{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,30]],"date-time":"2026-01-30T00:00:32Z","timestamp":1769731232978,"version":"3.49.0"},"publisher-location":"New York, NY, USA","reference-count":40,"publisher":"ACM","license":[{"start":{"date-parts":[[2011,7,17]],"date-time":"2011-07-17T00:00:00Z","timestamp":1310860800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2011,7,17]]},"DOI":"10.1145\/2001420.2001442","type":"proceedings-article","created":{"date-parts":[[2011,7,20]],"date-time":"2011-07-20T12:34:54Z","timestamp":1311165294000},"page":"177-187","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":107,"title":["Saving the world wide web from vulnerable JavaScript"],"prefix":"10.1145","author":[{"given":"Salvatore","family":"Guarnieri","sequence":"first","affiliation":[{"name":"IBM Watson Research Center and University of Washington"}]},{"given":"Marco","family":"Pistoia","sequence":"additional","affiliation":[{"name":"IBM Watson Research Center"}]},{"given":"Omer","family":"Tripp","sequence":"additional","affiliation":[{"name":"IBM Software Group and Tel Aviv University"}]},{"given":"Julian","family":"Dolby","sequence":"additional","affiliation":[{"name":"IBM Watson Research Center"}]},{"given":"Stephen","family":"Teilhet","sequence":"additional","affiliation":[{"name":"IBM Software Group"}]},{"given":"Ryan","family":"Berg","sequence":"additional","affiliation":[{"name":"IBM Software Group"}]}],"member":"320","published-online":{"date-parts":[[2011,7,17]]},"reference":[{"key":"e_1_3_2_1_2_1","volume-title":"S&P","author":"Ashcraft K.","year":"2002","unstructured":"K. Ashcraft and D. Engler . Using Programmer-Written Compiler Extensions to Catch Security Holes . In S&P , 2002 . K. Ashcraft and D. Engler. Using Programmer-Written Compiler Extensions to Catch Security Holes. In S&P, 2002."},{"key":"e_1_3_2_1_3_1","doi-asserted-by":"publisher","DOI":"10.1145\/236337.236371"},{"key":"e_1_3_2_1_4_1","volume-title":"USENIX Security","author":"Bandhakavi S.","year":"2010","unstructured":"S. Bandhakavi , S. T. King , P. Madhusudan , and M. Winslett . VEX: Vetting Browser Extensions for Security Vulnerabilities . In USENIX Security , 2010 . S. Bandhakavi, S. T. King, P. Madhusudan, and M. Winslett. VEX: Vetting Browser Extensions for Security Vulnerabilities. In USENIX Security, 2010."},{"key":"e_1_3_2_1_5_1","doi-asserted-by":"publisher","DOI":"10.1145\/1455770.1455778"},{"key":"e_1_3_2_1_6_1","doi-asserted-by":"publisher","DOI":"10.1145\/1542476.1542483"},{"key":"e_1_3_2_1_7_1","doi-asserted-by":"publisher","DOI":"10.1145\/115372.115320"},{"key":"e_1_3_2_1_8_1","doi-asserted-by":"publisher","DOI":"10.5555\/646153.679523"},{"key":"e_1_3_2_1_9_1","doi-asserted-by":"publisher","DOI":"10.1145\/360051.360056"},{"key":"e_1_3_2_1_10_1","doi-asserted-by":"publisher","DOI":"10.1145\/359636.359712"},{"key":"e_1_3_2_1_11_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICCL.1992.185463"},{"key":"e_1_3_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.1145\/1146238.1146254"},{"key":"e_1_3_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.1145\/512529.512531"},{"key":"e_1_3_2_1_14_1","volume-title":"S&P","author":"Goguen J. A.","year":"1982","unstructured":"J. A. Goguen and J. Meseguer . Security Policies and Security Models . In S&P , 1982 . J. A. Goguen and J. Meseguer. Security Policies and Security Models. In S&P, 1982."},{"key":"e_1_3_2_1_15_1","doi-asserted-by":"publisher","DOI":"10.1145\/506315.506316"},{"key":"e_1_3_2_1_16_1","volume-title":"USENIX Security","author":"Guarnieri S.","year":"2009","unstructured":"S. Guarnieri and B. Livshits . GATEKEEPER: Mostly Static Enforcement of Security and Reliability Policies for Javascript Code . In USENIX Security , 2009 . S. Guarnieri and B. Livshits. GATEKEEPER: Mostly Static Enforcement of Security and Reliability Policies for Javascript Code. In USENIX Security, 2009."},{"key":"e_1_3_2_1_17_1","doi-asserted-by":"publisher","DOI":"10.1145\/1526709.1526785"},{"key":"e_1_3_2_1_18_1","volume-title":"S&P","author":"Hammer C.","year":"2006","unstructured":"C. Hammer , J. Krinke , and G. Snelting . Information Flow Control for Java Based on Path Conditions in Dependence Graphs . In S&P , 2006 . C. Hammer, J. Krinke, and G. Snelting. Information Flow Control for Java Based on Path Conditions in Dependence Graphs. In S&P, 2006."},{"key":"e_1_3_2_1_19_1","volume-title":"Context-Sensitive Points-to Analysis: Is It Worth It? In CC","author":"Lhot\u00e1k O.","year":"2006","unstructured":"O. Lhot\u00e1k and L. J. Hendren . Context-Sensitive Points-to Analysis: Is It Worth It? In CC , 2006 . O. Lhot\u00e1k and L. J. Hendren. Context-Sensitive Points-to Analysis: Is It Worth It? In CC, 2006."},{"key":"e_1_3_2_1_20_1","volume-title":"USENIX Security","author":"Livshits V. B.","year":"2005","unstructured":"V. B. Livshits and M. S. Lam . Finding Security Vulnerabilities in Java Applications with Static Analysis . In USENIX Security , 2005 . V. B. Livshits and M. S. Lam. Finding Security Vulnerabilities in Java Applications with Static Analysis. In USENIX Security, 2005."},{"key":"e_1_3_2_1_21_1","volume-title":"Rewriting and Wrappers. In ESORICS","author":"Maffeis S.","year":"2009","unstructured":"S. Maffeis , J. C. Mitchell , and A. Taly . Isolating JavaScript with Filters , Rewriting and Wrappers. In ESORICS , 2009 . S. Maffeis, J. C. Mitchell, and A. Taly. Isolating JavaScript with Filters, Rewriting and Wrappers. In ESORICS, 2009."},{"key":"e_1_3_2_1_22_1","doi-asserted-by":"publisher","DOI":"10.1145\/1060745.1060809"},{"key":"e_1_3_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.1145\/292540.292561"},{"key":"e_1_3_2_1_24_1","doi-asserted-by":"publisher","DOI":"10.1145\/268998.266669"},{"key":"e_1_3_2_1_25_1","volume-title":"NDSS","author":"Newsome J.","year":"2005","unstructured":"J. Newsome and D. Song . Dynamic Taint Analysis for Automatic Detection, Analysis, and Signature Generation of Exploits on Commodity Software . In NDSS , 2005 . J. Newsome and D. Song. Dynamic Taint Analysis for Automatic Detection, Analysis, and Signature Generation of Exploits on Commodity Software. In NDSS, 2005."},{"key":"e_1_3_2_1_26_1","doi-asserted-by":"publisher","DOI":"10.1145\/199448.199462"},{"key":"e_1_3_2_1_27_1","doi-asserted-by":"publisher","DOI":"10.1145\/1806596.1806598"},{"key":"e_1_3_2_1_28_1","volume-title":"CC","author":"Ryder B. G.","year":"2003","unstructured":"B. G. Ryder . Dimensions of Precision in Reference Analysis of Object-Oriented Languages . In CC , 2003 . Invited Paper . B. G. Ryder. Dimensions of Precision in Reference Analysis of Object-Oriented Languages. In CC, 2003. Invited Paper."},{"key":"e_1_3_2_1_29_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2010.38"},{"key":"e_1_3_2_1_30_1","volume-title":"NDSS","author":"Saxena P.","year":"2010","unstructured":"P. Saxena , S. Hanna , P. Poosankam , and D. Song . FLAX: Systematic Discovery of Client-side Validation Vulnerabilities in Rich Web Applications . In NDSS , 2010 . P. Saxena, S. Hanna, P. Poosankam, and D. Song. FLAX: Systematic Discovery of Client-side Validation Vulnerabilities in Rich Web Applications. In NDSS, 2010."},{"key":"e_1_3_2_1_31_1","volume-title":"USENIX Security","author":"Shankar U.","year":"2001","unstructured":"U. Shankar , K. Talwar , J. S. Foster , and D. Wagner . Detecting Format String Vulnerabilities with Type Qualifiers . In USENIX Security , 2001 . U. Shankar, K. Talwar, J. S. Foster, and D. Wagner. Detecting Format String Vulnerabilities with Type Qualifiers. In USENIX Security, 2001."},{"key":"e_1_3_2_1_32_1","unstructured":"O. Shivers. Control-Flow Analysis of Higher-Order Languages or Taming Lambda. PhD thesis Carnegie Mellon University Pittsburgh PA USA 1991.   O. Shivers. Control-Flow Analysis of Higher-Order Languages or Taming Lambda . PhD thesis Carnegie Mellon University Pittsburgh PA USA 1991."},{"key":"e_1_3_2_1_33_1","doi-asserted-by":"publisher","DOI":"10.1145\/1178625.1178628"},{"key":"e_1_3_2_1_34_1","doi-asserted-by":"publisher","DOI":"10.1145\/1250734.1250748"},{"key":"e_1_3_2_1_35_1","doi-asserted-by":"publisher","DOI":"10.1145\/1542476.1542486"},{"key":"e_1_3_2_1_36_1","volume-title":"NDSS","author":"Vogt P.","year":"2007","unstructured":"P. Vogt , F. Nentwich , N. Jovanovich , E. Kirda , C. Kruegel , and G. Vigna . Cross-site Scripting Prevention with Dynamic Data Tainting and Static Analysis . In NDSS , 2007 . P. Vogt, F. Nentwich, N. Jovanovich, E. Kirda, C. Kruegel, and G. Vigna. Cross-site Scripting Prevention with Dynamic Data Tainting and Static Analysis. In NDSS, 2007."},{"key":"e_1_3_2_1_37_1","volume-title":"A Sound Type System for Secure Flow Analysis. JCS, 4(2--3)","author":"Volpano D.","year":"1996","unstructured":"D. Volpano , C. Irvine , and G. Smith . A Sound Type System for Secure Flow Analysis. JCS, 4(2--3) , 1996 . D. Volpano, C. Irvine, and G. Smith. A Sound Type System for Secure Flow Analysis. JCS, 4(2--3), 1996."},{"key":"e_1_3_2_1_38_1","doi-asserted-by":"publisher","DOI":"10.1145\/1250734.1250739"},{"key":"e_1_3_2_1_39_1","doi-asserted-by":"publisher","DOI":"10.1145\/1368088.1368112"},{"key":"e_1_3_2_1_40_1","doi-asserted-by":"publisher","DOI":"10.1145\/996841.996859"},{"key":"e_1_3_2_1_41_1","doi-asserted-by":"publisher","DOI":"10.1145\/1190216.1190252"}],"event":{"name":"ISSTA '11: International Symposium on Software Testing and Analysis","location":"Toronto Ontario Canada","acronym":"ISSTA '11","sponsor":["SIGSOFT ACM Special Interest Group on Software Engineering","SIGPLAN ACM Special Interest Group on Programming Languages"]},"container-title":["Proceedings of the 2011 International Symposium on Software Testing and Analysis"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/2001420.2001442","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/2001420.2001442","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T10:59:54Z","timestamp":1750244394000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/2001420.2001442"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2011,7,17]]},"references-count":40,"alternative-id":["10.1145\/2001420.2001442","10.1145\/2001420"],"URL":"https:\/\/doi.org\/10.1145\/2001420.2001442","relation":{},"subject":[],"published":{"date-parts":[[2011,7,17]]},"assertion":[{"value":"2011-07-17","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}