@inproceedings{4b520e01ba5f4324944751de5c70d713,
title = "Enhancing JavaScript with transactions",
abstract = "Transcript is a system that enhances JavaScript with support for transactions. Hosting Web applications can use transactions to demarcate regions that contain untrusted guest code. Actions performed within a transaction are logged and considered speculative until they are examined by the host and committed. Uncommitted actions simply do not take and cannot affect the host in any way. Transcript therefore provides hosting Web applications with powerful mechanisms to understand the behavior of untrusted guests, mediate their actions and also cleanly recover from the effects of security-violating guest code. This paper describes the design of Transcript and its implementation in Firefox. Our exposition focuses on the novel features introduced by Transcript to support transactions, including a suspend/resume mechanism for JavaScript and support for speculative DOM updates. Our evaluation presents case studies showing that Transcript can be used to enforce powerful security policies on untrusted JavaScript code, and reports its performance on real-world applications and microbenchmarks.",
author = "Mohan Dhawan and Shan, {Chung Chieh} and Vinod Ganapathy",
year = "2012",
doi = "10.1007/978-3-642-31057-7_18",
language = "English (US)",
isbn = "9783642310560",
series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",
publisher = "Springer Verlag",
pages = "383--408",
booktitle = "ECOOP 2012 - Object-Oriented Programming",
address = "Germany",
note = "26th European Conference on Object-Oriented Programming, ECOOP 2012 ; Conference date: 11-06-2012 Through 16-06-2012",
}