validating javascript from realworld websites in a
play

Validating Javascript from Realworld Websites in a Browser-like - PowerPoint PPT Presentation

Feb 07, 2023 •289 likes •492 views

Validating Javascript from Realworld Websites in a Browser-like Environment Sander Snajalg JavaScript (ECMAScript) Object-oriented / functional scripting language Dynamic typing Prototype inheritance Objects are dictionaries of properties

  1. Validating Javascript from Realworld Websites in a Browser-like Environment Sander Sõnajalg

  2. JavaScript (ECMAScript) Object-oriented / functional scripting language Dynamic typing Prototype inheritance Objects are dictionaries of properties Standardized by ECMA, spec. 262.

  3. JS in the Web - Example <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Tra.. <html xmlns= "http://www.w3.org/1999/xhtml" xml:l.. <head> <meta http-equiv= "content-type" content= "text/h.. <title>Images for David Bowie</title> LINKED <script type= "text/javascript" / src= "/js/global-v77.js" / > <script type= "text/javascript" > DISCOGS.set("Session", {loggedin: false , userna.. DISCOGS.set('static_server', ''); </script> EMBEDDED </head>

  4. JavaScript in the Web Every web page is a JavaScript “program” of: JS core functions (ECMA standard) Browser's DOM implementation All linked and embedded snippets of JavaScript Browsers use different JS engines .. and different DOM implementations

  5. Browser Environment General model: In a browser: The website Client's custom JS Custom JS Client's Libs Client's Libs DOM Browser DOM impl Browser JS Core APIs impl W3C standard ECMA's standard The browser

  6. The Goals (1) Statically validate web site JavaScript's syntax (2) Simulate the execution inside a browser, detect runtime errors (3) Report usage of properties/functions that might not work in some browsers

  7. Towards Goal 1: syntax errors Basically equal to parsing Implement myself? Reuse something available? Some browser's JS engine? Which one? Google's V8? Mozilla's SpiderMonkey?

  8. Rhino Mozilla's alternative JavaScript engine Open-source Parser detects syntactical mistakes GOAL 1 Evaluation detects some API-level mistakes Tests for language-extensions can be implemented

  9. Simulated browser environment General model: Simulated environment: Client's custom JS Client's Libs DOM Core APIs Rhino

  10. Env.js A JavaScript implementation of DOM Can be loaded with Rhino

  11. Simulated Browser Environment In a browser: Simulated environment: The website Custom JS Custom JS Client's Libs Client's Libs GOAL 2 Env.js Browser DOM impl Browser JS Rhino impl The browser

  12. Browser-Specific Code // Firefox if (window.addEventListener) { myObject.addEventListener("mouseover", myEventHandler, false ); // IE } else { myObject.attachEvent("onmouseover", myEventHandler); } Quite impossible to distinguish real errors from false positives Mostly in JS libraries

  13. Challenge 1: Eliminating libraries, generated code No point to validate them Contain lot of browser-specific code Various ways: By names of linked scripts By headers If compressed Case-by-case

  14. Challenge 2: Unknown types Example: property srcElement of class Event is undefined in some browsers // ======= e is an Event var e = window.event function MyElement(src) { this .srcElement = src; } // ======= f is something different var f = new MyElement("foo", "bar"); NEED TO REPORT var g = e.srcElement; FALSE POSITIVE IF var h = f.srcElement; REPORTED

  15. Challenge 2: Unknown types State of the Art Type-inference on formalized subset of JS [Anderson et al] Abstract interpretation of JS programs [Jensen et al] Can we do it in a simpler way?

  16. Challenge 2: Unknown types Suggested Approach Rewrite this ... GOAL 3 var g = e.srcElement; ?? var h = f.srcElement; .. to this: if (e instanceof Event) { _report_call$Event$srcElement("myScript.js", 233); } var g = e.srcElement; if (f instanceof Event) { _report_call$Event$srcElement("myScript.js", 234); } var h = f.srcElement;

  17. Demo output

  18. Demo Output (1) =============================================================== *** VALIDATION ERRORS FOR SCRIPT : [embedded javascript, 25 lines] =============================================================== [ERROR] uncaught JavaScript runtime exception: TypeError: Cannot call method "substring" of undefined (around line 2) [WARNING] Reference to undefined property "language" (around line 11) [WARNING] Reference to undefined property "browserLanguage" (around line 11) [WARNING] Reference to undefined property "characterSet" (around line 11) [WARNING] Reference to undefined property "charset" (around line 11) [WARNING] Reference to undefined property "_domain" (around line 5754) [WARNING] Reference to undefined property "domain" (around line 5754)

  19. Demo output (2) S U M M A R Y ============= Runtime Browser- Script Warnings Errors errors specific --------------------------------------------------------------------- fEpost.js 0 0 0 0 embedded script 'var bannersFor 0 1 0 0 js.js 0 0 0 0 embedded script 'var gaJsHost = 0 1 0 0 embedded script 'var pageTracke 6 1 0 0

Recommend

Intro to JavaScript September 29th, 2015 DeskHub Overview What is JavaScript? Why use

Intro to JavaScript September 29th, 2015 DeskHub Overview What is JavaScript? Why use

Intro to JavaScript September 29th, 2015 DeskHub Overview What is JavaScript? Why use JavaScript? Where did JavaScript come from? HTML basics How are websites built? DOM basics Javascript basics

840 views • 56 slides
Protecting Users by Confining JavaScript with SWAPI Deian Stefan, Petr Marchenko, Brad Karp,

Protecting Users by Confining JavaScript with SWAPI Deian Stefan, Petr Marchenko, Brad Karp,

Protecting Users by Confining JavaScript with SWAPI Deian Stefan, Petr Marchenko, Brad Karp, David Mazires, Dave Herman, and John C. Mitchell Modern websites are complex Modern websites are complex Modern websites are complex Page code

1.65k views • 97 slides
JavaScript Primer Basic Introduction of JavaScript JavaScript History Why (re)introduce

JavaScript Primer Basic Introduction of JavaScript JavaScript History Why (re)introduce

JavaScript Primer Basic Introduction of JavaScript JavaScript History Why (re)introduce JavaScript? Notorious for being worlds most misunderstood programming language o (Douglas Crockford -

432 views • 11 slides
Introduction to JavaScript Niels Olof Bouvin 2 Overview A brief history of JavaScript and

Introduction to JavaScript Niels Olof Bouvin 2 Overview A brief history of JavaScript and

Introduction to JavaScript Niels Olof Bouvin 2 Overview A brief history of JavaScript and ECMAScript JavaScript for Java developers The JavaScript ecosystem Getting access to JavaScript Some language basics A look at the Node.js standard

1.03k views • 54 slides
Introduction to JavaScript Niels Olof Bouvin 1 Overview A brief history of JavaScript and

Introduction to JavaScript Niels Olof Bouvin 1 Overview A brief history of JavaScript and

Introduction to JavaScript Niels Olof Bouvin 1 Overview A brief history of JavaScript and ECMAScript JavaScript for Java developers The JavaScript ecosystem Getting access to JavaScript Some language basics A look at the Node.js standard

1.1k views • 57 slides
CE419 Session 5: JavaScript Web Programming 1 What is JavaScript? JavaScript is a dynamic

CE419 Session 5: JavaScript Web Programming 1 What is JavaScript? JavaScript is a dynamic

CE419 Session 5: JavaScript Web Programming 1 What is JavaScript? JavaScript is a dynamic programming language. Introduced in 1995 as a way to add programs to web pages in the Netscape Navigator browser. It has made modern web

795 views • 35 slides
RealWorld RealCity RealTerrain Airborne Reality Capture The Integral World of Leica

RealWorld RealCity RealTerrain Airborne Reality Capture The Integral World of Leica

RealWorld RealCity RealTerrain Airborne Reality Capture The Integral World of Leica Airborne Solutions Photogrammetric Week, September 11, 2017 Dr. Hartmut Rosengarten, Director Airborne Solutions EMEA, Leica Geosystems We are used to

760 views • 23 slides
Web Scraping Ben Williams October 9 th 2020 Non-Static Websites Dynamic Websites APIs

Web Scraping Ben Williams October 9 th 2020 Non-Static Websites Dynamic Websites APIs

Web Scraping Ben Williams October 9 th 2020 Non-Static Websites Dynamic Websites APIs Dynamic Websites Drop-downs Scrolling Pop-ups Inputting password Examples Web-Crawling Automate movement through websites

963 views • 24 slides
JavaScript: The Good Parts vs. JavaScript: The Definitive Guide CS 252: Advanced Programming

JavaScript: The Good Parts vs. JavaScript: The Definitive Guide CS 252: Advanced Programming

JavaScript: The Good Parts vs. JavaScript: The Definitive Guide CS 252: Advanced Programming Language Principles Introduction to JavaScript Prof. Tom Austin San Jos State University History of JavaScript In 1995, Netscape hired Brendan

395 views • 16 slides
Advanced JavaScript dates JavaScript timing events JavaScript Lars Larsson cookies Graceful

Advanced JavaScript dates JavaScript timing events JavaScript Lars Larsson cookies Graceful

Advanced JavaScript Lars Larsson Today JavaScript strings JavaScript Advanced JavaScript dates JavaScript timing events JavaScript Lars Larsson cookies Graceful degradation AJAX Summary Lecture #11 Advanced JavaScript 1

832 views • 38 slides
Detec%ng Unknown Inconsistencies in Web Applica%ons Frolin Ocariza Jr. Karthik Pa:abiraman Ali

Detec%ng Unknown Inconsistencies in Web Applica%ons Frolin Ocariza Jr. Karthik Pa:abiraman Ali

Detec%ng Unknown Inconsistencies in Web Applica%ons Frolin Ocariza Jr. Karthik Pa:abiraman Ali Mesbah 1 95% of all websites use JavaScript JavaScript The most popular language on both GitHub and StackOverflow for 4 years 2 Bugs abound

481 views • 35 slides
JavaScript Concepts JavaScript is pretty hard to escape if you want to do anything for the web C

JavaScript Concepts JavaScript is pretty hard to escape if you want to do anything for the web C

JavaScript Concepts JavaScript is pretty hard to escape if you want to do anything for the web C of the Internet Take JavaScript for instance. It's widely criticized in the POPL community for getting many things wrong. But it must have

655 views • 44 slides
Building Faster Websites WebRTC crash course on web performance Ilya Grigorik - @igrigorik Make

Building Faster Websites WebRTC crash course on web performance Ilya Grigorik - @igrigorik Make

Building Faster Websites WebRTC crash course on web performance Ilya Grigorik - @igrigorik Make The Web Fast Google Web performance in one slide... Critical rendering path HTML DOM Render Network JavaScript Layout Paint Tree CSS

1.54k views • 140 slides
Game Development In JavaScript First Impressions Javascript Designed for web application

Game Development In JavaScript First Impressions Javascript Designed for web application

Game Development In JavaScript First Impressions Javascript Designed for web application Had a rough childhood Very misunderstood Performance difference across browsers Benchmark Pros/Cons JavaScript: WebGL &amp; Canvas

939 views • 18 slides
J AVA S CRIPT JavaScript is the programming language of HTML and the Web. JavaScript

J AVA S CRIPT JavaScript is the programming language of HTML and the Web. JavaScript

J AVA S CRIPT JavaScript is the programming language of HTML and the Web. JavaScript Java JavaScript is interpreted by the browser JavaScript 1/15 JS W HERE T O &lt;!DOCTYPE html&gt; &lt;html&gt; &lt;head&gt; &lt;script

591 views • 15 slides
TESTING JAVASCRIPT BUILDING JAVASCRIPT APPLICATIONS YOU WON'T HATE 1/45 Testing Javascript

TESTING JAVASCRIPT BUILDING JAVASCRIPT APPLICATIONS YOU WON'T HATE 1/45 Testing Javascript

TESTING JAVASCRIPT BUILDING JAVASCRIPT APPLICATIONS YOU WON'T HATE 1/45 Testing Javascript Called Testing JS but really about embracing the front end Classic JS meme about &quot;this&quot; This tweet could have ended half way through and

844 views • 45 slides
JavaScript: The Good Parts vs. JavaScript: The Definitive Guide For next class, read

JavaScript: The Good Parts vs. JavaScript: The Definitive Guide For next class, read

JavaScript: The Good Parts vs. JavaScript: The Definitive Guide For next class, read http://eloquentjavascript.net/ chapters 1-4. CS 152: Programming Language Paradigms JavaScript Prof. Tom Austin San Jos State University History of

550 views • 17 slides
Javascript Concepts for OO-Programmers 11) Javascript Concepts Objects for OO-Programmers

Javascript Concepts for OO-Programmers 11) Javascript Concepts Objects for OO-Programmers

Javascript Concepts for OO-Programmers 11) Javascript Concepts Objects for OO-Programmers JavaScript Object Notation (JSON) Using JSON instead of AJAX Constructors Emmanuel Benoist Prototypes Reflexion Fall Term 2013-14 Methods and

103 views • 9 slides
What is TypeScript? TypeScript = JavaScript TypeScript = Modern JavaScript TypeScript = Modern

What is TypeScript? TypeScript = JavaScript TypeScript = Modern JavaScript TypeScript = Modern

What is TypeScript? TypeScript = JavaScript TypeScript = Modern JavaScript TypeScript = Modern JavaScript + Types Open source and open development Closely track ECMAScript standard Innovate in type system Best of breed tooling Continuously

909 views • 53 slides
AngularJS Introduction Directives, Modules, Expressions, Controllers Why Angular Good

AngularJS Introduction Directives, Modules, Expressions, Controllers Why Angular Good

AngularJS Introduction Directives, Modules, Expressions, Controllers Why Angular Good choice for creating dynamic website with JavaScript Angular helps you organize your JavaScript Angular helps you create responsive (fast) websites

657 views • 17 slides
CSc 337 LECTURE 7: UNOBTRUSIVE JAVASCRIPT Unobtrusive JavaScript JavaScript event code seen

CSc 337 LECTURE 7: UNOBTRUSIVE JAVASCRIPT Unobtrusive JavaScript JavaScript event code seen

CSc 337 LECTURE 7: UNOBTRUSIVE JAVASCRIPT Unobtrusive JavaScript JavaScript event code seen previously was obtrusive , in the HTML; this is bad style now we'll see how to write unobtrusive JavaScript code HTML with no JavaScript code

877 views • 30 slides
Ajax Asynchronous JavaScript and XML Combination of JavaScript, CSS, XHTML, XML, and the

Ajax Asynchronous JavaScript and XML Combination of JavaScript, CSS, XHTML, XML, and the

Ajax Asynchronous JavaScript and XML Combination of JavaScript, CSS, XHTML, XML, and the XMLHttpRequest object to dynamically modify a portion of a web page using data from the server Goal is to make web applications look and

1.22k views • 101 slides
JavaScript! What is JavaScript? A (traditionally) client-side scripting language Meant

JavaScript! What is JavaScript? A (traditionally) client-side scripting language Meant

JavaScript! What is JavaScript? A (traditionally) client-side scripting language Meant (traditionally) to run entirely on the users browser Defined by the ECMAscript standard, published by the ECMA foundation JavaScript != Java,

657 views • 32 slides
Introduction to Web Design JavaScript Introduction to Web Design JavaScript You can think of a

Introduction to Web Design JavaScript Introduction to Web Design JavaScript You can think of a

Introduction to Web Design JavaScript Introduction to Web Design JavaScript You can think of a web page as consisting of three layers: JavaScript structure, presentation, and behavior. HTML is the structure layer. CSS is the

426 views • 7 slides

More recommend