DOCSLIB.ORG

Cross-Origin Javascript Capability Leaks

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Cross-Origin Javascript Capability Leaks Cross-Origin JavaScript Capability Leaks: Detection, Exploitation, and Defense Adam Barth Joel Weinberger Dawn Song UC Berkeley UC Berkeley UC Berkeley [email protected] [email protected] [email protected] Abstract a script attempts to access the cookie database, the DOM checks whether the script’s security origin We identify a class of Web browser implementation has sufficient privileges to access the cookies. cross-origin JavaScript capability leaks vulnerabilities, , • Object-Capabilities. The JavaScript engine en- which occur when the browser leaks a JavaScript pointer forces the same-origin policy using an object- from one security origin to another. We devise an algo- capability discipline that prevents one Web site rithm for detecting these vulnerabilities by monitoring from obtaining JavaScript pointers to sensitive ob- the “points-to” relation of the JavaScript heap. Our algo- jects that belong to a foreign security origin. With- rithm finds a number of new vulnerabilities in the open- out JavaScript pointers to sensitive objects in for- source WebKit browser engine used by Safari. We pro- eign security origins, malicious scripts are unable pose an approach to mitigate this class of vulnerabilities to interfere with those objects. by adding access control checks to browser JavaScript engines. These access control checks are backwards- Most modern Web browsers, including Internet Ex- compatible because they do not alter semantics of the plorer, Firefox, Safari, Google Chrome, and Opera, use Web platform. Through an application of the inline this design. However, the design’s mismatch in en- cache, we implement these checks with an overhead of forcement paradigms leads to vulnerabilities whenever 1–2% on industry-standard benchmarks. the browser leaks a JavaScript pointer from one secu- rity origin to another. Once a malicious script gets a 1 Introduction JavaScript pointer to an honest JavaScript object, the at- In this paper, we identify a class of Web browser im- tacker can leverage the object-capability security model plementation vulnerabilities, which we refer to as cross- of the JavaScript engine to escalate its DOM privileges. origin JavaScript capabilities leaks, and develop sys- With escalated DOM privileges, the attacker can com- tematic techniques for detecting, exploiting, and defend- pletely compromise the honest security origin by inject- ing against these vulnerabilities. An attacker who ex- ing a malicious script into the honest security origin. ploits a cross-origin JavaScript capability leak can in- To study this class of vulnerabilities, we devise an al- ject a malicious script into an honest Web site’s secu- gorithm for detecting individual cross-origin JavaScript rity origin. These attacks are more severe than cross- capability leaks. Using this algorithm, we uncover new site scripting (XSS) attacks because they affect all Web instances of cross-origin JavaScript capability leaks in sites, including those free of XSS vulnerabilities. Once the WebKit browser engine used by Safari. We then il- an attacker can run script in an arbitrary security origin, lustrate how an attack can abuse these leaked JavaScript the attacker can, for example, issue transactions on the pointers by constructing proof-of-concept exploits. We user’s bank account, regardless of any SSL encryption, propose defending against cross-origin JavaScript capa- cross-site scripting filter, or Web application firewall. bility leaks by harmonizing the security models used by We observe that these cross-origin JavaScript capa- the DOM and the JavaScript engine. bility leaks are caused by an architectural flaw shared • Leak Detection. We design an algorithm for au- by most modern Web browsers: the Document Object tomatically detecting cross-origin JavaScript ca- Model (DOM) and the JavaScript engine enforce the pability leaks by monitoring the “points-to” rela- same-origin policy using two different security models. tion among JavaScript objects in the heap. From The DOM uses an access control model, whereas the this relation, we define the security origin of each JavaScript engine uses object-capabilities. JavaScript object by tracing its “prototype chain.” • Access Control. The DOM enforces the same- We then search the graph for edges that connect ob- origin policy using a reference monitor that pre- jects in one security origin with objects in another vents one Web site from accessing resources allo- security origin. These suspicious edges likely rep- cated to another Web site. For example, whenever resent cross-origin JavaScript capability leaks. • Vulnerabilities and Exploitation. We implement leaks as a class of vulnerabilities. Section 3 presents our our leak detection algorithm and find two new high- algorithm for detecting cross-origin JavaScript capabil- severity cross-origin JavaScript capability leaks in ity leaks. Section 4 details the individual vulnerabili- WebKit. Although these vulnerabilities are imple- ties we uncover with our algorithm and outlines tech- mentation errors in WebKit, the presence of the niques for exploiting these vulnerabilities. Section 5 bugs illustrates the fragility of the general architec- proposes defending against cross-origin JavaScript ca- ture. (Other browsers have historically had similar pability leaks by adding access control checks to the vulnerabilities [17, 18, 19].) We detail these vulner- JavaScript engine. Section 6 relates our work to the lit- abilities and construct proof-of-concept exploits to erature. Section 7 concludes. demonstrate how an attacker can leverage a leaked JavaScript pointer to inject a malicious script into 2 JavaScript Capability Leaks an honest security origin. In this section, we describe our interpretation of • Defense. We propose that browser vendors proac- JavaScript pointers as object-capabilities and identify tively defend against cross-origin JavaScript capa- cross-origin JavaScript capability leaks as a class of im- bility leaks by implementing access control checks plementation vulnerabilities in browsers. We then sketch throughout the JavaScript engine instead of reac- how these vulnerabilities are exploited and the conse- tively plugging each leak. Adding access control quences of a successful exploit. checks to the JavaScript engine addresses the root cause of these vulnerabilities (the mismatch be- 2.1 Object-Capabilities tween the security models used by the DOM and In modern Web browsers, the JavaScript engine en- by the JavaScript engine) and provides defense-in- forces the browser’s same-origin policy using an object- depth in the sense that both an object-capability capability discipline: a script can obtain pointers only and an access control failure are required to create to JavaScript objects created by documents in its se- an exploitable vulnerability. This defense is per- curity origin. A script can obtain JavaScript point- fectly backwards-compatible because these access ers to JavaScript objects either by accessing prop- checks do not alter the semantics of the Web plat- erties of JavaScript object to which the script al- form. Our implementation of these access control ready has a JavaScript pointer or by conjuring cer- checks in WebKit incurs an overhead of only 1–2% tain built-in objects such as the global object and on industry-standard benchmarks. Object.prototype [14]. As in other object- Contributions. We make the following contributions: capability systems, the ability to influence an object is tied to the ability to designate the object. In browsers, • We identify a class of Web browser implementa- a script can manipulate a JavaScript object only if the tion vulnerabilities: cross-origin JavaScript capa- script has a pointer to the object. Without a pointer to bility leaks. These vulnerabilities arise when the an object in a foreign security origin, a malicious script browser leaks a JavaScript pointer from one secu- cannot influence honest JavaScript objects and cannot rity origin to another security origin. interfere with honest security origins. • We introduce an algorithm for detecting cross- One exception to this object-capability discipline is origin JavaScript capability leaks by monitoring the the JavaScript global object. According to the HTML 5 “points-to” relation of the JavaScript heap. Our al- specification [10], the global object (also known as the gorithm uses a graph-based definition of the secu- window object) is visible to foreign security origins. rity origin of a JavaScript object. There are a number of APIs for obtaining pointers to • We reveal cross-origin JavaScript capability leaks global objects from foreign security origins. For exam- and demonstrate techniques for exploiting these ple, the contentWindow property of an <iframe> vulnerabilities. These exploits rely on the mis- element is the global object of the document contained match between the DOM’s access control security in the frame. Unlike most JavaScript objects, the global model and the JavaScript engine’s object-capability object is also a DOM object (called window) and is security model. equipped with a reference monitor that prevents scripts • We propose that browsers defend against cross- in foreign security origins from getting or setting arbi- origin JavaScript capability leaks by implement- trary properties of the object. This reference monitor ing access control checks in the JavaScript engine. does not forbid all accesses because some are desirable. This defense is perfectly backwards-compatible For example, the postMessage
Load more

Recommended publications
  • Differential Fuzzing the Webassembly
    Master’s Programme in Security and Cloud Computing Differential Fuzzing the WebAssembly Master’s Thesis Gilang Mentari Hamidy MASTER’S THESIS Aalto University - EURECOM MASTER’STHESIS 2020 Differential Fuzzing the WebAssembly Fuzzing Différentiel le WebAssembly Gilang Mentari Hamidy This thesis is a public document and does not contain any confidential information. Cette thèse est un document public et ne contient aucun information confidentielle. Thesis submitted in partial fulfillment of the requirements for the degree of Master of Science in Technology. Antibes, 27 July 2020 Supervisor: Prof. Davide Balzarotti, EURECOM Co-Supervisor: Prof. Jan-Erik Ekberg, Aalto University Copyright © 2020 Gilang Mentari Hamidy Aalto University - School of Science EURECOM Master’s Programme in Security and Cloud Computing Abstract Author Gilang Mentari Hamidy Title Differential Fuzzing the WebAssembly School School of Science Degree programme Master of Science Major Security and Cloud Computing (SECCLO) Code SCI3084 Supervisor Prof. Davide Balzarotti, EURECOM Prof. Jan-Erik Ekberg, Aalto University Level Master’s thesis Date 27 July 2020 Pages 133 Language English Abstract WebAssembly, colloquially known as Wasm, is a specification for an intermediate representation that is suitable for the web environment, particularly in the client-side. It provides a machine abstraction and hardware-agnostic instruction sets, where a high-level programming language can target the compilation to the Wasm instead of specific hardware architecture. The JavaScript engine implements the Wasm specification and recompiles the Wasm instruction to the target machine instruction where the program is executed. Technically, Wasm is similar to a popular virtual machine bytecode, such as Java Virtual Machine (JVM) or Microsoft Intermediate Language (MSIL).
    [Show full text]
  • Interaction Between Web Browsers and Script Engines
    IT 12 058 Examensarbete 45 hp November 2012 Interaction between web browsers and script engines Xiaoyu Zhuang Institutionen för informationsteknologi Department of Information Technology Abstract Interaction between web browser and the script engine Xiaoyu Zhuang Teknisk- naturvetenskaplig fakultet UTH-enheten Web browser plays an important part of internet experience and JavaScript is the most popular programming language as a client side script to build an active and Besöksadress: advance end user experience. The script engine which executes JavaScript needs to Ångströmlaboratoriet Lägerhyddsvägen 1 interact with web browser to get access to its DOM elements and other host objects. Hus 4, Plan 0 Browser from host side needs to initialize the script engine and dispatch script source code to the engine side. Postadress: This thesis studies the interaction between the script engine and its host browser. Box 536 751 21 Uppsala The shell where the engine address to make calls towards outside is called hosting layer. This report mainly discussed what operations could appear in this layer and Telefon: designed testing cases to validate if the browser is robust and reliable regarding 018 – 471 30 03 hosting operations. Telefax: 018 – 471 30 00 Hemsida: http://www.teknat.uu.se/student Handledare: Elena Boris Ämnesgranskare: Justin Pearson Examinator: Lisa Kaati IT 12 058 Tryckt av: Reprocentralen ITC Contents 1. Introduction................................................................................................................................
    [Show full text]
  • Machine Learning in the Browser
    Machine Learning in the Browser The Harvard community has made this article openly available. Please share how this access benefits you. Your story matters Citable link http://nrs.harvard.edu/urn-3:HUL.InstRepos:38811507 Terms of Use This article was downloaded from Harvard University’s DASH repository, and is made available under the terms and conditions applicable to Other Posted Material, as set forth at http:// nrs.harvard.edu/urn-3:HUL.InstRepos:dash.current.terms-of- use#LAA Machine Learning in the Browser a thesis presented by Tomas Reimers to The Department of Computer Science in partial fulfillment of the requirements for the degree of Bachelor of Arts in the subject of Computer Science Harvard University Cambridge, Massachusetts March 2017 Contents 1 Introduction 3 1.1 Background . .3 1.2 Motivation . .4 1.2.1 Privacy . .4 1.2.2 Unavailable Server . .4 1.2.3 Simple, Self-Contained Demos . .5 1.3 Challenges . .5 1.3.1 Performance . .5 1.3.2 Poor Generality . .7 1.3.3 Manual Implementation in JavaScript . .7 2 The TensorFlow Architecture 7 2.1 TensorFlow's API . .7 2.2 TensorFlow's Implementation . .9 2.3 Portability . .9 3 Compiling TensorFlow into JavaScript 10 3.1 Motivation to Compile . 10 3.2 Background on Emscripten . 10 3.2.1 Build Process . 12 3.2.2 Dependencies . 12 3.2.3 Bitness Assumptions . 13 3.2.4 Concurrency Model . 13 3.3 Experiences . 14 4 Results 15 4.1 Benchmarks . 15 4.2 Library Size . 16 4.3 WebAssembly . 17 5 Developer Experience 17 5.1 Universal Graph Runner .
    [Show full text]
  • Javascript API Deprecation in the Wild: a First Assessment
    JavaScript API Deprecation in the Wild: A First Assessment Romulo Nascimento, Aline Brito, Andre Hora, Eduardo Figueiredo Department of Computer Science Federal University of Minas Gerais, Brazil romulonascimento, alinebrito, andrehora,figueiredo @dcc.ufmg.br { } Abstract—Building an application using third-party libraries of our knowledge, there are no detailed studies regarding API is a common practice in software development. As any other deprecation in the JavaScript ecosystem. software system, code libraries and their APIs evolve over JavaScript has become extremely popular over the last years. time. In order to help version migration and ensure backward According to the Stack Overflow 2019 Developer Survey1, compatibility, a recommended practice during development is to deprecate API. Although studies have been conducted to JavaScript is the most popular programming language in this investigate deprecation in some programming languages, such as platform for the seventh consecutive year. GitHub also reports Java and C#, there are no detailed studies on API deprecation that JavaScript is the most popular language in terms of unique in the JavaScript ecosystem. This paper provides an initial contributors to both public and private repositories2. The npm assessment of API deprecation in JavaScript by analyzing 50 platform, the largest JavaScript package manager, states on popular software projects. Initial results suggest that the use of 3 deprecation mechanisms in JavaScript packages is low. However, their latest survey that 99% of JavaScript developers rely on wefindfive different ways that developers use to deprecate API npm to ease the management of their project dependencies. in the studied projects. Among these solutions, deprecation utility This survey also points out the massive growth in npm usage (i.e., any sort of function specially written to aid deprecation) and that started about 5 years ago.
    [Show full text]
  • La Promotion Du Web Ouvert a Bien Changé Mais Mozilla Est Toujours Là
    La promotion du Web Ouvert a bien changé mais Mozilla est toujours là Promouvoir le Web ouvert est l’une des missions de Mozilla. Mission parfaitement assumée et réussie il y a quelques années avec l’avènement de Firefox qui obligea Internet Explorer à quitter son arrogance pour rentrer dans le rang et se montrer plus respectueux des standards et donc des internautes. Sauf qu’aujourd’hui la donne a sensiblement changé. Avec la mobilité, les stores, les apps, les navigateurs intégrés, etc. c’est en effet un Web bien plus complexe qui se présente devant nous. Un Web enthousiasmant[1] mais plein d’embûches pour ceux qui sont attachés à son ouverture et à sa neutralité. C’est tout l’objet de ce très intéressant récent billet du développeur Mozilla Robert O’Callahan. Des changements dans la façon de promouvoir le Web Ouvert Shifts In Promoting The Open Web Robert O’Callahan – 30 septembre 201 – Blog personnel (Traduction Framalang : Antistress et Goofy) Historiquement Mozilla a dépensé pas mal d’énergie pour promouvoir l’usage du « Web ouvert » plutôt que de plateformes propriétaires et de code spécifique à des navigateurs non standards (IE6). Cette évangélisation reste nécessaire mais le paysage s’est modifié et je pense que notre discours doit s’adapter. Les plateformes dont nous devons nous préoccuper ont beaucoup changé. Au lieu de WPF, Slivertlight and Flash, les outils propriétaires pour développeurs avec lesquelles il faut rivaliser dorénavant sont iOS et Android. En conséquence, les fonctionnalités que le Web doit intégrer sont à présent orientées vers la mobilité.
    [Show full text]
  • Netscape 6.2.3 Software for Solaris Operating Environment
    What’s New in Netscape 6.2 Netscape 6.2 builds on the successful release of Netscape 6.1 and allows you to do more online with power, efficiency and safety. New is this release are: Support for the latest operating systems ¨ BETTER INTEGRATION WITH WINDOWS XP q Netscape 6.2 is now only one click away within the Windows XP Start menu if you choose Netscape as your default browser and mail applications. Also, you can view the number of incoming email messages you have from your Windows XP login screen. ¨ FULL SUPPORT FOR MACINTOSH OS X Other enhancements Netscape 6.2 offers a more seamless experience between Netscape Mail and other applications on the Windows platform. For example, you can now easily send documents from within Microsoft Word, Excel or Power Point without leaving that application. Simply choose File, “Send To” to invoke the Netscape Mail client to send the document. What follows is a more comprehensive list of the enhancements delivered in Netscape 6.1 CONFIDENTIAL UNTIL AUGUST 8, 2001 Netscape 6.1 Highlights PR Contact: Catherine Corre – (650) 937-4046 CONFIDENTIAL UNTIL AUGUST 8, 2001 Netscape Communications Corporation ("Netscape") and its licensors retain all ownership rights to this document (the "Document"). Use of the Document is governed by applicable copyright law. Netscape may revise this Document from time to time without notice. THIS DOCUMENT IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN NO EVENT SHALL NETSCAPE BE LIABLE FOR INDIRECT, SPECIAL, INCIDENTAL, OR CONSEQUENTIAL DAMAGES OF ANY KIND ARISING FROM ANY ERROR IN THIS DOCUMENT, INCLUDING WITHOUT LIMITATION ANY LOSS OR INTERRUPTION OF BUSINESS, PROFITS, USE OR DATA.
    [Show full text]
  • Casperjs Documentation Release 1.1.0-DEV Nicolas Perriault
    CasperJs Documentation Release 1.1.0-DEV Nicolas Perriault February 04, 2016 Contents 1 Installation 3 1.1 Prerequisites...............................................3 1.2 Installing from Homebrew (OSX)....................................3 1.3 Installing from npm...........................................4 1.4 Installing from git............................................4 1.5 Installing from an archive........................................4 1.6 CasperJS on Windows..........................................5 1.7 Known Bugs & Limitations.......................................5 2 Quickstart 7 2.1 A minimal scraping script........................................7 2.2 Now let’s scrape Google!........................................8 2.3 CoffeeScript version...........................................9 2.4 A minimal testing script......................................... 10 3 Using the command line 11 3.1 casperjs native options.......................................... 12 3.2 Raw parameter values.......................................... 13 4 Selectors 15 4.1 CSS3................................................... 15 4.2 XPath................................................... 16 5 Testing 17 5.1 Unit testing................................................ 17 5.2 Browser tests............................................... 18 5.3 Setting Casper options in the test environment............................. 19 5.4 Advanced techniques........................................... 20 5.5 Test command args and options....................................
    [Show full text]
  • Webassembly a New World of Native Exploits on the Web Agenda
    WebAssembly A New World Of Native Exploits On The Web Agenda • Introduction • The WebAssembly Platform • Emscripten • Possible Exploit Scenarios • Conclusion Wasm: What is it good for? ● Archive.org web emulators ● Image/processing ● Video Games ● 3D Modeling ● Cryptography Libraries ● Desktop Application Ports Wasm: Crazy Incoming ● Browsix, jslinux ● Runtime.js (Node), Nebulet ● Cervus ● eWASM Java Applet Joke Slide ● Sandboxed ● Virtual Machine, runs its own instruction set ● Runs in your browser ● Write once, run anywhere ● In the future, will be embedded in other targets What Is WebAssembly? ● A relatively small set of low-level instructions ○ Instructions are executed by browsers ● Native code can be compiled into WebAssembly ○ Allows web developers to take their native C/C++ code to the browser ■ Or Rust, or Go, or anything else that can compile to Wasm ○ Improved Performance Over JavaScript ● Already widely supported in the latest versions of all major browsers ○ Not limited to running in browsers, Wasm could be anywhere Wasm: A Stack Machine Text Format Example Linear Memory Model Subtitle Function Pointers Wasm in the Browser ● Wasm doesn’t have access to memory, DOM, etc. ● Wasm functions can be exported to be callable from JS ● JS functions can be imported into Wasm ● Wasm’s linear memory is a JS resizable ArrayBuffer ● Memory can be shared across instances of Wasm ● Tables are accessible via JS, or can be shared to other instances of Wasm Demo: Wasm in a nutshell Emscripten ● Emscripten is an SDK that compiles C/C++ into .wasm binaries ● LLVM/Clang derivative ● Includes built-in C libraries, etc. ● Also produces JS and HTML code to allow easy integration into a site.
    [Show full text]
  • Learning Javascript Design Patterns
    Learning JavaScript Design Patterns Addy Osmani Beijing • Cambridge • Farnham • Köln • Sebastopol • Tokyo Learning JavaScript Design Patterns by Addy Osmani Copyright © 2012 Addy Osmani. All rights reserved. Revision History for the : 2012-05-01 Early release revision 1 See http://oreilly.com/catalog/errata.csp?isbn=9781449331818 for release details. ISBN: 978-1-449-33181-8 1335906805 Table of Contents Preface ..................................................................... ix 1. Introduction ........................................................... 1 2. What is a Pattern? ...................................................... 3 We already use patterns everyday 4 3. 'Pattern'-ity Testing, Proto-Patterns & The Rule Of Three ...................... 7 4. The Structure Of A Design Pattern ......................................... 9 5. Writing Design Patterns ................................................. 11 6. Anti-Patterns ......................................................... 13 7. Categories Of Design Pattern ............................................ 15 Creational Design Patterns 15 Structural Design Patterns 16 Behavioral Design Patterns 16 8. Design Pattern Categorization ........................................... 17 A brief note on classes 17 9. JavaScript Design Patterns .............................................. 21 The Creational Pattern 22 The Constructor Pattern 23 Basic Constructors 23 Constructors With Prototypes 24 The Singleton Pattern 24 The Module Pattern 27 iii Modules 27 Object Literals 27 The Module Pattern
    [Show full text]
  • Ecmascript (Or ES)
    Lesson: Web Programming(1) Omid Jafarinezhad Sharif University of Technology Objective Covers languages, tools, and techniques for developing interactive and dynamic web pages. Topics include page styling, design, and layout; client and server side scripting; web security; and interacting with data sources such as databases Web development can range from developing the simplest static single page of plain text to the most complex web apps (such as electronic businesses, and social network services) ● HTTP, JavaScript, CSS, HTML5, ReactJs, Flow, Progressive Web App ● Golang, NodeJs, MongoDB, PostgreSQL, Redis ● Docker, Git, YUIDoc, Jest, Materials WebPack, Gulp, Browserify, Locust ● (Optional/Research) Kubernetes, InfluxDB, RabbitMQ, gRPC, Ansible Grading Big Picture Internal or external Content Delivery Email/SMS/... services; may be Network (CDN) Service developed in different language Win HTTP, gRPC HTTP Linux WebSocket front-end back-end Data storage Mac JavaScript, Html, NodeJs, mongoDB, CSS, Ajax, GoLang, cache postgreSQL, WebRTC, ReactJs, C#, Java, InfluxDB, ... Mobile AngularJs,... Dart, ... Redis, AMQP, ... Memcached, ... logs queue Logstash, RabitMQ, Fluentd, ... ZeroMQ, ... back-end 1 Load front-end back-end 2 balancing kubernetes cluster, HAProxy, Docker Swarm, ... back-end 3 Git repository Test, Continuous deployment, Code coverage, Merge, Review Build automation, Deployment automation Development Staging Production Bug User feedback, Crash report,... Continuous ... Continuous Integration basically just means that the developer's
    [Show full text]
  • Communications Cacm.Acm.Org of Theacm 06/2009 Vol.52 No.06
    COMMUNICATIONS CACM.ACM.ORG OF THEACM 06/2009 VOL.52 NO.06 One Laptop Per Child: Vision vs. Reality Hard-Disk Drives: The Good, The Bad, and the Ugly How CS Serves The Developing World Network Front-End Processors The Claremont Report On Database Research Autonomous Helicopters Association for Computing Machinery Think Parallel..... It’s not just what we make. It’s what we make possible. Advancing Technology Curriculum Driving Software Evolution Fostering Tomorrow’s Innovators Learn more at: www.intel.com/thinkparallel ACM Ad.indd 1 4/17/2009 11:20:03 AM ABCD springer.com Noteworthy Computer Science Journals Autonomous Biological Personal and Robots Cybernetics Ubiquitous G. Sukhatme, University W. Senn, Universität Bern, Computing of Southern California, Physiologisches Institut; ACM Viterbi School of Engi- J. Rinzel, National neering, Dept. Computer Institutes of Health (NIH), P. Thomas, Univ. Coll. Science Dept. Health Education & London Interaction Centre Autonomous Robots Welfare; J. L. van Hemmen, reports on the theory and TU München, Abt. Physik Personal and Ubiquitous applications of robotic systems capable of Biological Cybernetics is an interdisciplinary Computing publishes peer-reviewed some degree of self-sufficiency. It features medium for experimental, theoretical and international research on handheld, wearable papers that include performance data on actual application-oriented aspects of information and mobile information devices and the robots in the real world. The focus is on the processing in organisms, including sensory, pervasive communications infrastructure that ability to move and be self-sufficient, not on motor, cognitive, and ecological phenomena. supports them to enable the seamless whether the system is an imitation of biology.
    [Show full text]
  • Casperjs Documentation Release 1.1.0-DEV
    CasperJs Documentation Release 1.1.0-DEV Nicolas Perriault Sep 13, 2018 Contents 1 Installation 3 1.1 Prerequisites...............................................3 1.2 Installing from Homebrew (OSX)....................................4 1.3 Installing from npm...........................................4 1.4 Installing from git............................................4 1.5 Installing from an archive........................................5 1.6 CasperJS on Windows..........................................5 1.7 Known Bugs & Limitations.......................................6 2 Quickstart 7 2.1 A minimal scraping script........................................7 2.2 Now let’s scrape Google!........................................8 2.3 CoffeeScript version...........................................9 2.4 A minimal testing script......................................... 10 3 Using the command line 11 3.1 casperjs native options.......................................... 12 3.2 Raw parameter values.......................................... 13 4 Selectors 15 4.1 CSS3................................................... 15 4.2 XPath................................................... 16 5 Testing 17 5.1 Unit testing................................................ 17 5.2 Browser tests............................................... 18 5.3 Setting Casper options in the test environment............................. 19 5.4 Advanced techniques........................................... 20 5.5 Test command args and options....................................
    [Show full text]