J
Joel Weinberger
Researcher at University of California, Berkeley
Publications - 11
Citations - 460
Joel Weinberger is an academic researcher from University of California, Berkeley. The author has contributed to research in topics: JavaScript & Web application. The author has an hindex of 8, co-authored 11 publications receiving 427 citations. Previous affiliations of Joel Weinberger include Google.
Papers
More filters
Book ChapterDOI
A systematic analysis of XSS sanitization in web application frameworks
TL;DR: A novel model of the web browser is developed and it is found that frameworks often do not address critical parts of the XSS conundrum, showing that there is a wide gap between the abstractions provided by frameworks and the requirements of applications.
Proceedings ArticleDOI
Verifying higher-order programs with the dijkstra monad
TL;DR: The Dijkstra monad is implemented and a tool chain that translates programs in a subset of JavaScript decorated with assertions and loop invariants to F*.
Proceedings Article
Preventing Capability Leaks in Secure JavaScript Subsets.
TL;DR: It is shown that onethird of the Alexa US Top 100 web sites would be exploitable by an ADsafe-verified advertisement and an improved statically verified JavaScript subset that whitelists known-safe properties using namespaces is proposed.
Proceedings Article
Cross-origin javascript capability leaks: detection, exploitation, and defense
TL;DR: This work identifies a class of Web browser implementation vulnerabilities, cross-origin JavaScript capability leaks, which occur when the browser leaks a JavaScript pointer from one security origin to another and proposes an approach to mitigate this class of vulnerabilities by adding access control checks to browser JavaScript engines.
Proceedings Article
Towards client-side HTML security policies
TL;DR: It is argued that current systems are insufficient for the needs of web applications, and research needs to be done to determine the set of properties an HTML security policy system should have.