English

Semantics and Security Issues in JavaScript

Programming Languages 2012-12-12 v1
Authors: Stéphane Ducasse , Nicolas Petton , Guillermo Polito , Damien Cassou
View on arXiv PDF

Abstract

There is a plethora of research articles describing the deep semantics of JavaScript. Nevertheless, such articles are often difficult to grasp for readers not familiar with formal semantics. In this report, we propose a digest of the semantics of JavaScript centered around security concerns. This document proposes an overview of the JavaScript language and the misleading semantic points in its design. The first part of the document describes the main characteristics of the language itself. The second part presents how those characteristics can lead to problems. It finishes by showing some coding patterns to avoid certain traps and presents some ECMAScript 5 new features.

Cite

@article{arxiv.1212.2341,
  title  = {Semantics and Security Issues in JavaScript},
  author = {Stéphane Ducasse and Nicolas Petton and Guillermo Polito and Damien Cassou},
  journal= {arXiv preprint arXiv:1212.2341},
  year   = {2012}
}

Comments

Deliverable Resilience FUI 12: 7.3.2.1 Failles de s\'ecurit\'e en JavaScript / JavaScript security issues

Related papers

View all related →
Cryptography and Security · Computer Science
Characterizing JavaScript Security Code Smells
Vikas Kambhampati, Nehaz Hussain Mohammed, Amin Milani Fard
2024-12-02
Programming Languages · Computer Science
The Essence of JavaScript
Arjun Guha, Claudiu Saftoiu, Shriram Krishnamurthi
2015-10-06
Programming Languages · Computer Science
Linear Matching of JavaScript Regular Expressions
Aurèle Barrière, Clément Pit-Claudel
2024-07-24
Cryptography and Security · Computer Science
An Empirical Study of JavaScript Inclusion Security Issues in Chrome Extensions
Chong Guan
2025-05-27
Software Engineering · Computer Science
Systematic Generation of Conformance Tests for JavaScript
Blake Loring, Johannes Kinder
2021-08-17
Programming Languages · Computer Science
Formal Verification for JavaScript Regular Expressions: a Proven Semantics and its Applications (Extended Version)
Aurèle Barrière, Victor Deng, Clément Pit-Claudel
2026-04-08
Software Engineering · Computer Science
Contemporary Semantic Web Service Frameworks: An Overview and Comparisons
Keyvan Mohebbi, Suhaimi Ibrahim, Norbik Bashah Idris
2012-10-12
Cryptography and Security · Computer Science
JSSignature: Eliminating Third-Party-Hosted JavaScript Infection Threats Using Digital Signatures
Kousha Nakhaei, Ebrahim Ansari, Fateme Ansari
2019-02-11
Programming Languages · Computer Science
Static Program Analysis for String Manipulation Languages
Vincenzo Arceri, Isabella Mastroeni
2019-08-21
Software Engineering · Computer Science
TypeScript's Evolution: An Analysis of Feature Adoption Over Time
Joshua D. Scarsbrook, Mark Utting, Ryan K. L. Ko
2023-03-20
Information Retrieval · Computer Science
Practical Semantic Analysis of Web Sites and Documents
Thierry Despeyroux
2007-05-23
Information Theory · Computer Science
Secure Semantic Communications: Fundamentals and Challenges
Zhaohui Yang, Mingzhe Chen, Gaolei Li, Yang Yang +1
2023-01-05
Programming Languages · Computer Science
SafeStrings: Representing Strings as Structured Data
David Kelly, Mark Marron, David Clark, Earl T. Barr
2019-04-26
Programming Languages · Computer Science
Sound Regular Expression Semantics for Dynamic Symbolic Execution of JavaScript
Blake Loring, Duncan Mitchell, Johannes Kinder
2020-03-16
Cryptography and Security · Computer Science
Secure Coding Practices in Java: Challenges and Vulnerabilities
Na Meng, Stefan Nagy, Daphne Yao, Wenjie Zhuang +1
2017-09-29
Cryptography and Security · Computer Science
A Study of Vulnerability Repair in JavaScript Programs with Large Language Models
Tan Khang Le, Saba Alimadadi, Steven Y. Ko
2024-03-21
Software Engineering · Computer Science
An Empirical Study on README contents for JavaScript Packages
Shohei Ikeda, Akinori Ihara, Raula Gaikovina Kula, Kenichi Matsumoto
2018-02-28
Cryptography and Security · Computer Science
Consideration Points Detecting Cross-Site Scripting
Suman Saha
2009-08-31
Cryptography and Security · Computer Science
A Data-Mining Based Study of Security Vulnerability Types and Their Mitigation in Different Languages
Gábor Antal, Balázs Mosolygó, Norbert Vándor, Péter Hegedüs
2024-05-15
Cryptography and Security · Computer Science
Functional Programming and Security
Yusuf Moosa Motara
2012-01-30
Artificial Intelligence · Computer Science
A Note on Semantic Web Services Specification and Composition in Constructive Description Logics
Loris Bozzato, Mauro Ferrari
2010-07-15
Artificial Intelligence · Computer Science
LLM Censorship: A Machine Learning Challenge or a Computer Security Problem?
David Glukhov, Ilia Shumailov, Yarin Gal, Nicolas Papernot +1
2023-07-25
Computation and Language · Computer Science
A Survey on Semantic Parsing
Aishwarya Kamath, Rajarshi Das
2019-05-31
Networking and Internet Architecture · Computer Science
WebScript -- A Scripting Language for the Web
Yin Zhang
2007-05-23
Software Engineering · Computer Science
An Empirical Study of Developers' Discussions about Security Challenges of Different Programming Languages
Roland Croft, Yongzheng Xie, Mansooreh Zahedi, M. Ali Babar +1
2021-11-29
R2 v1 2026-06-21T22:52:09.686Z