SafeJS: Hermetic Sandboxing for JavaScript

Isolating programs is an important mechanism to support more secure applications. Isolating program in dynamic languages such as JavaScript is even more challenging since reflective operations can circumvent simple mechanisms that could protect program parts. In this article we present SafeJS, an approach and implementation that offers isolation based on separate sandboxes and control of information exchanged between them. In SafeJS, sandboxes based on web workers do not share any data. Data exchanged between sandboxes is solely based on strings. Using different policies, this infrastructure supports the isolation of the different scripts that usually populate web pages. A foreign component cannot modify the main DOM tree in unexpected manner. Our SafeJS implementation is currently being used in an industrial setting in the context of the Resilience FUI 12 project.

Data and Resources

Additional Info

Field Value
Source https://inria.hal.science/hal-00862099
Author Cassou, Damien, Ducasse, Stéphane, Petton, Nicolas
Maintainer CCSD
Last Updated May 9, 2026, 17:59 (UTC)
Created May 9, 2026, 17:59 (UTC)
Identifier hal-00862099
Language en
Rights https://about.hal.science/hal-authorisation-v1/
contributor Analyses and Languages Constructs for Object-Oriented Application Evolution (RMOD) ; Laboratoire d'Informatique Fondamentale de Lille (LIFL) ; Université de Lille, Sciences et Technologies-Institut National de Recherche en Informatique et en Automatique (Inria)-Université de Lille, Sciences Humaines et Sociales-Centre National de la Recherche Scientifique (CNRS)-Université de Lille, Sciences et Technologies-Institut National de Recherche en Informatique et en Automatique (Inria)-Université de Lille, Sciences Humaines et Sociales-Centre National de la Recherche Scientifique (CNRS)-Centre Inria de l'Université de Lille ; Institut National de Recherche en Informatique et en Automatique (Inria)
creator Cassou, Damien
date 2013-09-16T00:00:00
harvest_object_id ecb5aa4c-c306-4c31-b31c-191aafd29f0c
harvest_source_id 3374d638-d20b-4672-ba96-a23232d55657
harvest_source_title test moissonnage SELUNE
metadata_modified 2025-04-23T00:00:00
relation info:eu-repo/semantics/altIdentifier/arxiv/1309.3914
set_spec type:REPORT