Thursday, 1:30–3:00 PM
Chairs: Marco Brambilla

Object Views: Fine-Grained Sharing in Browsers

Leo Meyerovich, Adrienne Felt

Browsers do not currently support the secure sharing of JavaScript objects between principals. We present this problem as the need for object views, which are consistent and controllable versions of objects. Multiple views can be made for the same object and customized for the recipients. We implement object views with a JavaScript library that wraps shared objects and interposes on all access attempts. Developers can control the fine-grained behavior of objects with an aspect system that accepts programmatic policies. The security challenge is to fully mediate access to objects shared through a view and prevent privilege escalation. To facilitate simple document sharing, we build a policy system for declaratively defining policies for document object views. Notably, our document policy system makes it possible to hide elements without breaking document structure invariants. We discuss how object views can be deployed in two settings: same-origin sharing with rewriting-based JavaScript isolation systems like Google Caja, and inter-origin sharing between browser frames over a message-passing channel.

Dynamic and Graphical Web Page Breakpoints

John Barton, Jan Odvarko

Breakpoints are perhaps the quintessential feature of a debugger: they allow a developer to stop time and study the program state. Breakpoints are typically specified by selecting a line of of source code. For large, complex, web pages with multiple developers, the relevant source line for a given user interface problem may not be known to the developer. In this paper we describe the implementation of breakpoints in dynamically created source, and on error messages, network events, DOM mutation, DOM object property changes, and CSS style rule updates. Adding these domain-specific breakpoints to a general-purpose debugger for Javascript allows the developer to initiate the debugging process via Web page abstractions rather than lower level source code views. The breakpoints are implemented in the open source Firebug project, version 1.5, for the Firefox Web browser.

Automated Object Persistence for JavaScript

Brett Cannon, Eric Wohlstadter

Traditionally web applications have lacked any mechanism for persisting data larger than what can fit in an HTTP cookie locally on a user’s machine for offline use. Recently browser plug-ins such as Google Gears have been introduced to facilitate the creation of offline web applications. But it’s difficult for a web developer using these plug-ins to manage persisting data both locally for offline use and in the internet cloud due to synchronization requirements, managing throughput and latency to the cloud, and making all it work within the confines of a standards-compliant web browser. Historically in non-browser environments, programming language environments have offered automated object persistence to shield the developer from these complexities. In this research we have explored a framework which introduces automated persistence of data objects for JavaScript. Unlike traditional object persistence solutions, ours relies only on existing or forthcoming internet standards and does not rely upon specific runtime mechanisms such as OS or interpreter/compiler support. This has required the development of mutation detection of JavaScript data objects transparently, a modification to the standard JavaScript serialization format to use the concept of object references, and consistent synchronization of data objects in an efficient manner using internet cloud storage. We validate our approach using existing benchmarks and show that our framework introduces minimal performance overhead when compared to custom solutions.


Back to full list of papers