Go to OpenReview Public Article DBLP homepageJavascript global identifier conflicts detection based on static analysis
Abstract: JavaScript code is often included in web applications to implement various functionalities. However, namespace is absent in JavaScript(JS), and all JavaScript code in a same frame shares a common namespace. The absence of namespace may lead to mutual interference among JavaScript code, which results in abnormal program execution. In this paper, we investigate the issue of global identifier conflicts in JavaScript code that cause anomalies across entire web pages. Unlike existing dynamic detection methods like JSOBSERVER which introduce significant runtime performance overhead and can only detect conflicts in executed code paths, our approach avoids execution dependency and performance penalty. Aimed to this issue, we develop a static analysis tool, called DetecJS, to analyze dependencies and conflict relationships among JavaScript code. It can be used to assists developers in identifying global identifier conflicts in the program early during development without executing the code. Based on DetecJS, we identify 2618 global identifier conflicts across 1000 websites. Additionally, we conduct a performance evaluation of DetecJS, the results indicated that the tool exhibits high performance, with an average analysis time of only 5.56 s per web page and conflict detection taking just 15.15 ms.
External IDs:dblp:journals/cybersec/SunYCL26
Loading