reference to undefined property "_domain" (around line 5754) [WARNING] Reference to undefined property "domain" (around line 5754)

  19. Demo output (2) S U M M A R Y ============= Runtime Browser- Script Warnings Errors errors specific --------------------------------------------------------------------- fEpost.js 0 0 0 0 embedded script 'var bannersFor 0 1 0 0 js.js 0 0 0 0 embedded script 'var gaJsHost = 0 1 0 0 embedded script 'var pageTracke 6 1 0 0

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Intro to JavaScript September 29th, 2015 DeskHub Overview What is JavaScript? Why use

Intro to JavaScript September 29th, 2015 DeskHub Overview What is JavaScript? Why use

Intro to JavaScript September 29th, 2015 DeskHub Overview What is JavaScript? Why use JavaScript? Where did JavaScript come from? HTML basics How are websites built? DOM basics Javascript basics

840 views • 56 slides
Protecting Users by Confining JavaScript with SWAPI Deian Stefan, Petr Marchenko, Brad Karp,

Protecting Users by Confining JavaScript with SWAPI Deian Stefan, Petr Marchenko, Brad Karp,

Protecting Users by Confining JavaScript with SWAPI Deian Stefan, Petr Marchenko, Brad Karp, David Mazires, Dave Herman, and John C. Mitchell Modern websites are complex Modern websites are complex Modern websites are complex Page code

1.65k views • 97 slides
JavaScript Primer Basic Introduction of JavaScript JavaScript History Why (re)introduce

JavaScript Primer Basic Introduction of JavaScript JavaScript History Why (re)introduce

JavaScript Primer Basic Introduction of JavaScript JavaScript History Why (re)introduce JavaScript? Notorious for being worlds most misunderstood programming language o (Douglas Crockford -

432 views • 11 slides
Introduction to JavaScript Niels Olof Bouvin 2 Overview A brief history of JavaScript and

Introduction to JavaScript Niels Olof Bouvin 2 Overview A brief history of JavaScript and

Introduction to JavaScript Niels Olof Bouvin 2 Overview A brief history of JavaScript and ECMAScript JavaScript for Java developers The JavaScript ecosystem Getting access to JavaScript Some language basics A look at the Node.js standard

1.03k views • 54 slides
Introduction to JavaScript Niels Olof Bouvin 1 Overview A brief history of JavaScript and

Introduction to JavaScript Niels Olof Bouvin 1 Overview A brief history of JavaScript and

Introduction to JavaScript Niels Olof Bouvin 1 Overview A brief history of JavaScript and ECMAScript JavaScript for Java developers The JavaScript ecosystem Getting access to JavaScript Some language basics A look at the Node.js standard

1.1k views • 57 slides
CE419 Session 5: JavaScript Web Programming 1 What is JavaScript? JavaScript is a dynamic

CE419 Session 5: JavaScript Web Programming 1 What is JavaScript? JavaScript is a dynamic

CE419 Session 5: JavaScript Web Programming 1 What is JavaScript? JavaScript is a dynamic programming language. Introduced in 1995 as a way to add programs to web pages in the Netscape Navigator browser. It has made modern web

795 views • 35 slides
RealWorld RealCity RealTerrain Airborne Reality Capture The Integral World of Leica

RealWorld RealCity RealTerrain Airborne Reality Capture The Integral World of Leica

RealWorld RealCity RealTerrain Airborne Reality Capture The Integral World of Leica Airborne Solutions Photogrammetric Week, September 11, 2017 Dr. Hartmut Rosengarten, Director Airborne Solutions EMEA, Leica Geosystems We are used to

760 views • 23 slides
Web Scraping Ben Williams October 9 th 2020 Non-Static Websites Dynamic Websites APIs

Web Scraping Ben Williams October 9 th 2020 Non-Static Websites Dynamic Websites APIs

Web Scraping Ben Williams October 9 th 2020 Non-Static Websites Dynamic Websites APIs Dynamic Websites Drop-downs Scrolling Pop-ups Inputting password Examples Web-Crawling Automate movement through websites

963 views • 24 slides
JavaScript: The Good Parts vs. JavaScript: The Definitive Guide CS 252: Advanced Programming

JavaScript: The Good Parts vs. JavaScript: The Definitive Guide CS 252: Advanced Programming

JavaScript: The Good Parts vs. JavaScript: The Definitive Guide CS 252: Advanced Programming Language Principles Introduction to JavaScript Prof. Tom Austin San Jos State University History of JavaScript In 1995, Netscape hired Brendan

395 views • 16 slides
Advanced JavaScript dates JavaScript timing events JavaScript Lars Larsson cookies Graceful

Advanced JavaScript dates JavaScript timing events JavaScript Lars Larsson cookies Graceful

Advanced JavaScript Lars Larsson Today JavaScript strings JavaScript Advanced JavaScript dates JavaScript timing events JavaScript Lars Larsson cookies Graceful degradation AJAX Summary Lecture #11 Advanced JavaScript 1

831 views • 38 slides
Detec%ng Unknown Inconsistencies in Web Applica%ons Frolin Ocariza Jr. Karthik Pa:abiraman Ali

Detec%ng Unknown Inconsistencies in Web Applica%ons Frolin Ocariza Jr. Karthik Pa:abiraman Ali

Detec%ng Unknown Inconsistencies in Web Applica%ons Frolin Ocariza Jr. Karthik Pa:abiraman Ali Mesbah 1 95% of all websites use JavaScript JavaScript The most popular language on both GitHub and StackOverflow for 4 years 2 Bugs abound

481 views • 35 slides
JavaScript Concepts JavaScript is pretty hard to escape if you want to do anything for the web C

JavaScript Concepts JavaScript is pretty hard to escape if you want to do anything for the web C

JavaScript Concepts JavaScript is pretty hard to escape if you want to do anything for the web C of the Internet Take JavaScript for instance. It's widely criticized in the POPL community for getting many things wrong. But it must have

655 views • 44 slides
Building Faster Websites WebRTC crash course on web performance Ilya Grigorik - @igrigorik Make

Building Faster Websites WebRTC crash course on web performance Ilya Grigorik - @igrigorik Make

Building Faster Websites WebRTC crash course on web performance Ilya Grigorik - @igrigorik Make The Web Fast Google Web performance in one slide... Critical rendering path HTML DOM Render Network JavaScript Layout Paint Tree CSS

1.54k views • 140 slides
Game Development In JavaScript First Impressions Javascript Designed for web application

Game Development In JavaScript First Impressions Javascript Designed for web application

Game Development In JavaScript First Impressions Javascript Designed for web application Had a rough childhood Very misunderstood Performance difference across browsers Benchmark Pros/Cons JavaScript: WebGL &amp; Canvas

939 views • 18 slides
J AVA S CRIPT JavaScript is the programming language of HTML and the Web. JavaScript

J AVA S CRIPT JavaScript is the programming language of HTML and the Web. JavaScript

J AVA S CRIPT JavaScript is the programming language of HTML and the Web. JavaScript Java JavaScript is interpreted by the browser JavaScript 1/15 JS W HERE T O &lt;!DOCTYPE html&gt; &lt;html&gt; &lt;head&gt; &lt;script

591 views • 15 slides
TESTING JAVASCRIPT BUILDING JAVASCRIPT APPLICATIONS YOU WON'T HATE 1/45 Testing Javascript

TESTING JAVASCRIPT BUILDING JAVASCRIPT APPLICATIONS YOU WON'T HATE 1/45 Testing Javascript

TESTING JAVASCRIPT BUILDING JAVASCRIPT APPLICATIONS YOU WON'T HATE 1/45 Testing Javascript Called Testing JS but really about embracing the front end Classic JS meme about &quot;this&quot; This tweet could have ended half way through and

844 views • 45 slides
Easy Hacks to Improve Writer - OOXML Interoperability Sushil Shinde LibreOffice Conference 2014,

Easy Hacks to Improve Writer - OOXML Interoperability Sushil Shinde LibreOffice Conference 2014,

Easy Hacks to Improve Writer - OOXML Interoperability Sushil Shinde LibreOffice Conference 2014, Bern sushil.shinde @synerzip.com 1 About Me S o f t w a r e D e v e l o p e r a t S y n e r z i p

723 views • 46 slides
The Allocation of Talent and U.S. Economic Growth Econometrica 2019 Hsieh, Hurst, Jones, and

The Allocation of Talent and U.S. Economic Growth Econometrica 2019 Hsieh, Hurst, Jones, and

The Allocation of Talent and U.S. Economic Growth Econometrica 2019 Hsieh, Hurst, Jones, and Klenow 1 The Allocation of Talent White Men in 1960: 94% of Doctors, 96% of Lawyers, and 86% of Managers White Men in 2010: 63% of doctors, 61%

568 views • 13 slides
CSE 341 Lecture 23 Introduction to JavaScript slides created by Marty Stepp

CSE 341 Lecture 23 Introduction to JavaScript slides created by Marty Stepp

CSE 341 Lecture 23 Introduction to JavaScript slides created by Marty Stepp http://www.cs.washington.edu/341/ Language timeline category 1960s 1970s 1980s 1990s 2000s scientific Fortran Matlab business Cobol DBMSes SQL VB

985 views • 28 slides
Language basics Timeline Eiffel 11986 1988 (OOSC 1 st edition) Eiffel 2 Eiffel 3 1990-1991 (

Language basics Timeline Eiffel 11986 1988 (OOSC 1 st edition) Eiffel 2 Eiffel 3 1990-1991 (

- 3 - Language basics Timeline Eiffel 11986 1988 (OOSC 1 st edition) Eiffel 2 Eiffel 3 1990-1991 ( Eiffel: The Language ) Eiffel 4 1997 (Precursor mechanism, agents) ECMA 2005 ECMA/ISO 2006 (revised) http://www.ecma-

637 views • 41 slides
OMeta an OO Language for Pattern Matching Alessandro Warth and Ian Piumarta UCLA / Viewpoints

OMeta an OO Language for Pattern Matching Alessandro Warth and Ian Piumarta UCLA / Viewpoints

OMeta an OO Language for Pattern Matching Alessandro Warth and Ian Piumarta UCLA / Viewpoints Research Institute 1 Programming language research idea prototype validation Lexical Analysis Parsing AST Transformations Code Generation 2

549 views • 32 slides
C++0x Regular Expressions Simon Andreas Frimann Lund Datalogisk Institut Kbenhavns

C++0x Regular Expressions Simon Andreas Frimann Lund Datalogisk Institut Kbenhavns

Regular Expressions C++0x Sources C++0x Regular Expressions Simon Andreas Frimann Lund Datalogisk Institut Kbenhavns Universitet Maj 16, 2008 Regular Expressions C++0x Sources Regular Expressions Regular Expression, regex or

545 views • 22 slides
Average choice David Ahn Federico Echenique Kota Saito Harvard-MIT, March 10, 2016 Path

Average choice David Ahn Federico Echenique Kota Saito Harvard-MIT, March 10, 2016 Path

Average choice David Ahn Federico Echenique Kota Saito Harvard-MIT, March 10, 2016 Path independence This paper: An exploration of path independence in stochastic choice. Ahn-Echenique-Saito Average choice Plott path independence Plott

935 views • 81 slides
Implementation of the ECMA Common Language Infrastructure Distributed Real-time Systems Norman

Implementation of the ECMA Common Language Infrastructure Distributed Real-time Systems Norman

RT.NET Towards a Real-Time Implementation of the ECMA Common Language Infrastructure Distributed Real-time Systems Norman Kluge Agenda 2 Introduction Real-Time Aspects Just-In-Time Compiler Memory Management

622 views • 27 slides

More recommend