Isolating JavaScript in dynamic code environments

  • Authors:
  • Antonis Krithinakis;Elias Athanasopoulos;Evangelos P. Markatos

  • Affiliations:
  • Institute of Computer Science, Foundation for Research and Technology - Hellas;Institute of Computer Science, Foundation for Research and Technology - Hellas;Institute of Computer Science, Foundation for Research and Technology - Hellas

  • Venue:
  • APLWACA '10 Proceedings of the 2010 Workshop on Analysis and Programming Languages for Web Applications and Cloud Applications
  • Year:
  • 2010

Quantified Score

Hi-index 0.00

Visualization

Abstract

We analyze the source code of four well-known large web applications, namely WordPress, phpBB, phpMyAdmin and Drupal. We want to quantify the level of language intermixing in modern web applications and, if possible, we want to categorize all coding idioms that involve intermixing of JavaScript with a server-side programming language, like PHP. Our analysis processes more than half of a million of LoCs and identifies about 1,000 scripts. These scripts contain 163 cases, where the source code is mixed in a way that is hard to isolate JavaScript from PHP. We manually investigate all 163 scripts and proceed in a classification scheme of five distinct classes. Our analysis can be beneficial for all applications that apply operations in the client-side part of a web application, various XSS mitigation schemes, as well as code refactoring and optimization tools.