Rutgers University, Department of Computer Science Technical Report 669; Piscataway, New Jersey, filed April 2010, revised February 2011.
Transcript is a system that enhances JavaScript with support for speculative execution. It introduces a new transaction construct, which hosting Web applications can use to demarcate regions that contain untrusted guest code. Actions performed within a transaction are logged and considered speculative until they are examined by the host and committed. Uncommitted actions simply do not take and cannot affect the host in any way. Transcript therefore provides hosting Web applications with powerful mechanisms to mediate the actions of untrusted guests. It also allows hosts to cleanly recover from the effects of security-violating guest code.
This paper describes the design of the Transcript system and its implementation in Firefox. Our exposition focuses on several novel features introduced by Transcript to support transactions, including a suspend/resume mechanism for JavaScript and support for speculative DOM updates. Our evaluation presents case studies showing that Transcript can be used to enforce powerful security policies on untrusted JavaScript code and reports the performance of Transcript on real-world applications and microbenchmarks.
Technical report:
[
Available on request
]