Check out the new USENIX Web site.

Home About USENIX Events Membership Publications Students
7th USENIX Security Symposium, San Antonio, Texas

Security of Web Browser Scripting Languages: Vulnerabilities, Attacks, and Remedies

Vinod Anupam and Alain Mayer
Bell Laboratories, Lucent Technologies


While conducting a security analysis of JavaScript and VBScript, the most popular scripting languages on the Web, we found some serious flaws. Motivated by this outcome, we propose steps towards a sound definition and design of a security framework for scripting languages on the Web. We show that if such a security framework had been integrated into the respective scripting languages from the very beginning, the probability of preventing the multiple security flaws, that we and other research groups identified, would have been greatly increased.
  • View the full text of this paper in PDF form.

  • If you need the latest Adobe Acrobat Reader, you can download it from Adobe's site.

  • To become a USENIX Member, please see our Membership Information.

?Need help? Use our Contacts page.

Last changed: 12 April 2002 aw
Technical Program
Conference Index