Jeff Terrace, Stephen R. Beard, and Naga Praveen Kumar Katta
Proceedings of the 3rd USENIX conference on Web Application Development (WebApps), June 2012.
ubiquitous platform for deploying web applications. Unfortunately, an
application developer who wishes to include a third-party script must enter
into an implicit trust relationship with the third-party--granting it
unmediated access to its entire application content.
completely isolated, sandboxed environment. An application can, at runtime,
create and interact with the objects, properties, and methods available from
within the sandboxed environment, giving it complete control over the
is compatible with major browsers, and is resilient to attacks from malicious
We conduct a performance evaluation quantifying the overhead of using js.js and
present an example of using js.js to execute Twitter's Tweet Button API.