HTML Validation of context-free languages

Authors:
Anders Møller;Mathias Schwarz
Affiliations:
Aarhus University, Denmark;Aarhus University, Denmark
Venue:
FOSSACS'11/ETAPS'11 Proceedings of the 14th international conference on Foundations of software science and computational structures: part of the joint European conferences on theory and practice of software
Year:
2011

Citing 12
Cited 3

The implementation of the Amsterdam SGML parser

Electronic Publishing—Origination, Dissemination, and Design
The SGML handbook

The SGML handbook
Introduction To Automata Theory, Languages, And Computation

Introduction To Automata Theory, Languages, And Computation
Soot - a Java bytecode optimization framework

CASCON '99 Proceedings of the 1999 conference of the Centre for Advanced Studies on Collaborative research
Grammar-based analysis of string expressions

TLDI '05 Proceedings of the 2005 ACM SIGPLAN international workshop on Types in languages design and implementation
Static approximation of dynamically generated Web pages

WWW '05 Proceedings of the 14th international conference on World Wide Web
A Translation from the HTML DTD into a Regular Hedge Grammar

CIAA '08 Proceedings of the 13th international conference on Implementation and Applications of Automata
Abstract Parsing: Static Analysis of Dynamically Generated String Output Using LR-Parsing Technology

SAS '09 Proceedings of the 16th International Symposium on Static Analysis
Precise analysis of string expressions

SAS'03 Proceedings of the 10th international conference on Static analysis
Static analysis for java servlets and JSP

SAS'06 Proceedings of the 13th international conference on Static Analysis
The design space of type checkers for XML transformation languages

ICDT'05 Proceedings of the 10th international conference on Database Theory
XML validation for context-free grammars

APLAS'06 Proceedings of the 4th Asian conference on Programming Languages and Systems

Automated repair of HTML generation errors in PHP applications using string constraint solving

Proceedings of the 34th International Conference on Software Engineering
Automated detection of client-state manipulation vulnerabilities

Proceedings of the 34th International Conference on Software Engineering
An intersection type system for deterministic pushdown automata

TCS'12 Proceedings of the 7th IFIP TC 1/WG 202 international conference on Theoretical Computer Science

Quantified Score

Hi-index	0.00

Visualization

Abstract

We present an algorithm that generalizes HTML validation of individual documents to work on context-free sets of documents. Together with a program analysis that soundly approximates the output of Java Servlets and JSP web applications as context-free languages, we obtain a method for statically checking that such web applications never produce invalid HTML at runtime. Experiments with our prototype implementation demonstrate that the approach is useful: On 6 open source web applications consisting of a total of 104 pages, our tool finds 64 errors in less than a second per page, with 0 false positives. It produces detailed error messages that help the programmer locate the sources of the errors. After manually correcting the errors reported by the tool, the soundness of the analysis ensures that no more validity errors exist in the applications.