DOCSLIB.ORG

Towards Fine-Grained Access Control in Javascript Contexts

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Towards Fine-Grained Access Control in Javascript Contexts Towards Fine-Grained Access Control in JavaScript Contexts Kailas Patil, Xinshu Dong, Xiaolei Li, Zhenkai Liang Xuxian Jiang School of Computing Department of Computer Science National University of Singapore North Carolina State University Abstract—A typical Web 2.0 application usually includes as the Document Object Model (DOM) [37] in web JavaScript from various sources with different trust. It is browsers. Under SOP, scripts from the same origin share critical to properly regulate JavaScript’s access to web a JavaScript context and host objects. application resources. Unfortunately, existing protection mechanisms in web browsers do not provide enough gran- A common solution for protecting web applications ularity in JavaScript access control. Specifically, existing against a malicious JavaScript component is to host it solutions partially mitigate this sort of threat by only on a separate domain and isolate it in an iFrame in providing access control for certain types of JavaScript the web application. In this way, JavaScript in the third- objects, or by unnecessarily restricting the functionality party component is automatically isolated by browser’s of untrusted JavaScript. In this paper, we systematically analyze the complete access control requirements in a same-origin policy. However, the third-party component web browser’s JavaScript environment and identify the often needs to access host objects to obtain information fundamental lack of fine-grained JavaScript access control from other parts of the web application. To address this mechanisms in modern web browsers. As our solution, we problem, one type of solutions is to restrict the access propose a reference monitor called JCShadow that enables from untrusted JavaScript [3], [15], [24], [28], [29], fine-grained access control in JavaScript contexts without unnecessarily restricting the functionality of JavaScript. We but they unnecessarily impede existing web applications have developed a proof-of-concept prototype in the Mozilla that require a rich set of JavaScript features. For less Firefox browser and the evaluation with real-world attacks restriction on JavaScript functionality, another type of indicates that JCShadow effectively prevents such attacks approaches [18], [25] develops access control mecha- with low performance overhead. nisms to regulate the access to host objects. However, the access control to the objects in a JavaScript context I. INTRODUCTION is still not regulated. JavaScript is one of the most important components on In this paper, we systematically analyze the complete the web platform. It enables a new generation of dynamic access control requirements in the JavaScript environ- and interactive web applications, which commonly use ment, and identify the fundamental lack of fine-grained JavaScript from various sources, such as third-party JavaScript access control mechanisms in modern web JavaScript libraries. Some of these third-party scripts browsers. More specifically, existing access control solu- are untrusted and can become malicious. To ensure web tions in the JavaScript context are still too coarse-grained application security, it is critical to properly regulate and are insufficient to mitigate the threats from third- accesses by JavaScript to web application resources. Web party JavaScript. The overly restrictive policy that blocks browsers control the accesses made by JavaScript using a certain JavaScript feature affects normal functionality the same-origin policy (SOP) [30]. In SOP, an origin is of legitimate web applications. For example, JavaScript defined as the triplet of protocol type, host, and port. allows functions to be overridden during execution, SOP allows a piece of JavaScript to access an object which is commonly used in web application toolkits to only if the JavaScript and the object are from the same smooth out browser differences or fix browser bugs [39]. origin. Under SOP, loading untrusted JavaScript, such as On the other hand, this very feature is being exploited JavaScript libraries and advertisement scripts, opens up by attackers to change the behavior of trusted JavaScript the resources of the whole origin to the script. This is where it should be blocked. When one native object the root of a series of attacks. is overridden by a malicious script, all other scripts To better understand the attacks and existing solu- accessing that object in the same JavaScript context tions, we need to understand the environment in which may be compromised [2], [6], [32]. Therefore, instead JavaScript is executed. A typical JavaScript environment of imposing an all-or-none restriction, the JavaScript includes three components: the JavaScript engine, the context needs a fine-grained access control mechanism JavaScript context, and the host objects. The JavaScript to accommodate both security and functionality. engine executes JavaScript; The JavaScript context con- As our solution, we present JCShadow, a reference tains the objects defined by the JavaScript standard monitor that provides the desired fine-grained access and the objects created in JavaScript code; the host control mechanism for JavaScript context protection. In objects are supplied by the hosting environment, such essence, JCShadow partitions JavaScript objects in a JavaScript context into multiple groups, and confines JavaScript Environment shadow JavaScript context each group using a . With JavaScript Engine the presence of a (shadow) context for each group, we can efficiently isolate one group from another and JS Execution Module effectively regulate cross-group accesses with a security policy so that untrusted JavaScript can execute poten- JavaScript Contexts Native Custom tially dangerous JavaScript features without affecting Objects Objects trusted JavaScript from the same origin. We have implemented a proof-of-concept JCShadow Host Objects by extending the JavaScript engine of Mozilla Firefox. Document XMLHttpRequest Object Model … Our evaluation with real-world example attacks indi- (XHR) cates that JCShadow can effectively block malicious (DOM) JavaScript code from compromising benign JavaScript from the same origin. The capability of performing fine- Fig. 1. Components in a JavaScript Environment. grained access control on JavaScript objects is achieved with a low performance overhead. Moreover, our ex- provides access control in the JavaScript environment. perience indicates that our solution is not limited to We then present a motivating attack example. web browsers. Instead, it can be generally applicable to a variety of JavaScript environments that integrate A. Access Control in the JavaScript Environment JavaScript from different sources, such as bookmarklet- based tools and Firefox extensions. Figure 1 illustrates the components of a JavaScript To summarize, our paper makes the following contri- environment. JavaScript runs in the execution module of butions: the JavaScript engine, which has access to the JavaScript context and the host objects [14]. The JavaScript context • We systematically analyzed the access control prob- contains two types of objects, native objects and custom lem of a JavaScript environment and identified the objects. Native objects (a.k.a., built-in objects) are de- common weakness of existing solutions in handling fined by the JavaScript standard, such as Date, String, untrusted JavaScript, i.e., the lack of fine-grained and etc. Custom objects are defined by JavaScript code, access control mechanism for JavaScript context including variables and functions. Host objects are ob- protection. jects provided by the hosting application (for example, • We presented a novel solution called JCShadow. By the web browser) of the JavaScript engine for accessing effectively dividing JavaScript objects into different peripheral resources outside the JavaScript engine, for groups and providing each group with its own example, DOM and network services. Therefore, for shadow context, JCShadow enables fine-grained ac- each origin, browsers create a JavaScript context and cess control in a JavaScript context. a set of host objects under the same-origin policy. • We demonstrated the effectiveness and practicality JavaScript in one JavaScript context can access all ob- of our approach by implementing a JCShadow jects in the same context, as well as those host objects prototype in Mozilla Firefox 3.5. The evaluation from the same origin, but it is not allowed to access with a number of example attacks confirmed its objects from other origins. Therefore, the access control effectiveness and practicality. in the JavaScript environment is on an all-or-none basis. The rest of this paper is organized as follows. Section To address the lack of granularity in the JavaScript II discusses the problem and existing research work, environment, researchers have proposed a number of and illustrates the attack threat with an example. Next, systems. According to the way these systems handle Section III explains the detailed design of JCShadow various components in the JavaScript environment, we and Section IV presents key implementation details in categorize them as follows: our Mozilla Firefox-based prototype. After that, Section • To prevent malicious JavaScript from accessing V reports our evaluation results and Section VI examines objects from an origin, a few projects recog- possible limitations and suggests ways for improvement. nize unwanted JavaScript and exclude it from the Finally, Section VII covers the related work and Section JavaScript environment [4],
Load more

Recommended publications
  • Differential Fuzzing the Webassembly
    Master’s Programme in Security and Cloud Computing Differential Fuzzing the WebAssembly Master’s Thesis Gilang Mentari Hamidy MASTER’S THESIS Aalto University - EURECOM MASTER’STHESIS 2020 Differential Fuzzing the WebAssembly Fuzzing Différentiel le WebAssembly Gilang Mentari Hamidy This thesis is a public document and does not contain any confidential information. Cette thèse est un document public et ne contient aucun information confidentielle. Thesis submitted in partial fulfillment of the requirements for the degree of Master of Science in Technology. Antibes, 27 July 2020 Supervisor: Prof. Davide Balzarotti, EURECOM Co-Supervisor: Prof. Jan-Erik Ekberg, Aalto University Copyright © 2020 Gilang Mentari Hamidy Aalto University - School of Science EURECOM Master’s Programme in Security and Cloud Computing Abstract Author Gilang Mentari Hamidy Title Differential Fuzzing the WebAssembly School School of Science Degree programme Master of Science Major Security and Cloud Computing (SECCLO) Code SCI3084 Supervisor Prof. Davide Balzarotti, EURECOM Prof. Jan-Erik Ekberg, Aalto University Level Master’s thesis Date 27 July 2020 Pages 133 Language English Abstract WebAssembly, colloquially known as Wasm, is a specification for an intermediate representation that is suitable for the web environment, particularly in the client-side. It provides a machine abstraction and hardware-agnostic instruction sets, where a high-level programming language can target the compilation to the Wasm instead of specific hardware architecture. The JavaScript engine implements the Wasm specification and recompiles the Wasm instruction to the target machine instruction where the program is executed. Technically, Wasm is similar to a popular virtual machine bytecode, such as Java Virtual Machine (JVM) or Microsoft Intermediate Language (MSIL).
    [Show full text]
  • Interaction Between Web Browsers and Script Engines
    IT 12 058 Examensarbete 45 hp November 2012 Interaction between web browsers and script engines Xiaoyu Zhuang Institutionen för informationsteknologi Department of Information Technology Abstract Interaction between web browser and the script engine Xiaoyu Zhuang Teknisk- naturvetenskaplig fakultet UTH-enheten Web browser plays an important part of internet experience and JavaScript is the most popular programming language as a client side script to build an active and Besöksadress: advance end user experience. The script engine which executes JavaScript needs to Ångströmlaboratoriet Lägerhyddsvägen 1 interact with web browser to get access to its DOM elements and other host objects. Hus 4, Plan 0 Browser from host side needs to initialize the script engine and dispatch script source code to the engine side. Postadress: This thesis studies the interaction between the script engine and its host browser. Box 536 751 21 Uppsala The shell where the engine address to make calls towards outside is called hosting layer. This report mainly discussed what operations could appear in this layer and Telefon: designed testing cases to validate if the browser is robust and reliable regarding 018 – 471 30 03 hosting operations. Telefax: 018 – 471 30 00 Hemsida: http://www.teknat.uu.se/student Handledare: Elena Boris Ämnesgranskare: Justin Pearson Examinator: Lisa Kaati IT 12 058 Tryckt av: Reprocentralen ITC Contents 1. Introduction................................................................................................................................
    [Show full text]
  • Machine Learning in the Browser
    Machine Learning in the Browser The Harvard community has made this article openly available. Please share how this access benefits you. Your story matters Citable link http://nrs.harvard.edu/urn-3:HUL.InstRepos:38811507 Terms of Use This article was downloaded from Harvard University’s DASH repository, and is made available under the terms and conditions applicable to Other Posted Material, as set forth at http:// nrs.harvard.edu/urn-3:HUL.InstRepos:dash.current.terms-of- use#LAA Machine Learning in the Browser a thesis presented by Tomas Reimers to The Department of Computer Science in partial fulfillment of the requirements for the degree of Bachelor of Arts in the subject of Computer Science Harvard University Cambridge, Massachusetts March 2017 Contents 1 Introduction 3 1.1 Background . .3 1.2 Motivation . .4 1.2.1 Privacy . .4 1.2.2 Unavailable Server . .4 1.2.3 Simple, Self-Contained Demos . .5 1.3 Challenges . .5 1.3.1 Performance . .5 1.3.2 Poor Generality . .7 1.3.3 Manual Implementation in JavaScript . .7 2 The TensorFlow Architecture 7 2.1 TensorFlow's API . .7 2.2 TensorFlow's Implementation . .9 2.3 Portability . .9 3 Compiling TensorFlow into JavaScript 10 3.1 Motivation to Compile . 10 3.2 Background on Emscripten . 10 3.2.1 Build Process . 12 3.2.2 Dependencies . 12 3.2.3 Bitness Assumptions . 13 3.2.4 Concurrency Model . 13 3.3 Experiences . 14 4 Results 15 4.1 Benchmarks . 15 4.2 Library Size . 16 4.3 WebAssembly . 17 5 Developer Experience 17 5.1 Universal Graph Runner .
    [Show full text]
  • Javascript API Deprecation in the Wild: a First Assessment
    JavaScript API Deprecation in the Wild: A First Assessment Romulo Nascimento, Aline Brito, Andre Hora, Eduardo Figueiredo Department of Computer Science Federal University of Minas Gerais, Brazil romulonascimento, alinebrito, andrehora,figueiredo @dcc.ufmg.br { } Abstract—Building an application using third-party libraries of our knowledge, there are no detailed studies regarding API is a common practice in software development. As any other deprecation in the JavaScript ecosystem. software system, code libraries and their APIs evolve over JavaScript has become extremely popular over the last years. time. In order to help version migration and ensure backward According to the Stack Overflow 2019 Developer Survey1, compatibility, a recommended practice during development is to deprecate API. Although studies have been conducted to JavaScript is the most popular programming language in this investigate deprecation in some programming languages, such as platform for the seventh consecutive year. GitHub also reports Java and C#, there are no detailed studies on API deprecation that JavaScript is the most popular language in terms of unique in the JavaScript ecosystem. This paper provides an initial contributors to both public and private repositories2. The npm assessment of API deprecation in JavaScript by analyzing 50 platform, the largest JavaScript package manager, states on popular software projects. Initial results suggest that the use of 3 deprecation mechanisms in JavaScript packages is low. However, their latest survey that 99% of JavaScript developers rely on wefindfive different ways that developers use to deprecate API npm to ease the management of their project dependencies. in the studied projects. Among these solutions, deprecation utility This survey also points out the massive growth in npm usage (i.e., any sort of function specially written to aid deprecation) and that started about 5 years ago.
    [Show full text]
  • Learning Javascript Design Patterns
    Learning JavaScript Design Patterns Addy Osmani Beijing • Cambridge • Farnham • Köln • Sebastopol • Tokyo Learning JavaScript Design Patterns by Addy Osmani Copyright © 2012 Addy Osmani. All rights reserved. Revision History for the : 2012-05-01 Early release revision 1 See http://oreilly.com/catalog/errata.csp?isbn=9781449331818 for release details. ISBN: 978-1-449-33181-8 1335906805 Table of Contents Preface ..................................................................... ix 1. Introduction ........................................................... 1 2. What is a Pattern? ...................................................... 3 We already use patterns everyday 4 3. 'Pattern'-ity Testing, Proto-Patterns & The Rule Of Three ...................... 7 4. The Structure Of A Design Pattern ......................................... 9 5. Writing Design Patterns ................................................. 11 6. Anti-Patterns ......................................................... 13 7. Categories Of Design Pattern ............................................ 15 Creational Design Patterns 15 Structural Design Patterns 16 Behavioral Design Patterns 16 8. Design Pattern Categorization ........................................... 17 A brief note on classes 17 9. JavaScript Design Patterns .............................................. 21 The Creational Pattern 22 The Constructor Pattern 23 Basic Constructors 23 Constructors With Prototypes 24 The Singleton Pattern 24 The Module Pattern 27 iii Modules 27 Object Literals 27 The Module Pattern
    [Show full text]
  • Ecmascript (Or ES)
    Lesson: Web Programming(1) Omid Jafarinezhad Sharif University of Technology Objective Covers languages, tools, and techniques for developing interactive and dynamic web pages. Topics include page styling, design, and layout; client and server side scripting; web security; and interacting with data sources such as databases Web development can range from developing the simplest static single page of plain text to the most complex web apps (such as electronic businesses, and social network services) ● HTTP, JavaScript, CSS, HTML5, ReactJs, Flow, Progressive Web App ● Golang, NodeJs, MongoDB, PostgreSQL, Redis ● Docker, Git, YUIDoc, Jest, Materials WebPack, Gulp, Browserify, Locust ● (Optional/Research) Kubernetes, InfluxDB, RabbitMQ, gRPC, Ansible Grading Big Picture Internal or external Content Delivery Email/SMS/... services; may be Network (CDN) Service developed in different language Win HTTP, gRPC HTTP Linux WebSocket front-end back-end Data storage Mac JavaScript, Html, NodeJs, mongoDB, CSS, Ajax, GoLang, cache postgreSQL, WebRTC, ReactJs, C#, Java, InfluxDB, ... Mobile AngularJs,... Dart, ... Redis, AMQP, ... Memcached, ... logs queue Logstash, RabitMQ, Fluentd, ... ZeroMQ, ... back-end 1 Load front-end back-end 2 balancing kubernetes cluster, HAProxy, Docker Swarm, ... back-end 3 Git repository Test, Continuous deployment, Code coverage, Merge, Review Build automation, Deployment automation Development Staging Production Bug User feedback, Crash report,... Continuous ... Continuous Integration basically just means that the developer's
    [Show full text]
  • Comparing Javascript Engines
    Comparing Javascript Engines Xiang Pan, Shaker Islam, Connor Schnaith Background: Drive-by Downloads 1. Visiting a malicious website 2. Executing malicious javascript 3. Spraying the heap 4. Exploiting a certain vulnerability 5. Downloading malware 6. Executing malware Background: Drive-by Downloads 1. Visiting a malicious website 2. Executing malicious javascript 3. Spraying the heap 4. Exploiting a certain vulnerability 5. Downloading malware 6. Executing malware Background: Drive-by Downloads Background: Drive-by Downloads Setup: Making the prototype null while in the prototype creates a pointer to something random in the heap. Background: Drive-by Downloads Environment: gc( ) is a function call specific to Firefox, so the attacker would want to spray the heap with an exploit specific to firefox. Background: Drive-by Downloads Obfuscation: If the browser executing the javascript it firefox,the code will proceed to the return statement. Any other browser will exit with an error due to an unrecognized call to gc( ). Background: Drive-by Downloads Download: The return will be to a random location in the heap and due to heap-spraying it will cause shell code to be executed. Background: Goal of Our Project ● The goal is to decode obfuscated scripts by triggering javascript events ● The problem is when triggering events, some errors, resulting from disparity of different engines or some other reasons, may occur and terminate the progress ● We need to find ways to eliminate the errors and Ex 1therefore generate more de-obfuscated scripts <script> function f(){ //some codes gc(); var x=unescape(‘%u4149%u1982%u90 […]’)); eval(x); } </script> Ex 2 <script type="text/javascript" src="/includes/jquery/jquery.js"></script> Project Overview - Part One ● Modify WebKit engine so that it can generate error informations.
    [Show full text]
  • Time-Travel Debugging for Javascript/Node.Js
    Time-Travel Debugging for JavaScript/Node.js Earl T. Barr Mark Marron Ed Maurer University College London, UK Microsoft Research, USA Microsoft, USA [email protected] [email protected] [email protected] Dan Moseley Gaurav Seth Microsoft, USA Microsoft, USA [email protected] [email protected] ABSTRACT Time-traveling in the execution history of a program during de- bugging enables a developer to precisely track and understand the sequence of statements and program values leading to an error. To provide this functionality to real world developers, we embarked on a two year journey to create a production quality time-traveling de- bugger in Microsoft’s open-source ChakraCore JavaScript engine and the popular Node.js application framework. CCS Concepts •Software and its engineering ! Software testing and debug- Figure 1: Visual Studio Code with extra time-travel functional- ging; ity (Step-Back button in top action bar) at a breakpoint. Keywords • Options for both using time-travel during local debugging Time-Travel Debugging, JavaScript, Node.js and for recording a trace in production for postmortem de- bugging or other analysis (Section 2.1). 1. INTRODUCTION • Reverse-Step Local and Dynamic operations (Section 2.2) Modern integrated development environments (IDEs) provide a that allow the developer to step-back in time to the previously range of tools for setting breakpoints, examining program state, and executed statement in the current function or to step-back in manually logging execution. These features enable developers to time to the previously executed statement in any frame in- quickly track down localized bugs, provided all of the relevant val- cluding exception throws or callee returns.
    [Show full text]
  • Investigating Reason As a Substitute for Javascript
    DEGREE PROJECT IN COMPUTER ENGINEERING, FIRST CYCLE, 15 CREDITS STOCKHOLM, SWEDEN 2020 Investigating Reason as a substitute for JavaScript AXEL PETTERSSON KTH ROYAL INSTITUTE OF TECHNOLOGY SCHOOL OF ELECTRICAL ENGINEERING AND COMPUTER SCIENCE Investigation of Reason as a substitute for JavaScript AXEL PETTERSSON Degree Programme in Information and Communication Technology Date: June 4, 2020 Supervisor: Thomas Sjöland Examiner: Johan Montelius School of Electrical Engineering and Computer Science Host company: Slagkryssaren AB Swedish title: Undersökning av Reason som ett substitut till JavaScript Investigation of Reason as a substitute for JavaScript / Undersökning av Reason som ett substitut till JavaScript c 2020 Axel Pettersson Abstract | i Abstract JavaScript has in recent years become one of the most utilized programming languages for developing different kinds of applications. However, even though it has received a lot of praise for its simplicity, versatility and highly active community, it lacks some functionalities and features that a lot of programmers highly value, like static and strict typing, compile-time debugging, and to not be required to make use of third-party libraries to integrate crucial functionality. However, several new languages built on top of JavaScript have been developed to address and resolve these issues developers find with JavaScript without losing the benefits that come with it. One of these super- set languages is Reason, the new syntax and toolchain powered by the OCaml compiler. This thesis aims to address whether there are scenarios where Reason could act as a reasonable substitute of JavaScript by investigating how the languages compare in regards to different criteria. The criteria examined are writability, data structures and typing, reliability and testing, community support, market demand, portability, and performance.
    [Show full text]
  • Node.Js I – Getting Started Chesapeake Node.Js User Group (CNUG)
    Node.js I – Getting Started Chesapeake Node.js User Group (CNUG) https://www.meetup.com/Chesapeake-Region-nodeJS-Developers-Group Agenda ➢ Installing Node.js ✓ Background ✓ Node.js Run-time Architecture ✓ Node.js & npm software installation ✓ JavaScript Code Editors ✓ Installation verification ✓ Node.js Command Line Interface (CLI) ✓ Read-Evaluate-Print-Loop (REPL) Interactive Console ✓ Debugging Mode ✓ JSHint ✓ Documentation Node.js – Background ➢ What is Node.js? ❑ Node.js is a server side (Back-end) JavaScript runtime ❑ Node.js runs “V8” ✓ Google’s high performance JavaScript engine ✓ Same engine used for JavaScript in the Chrome browser ✓ Written in C++ ✓ https://developers.google.com/v8/ ❑ Node.js implements ECMAScript ✓ Specified by the ECMA-262 specification ✓ Node.js support for ECMA-262 standard by version: • https://node.green/ Node.js – Node.js Run-time Architectural Concepts ➢ Node.js is designed for Single Threading ❑ Main Event listeners are single threaded ✓ Events immediately handed off to the thread pool ✓ This makes Node.js perfect for Containers ❑ JS programs are single threaded ✓ Use asynchronous (Non-blocking) calls ❑ Background worker threads for I/O ❑ Underlying Linux kernel is multi-threaded ➢ Event Loop leverages Linux multi-threading ❑ Events queued ❑ Queues processed in Round Robin fashion Node.js – Event Processing Loop Node.js – Downloading Software ➢ Download software from Node.js site: ❑ https://nodejs.org/en/download/ ❑ Supported Platforms ✓ Windows (Installer or Binary) ✓ Mac (Installer or Binary) ✓ Linux
    [Show full text]
  • Approaches to Optimizing V8 Javascript Engine
    Дмитрий Бочарников. Подходы к оптимизации движка JavaScript V8. Труды ИСП РАН, том 27, вып. 6, 2015 г., Dmitry Botcharnikov. Approaches to Optimizing V8 JavaScript Engine. Trudy ISP RAN /Proc. ISP RAS, vol. 27, issue с.21-32 6, 2015, pp. 21-32 To speed up execution of JavaScript programs there were developed several optimization techniques in recent years. One example of modern high-performing JavaScript engine is a V8 engine [2] used in Google Chrome browser and node.js web server among others. This is an open source project which implemented some advanced optimization methods including Just-in-Time compilation [3], Approaches to Optimizing V8 JavaScript Polymorphic Inline Caches [4], optimized recompilation of hot code regions, On Engine Stack Replacement [5] &c. In previous year we were involved in project of optimizing performance of V8 JavaScript engine on major benchmark suites including Octane [6], SunSpider [7] Dmitry Botcharnikov <[email protected]> and Kraken [8]. The project was quite time limited, however we achieved about LLC Samsung R&D Institute Rus, 12, ul. Dvintsev, housing 1, office #1500, 10% total performance improvement compared to open source version. Moscow, 127018, Russian Federation The rest of paper is organized as follow: in Section 2 there is an architectural overview of V8, in Section 3 we enumerate and reason our approaches with more Abstract . JavaScript is one of the most popular programming languages in the world. Started detailed discussion in Sections 4, 5, and 6. We conclude in Section 7. as a simple scripting language for web browsers it now becomes language of choice for millions of engineers in the web, mobile and server-side development.
    [Show full text]
  • Building Maintainable Web Applications Using React – an Evaluation of Architectural Patterns Conducted on Canvas LMS
    Linköping University | Department of Computer and Information Science Master’s thesis, 30 ECTS | Datateknik 2020 | LIU-IDA/LITH-EX-A--20/004--SE Building maintainable web applications using React – An evaluation of architectural patterns conducted on Canvas LMS David Johansson Supervisor : Jonas Wallgren Examiner : Peter Fritzson Linköpings universitet SE–581 83 Linköping +46 13 28 10 00 , www.liu.se Upphovsrätt Detta dokument hålls tillgängligt på Internet - eller dess framtida ersättare - under 25 år från publicer- ingsdatum under förutsättning att inga extraordinära omständigheter uppstår. Tillgång till dokumentet innebär tillstånd för var och en att läsa, ladda ner, skriva ut enstaka ko- pior för enskilt bruk och att använda det oförändrat för ickekommersiell forskning och för undervis- ning. Överföring av upphovsrätten vid en senare tidpunkt kan inte upphäva detta tillstånd. All annan användning av dokumentet kräver upphovsmannens medgivande. För att garantera äktheten, säker- heten och tillgängligheten finns lösningar av teknisk och administrativ art. Upphovsmannens ideella rätt innefattar rätt att bli nämnd som upphovsman i den omfattning som god sed kräver vid användning av dokumentet på ovan beskrivna sätt samt skydd mot att dokumentet ändras eller presenteras i sådan form eller i sådant sammanhang som är kränkande för upphovsman- nens litterära eller konstnärliga anseende eller egenart. För ytterligare information om Linköping University Electronic Press se förlagets hemsida http://www.ep.liu.se/. Copyright The publishers will keep this document online on the Internet - or its possible replacement - for a period of 25 years starting from the date of publication barring exceptional circumstances. The online availability of the document implies permanent permission for anyone to read, to down- load, or to print out single copies for his/hers own use and to use it unchanged for non-commercial research and educational purpose.
    [Show full text]