Abstract
In modern web-based applications, an increasing amount of source code is generated dynamically at runtime. Web applications commonly execute dynamically generated code (DGC) emitted by third-party, black-box generators, run at remote sites. Web developers often need to adapt DGC before it can be executed: embedded HTML can be vulnerable to cross-site scripting attacks; an API may be incompatible with some browsers; and the program's state created by DGC may not be persisting. Lacking any systematic approaches for adapting DGC, web developers resort to ad-hoc techniques that are unsafe and error-prone. This study presents an approach for adapting DGC systematically that follows the program-transformation-by-example paradigm. The proposed approach provides predefined, domain-specific before/after examples that capture the variability of commonly used adaptations. By approving or rejecting these examples, web developers determine the required adaptation transformations, which are encoded in an adaptation script operating on the generated code's abstract syntax tree. The proposed approach is a suite of practical JavaScript program adaptations and their corresponding before/after examples. The authors have successfully applied the approach to real web applications to adapt third-party generated JavaScript code for security, browser compatibility, and persistence.
Highlights
IntroductionSome of the requirements may only be discovered at runtime
In modern software applications, some of the requirements may only be discovered at runtime
Algorithm 1 (Fig. 4) takes as input the abstract syntax tree (AST) patterns representing the before/after examples of an adaptation script; the resulting output is a set of transformation operations that can be applied to the matched nodes of the AST of dynamically generated code (DGC)
Summary
Some of the requirements may only be discovered at runtime. A persistent web application needs to remember all user-entered data across invocations, and the data manipulated by the dynamically generated part of the code needs to be appropriately persisted All these adaptation tasks require transforming the source code, whose exact structure will only be known at runtime. When integrating third-party DGC, programmers can examine this code in a debugger or print it out to the browser's console Even if examining such debugging information determines that the code must be adapted, programmers lack systematic approaches for effecting the required transformations. We have successfully applied our approach to adapt the DGC of real, third-party web applications for better security, browser-compatibility, and persistence. A systematic domain-specific approach to Adapting Dynamically Generated JavaScript (ADGJS) code based on predefined before/after examples. Empirical results of adapting the DGC portions of third-party commercial web applications for security, browser compatibility, and persistence
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.