Treffer: Javascript global identifier conflicts detection based on static analysis.

JavaScript code is often included in web applications to implement various functionalities. However, namespace is absent in JavaScript(JS), and all JavaScript code in a same frame shares a common namespace. The absence of namespace may lead to mutual interference among JavaScript code, which results in abnormal program execution. In this paper, we investigate the issue of global identifier conflicts in JavaScript code that cause anomalies across entire web pages. Unlike existing dynamic detection methods like JSOBSERVER which introduce significant runtime performance overhead and can only detect conflicts in executed code paths, our approach avoids execution dependency and performance penalty. Aimed to this issue, we develop a static analysis tool, called DetecJS, to analyze dependencies and conflict relationships among JavaScript code. It can be used to assists developers in identifying global identifier conflicts in the program early during development without executing the code. Based on DetecJS, we identify 2618 global identifier conflicts across 1000 websites. Additionally, we conduct a performance evaluation of DetecJS, the results indicated that the tool exhibits high performance, with an average analysis time of only 5.56 s per web page and conflict detection taking just 15.15 ms. [ABSTRACT FROM AUTHOR]

Copyright of Cybersecurity (2523-3246) is the property of Springer Nature and its content may not be copied or emailed to multiple sites without the copyright holder's express written permission. Additionally, content may not be used with any artificial intelligence tools or machine learning technologies. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract. (Copyright applies to all Abstracts.)