Affiliation:
1. Purdue University, West Lafayette, IN, USA
Abstract
Eval endows JavaScript developers with great power. It allows developers and end-users, by turning text into executable code, to seamlessly extend and customize the behavior of deployed applications as they are running. With great power comes great responsibility, though not in our experience. In previous work we demonstrated through a large corpus study that programmers wield that power in rather irresponsible and arbitrary ways. We showed that most calls to eval fall into a small number of very predictable patterns. We argued that those patterns could easily be recognized by an automated algorithm and that they could almost always be replaced with safer JavaScript idioms. In this paper we set out to validate our claim by designing and implementing a tool, which we call Evalorizer, that can assist programmers in getting rid of their unneeded evals. We use the tool to remove eval from a real-world website and validated our approach over logs taken from the top 100 websites with a success rate over 97% under an open world assumption.
Publisher
Association for Computing Machinery (ACM)
Subject
Computer Graphics and Computer-Aided Design,Software
Reference23 articles.
1. BabyJ
2. Type Checking for JavaScript
3. Michael Bolin. Closure: The Definitive Guide. O'Reilly Series. O'Reilly Media 2010. ISBN 9781449381875. URL http://books.google.ch/books?id=p7uyWPcVGZsC. Michael Bolin. Closure: The Definitive Guide. O'Reilly Series. O'Reilly Media 2010. ISBN 9781449381875. URL http://books.google.ch/books?id=p7uyWPcVGZsC.
4. Staged information flow for javascript
5. ADSandbox
Cited by
21 articles.
订阅此论文施引文献
订阅此论文施引文献,注册后可以免费订阅5篇论文的施引文献,订阅后可以查看论文全部施引文献