Proceedings of the 2012 International Symposium on Software Testing and Analysis 2012
DOI: 10.1145/2338965.2336758
|View full text |Cite
|
Sign up to set email alerts
|

Remedying the eval that men do

Abstract: A range of static analysis tools and techniques have been developed in recent years with the aim of helping JavaScript web application programmers produce code that is more robust, safe, and efficient. However, as shown in a previous large-scale study, many web applications use the JavaScript eval function to dynamically construct code from text strings in ways that obstruct existing static analyses. As a consequence, the analyses either fail to reason about the web applications or produce unsound or useless r… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
1
1
1
1

Citation Types

0
74
0

Year Published

2013
2013
2024
2024

Publication Types

Select...
4
3
3

Relationship

0
10

Authors

Journals

citations
Cited by 86 publications
(74 citation statements)
references
References 22 publications
0
74
0
Order By: Relevance
“…However, given the number of files with at least one of these features in systems like Moodle, it is not possible to assume, in general, that normal user code will not make use of these features. Another option may be to apply static, or hybrid static/dynamic analysis techniques, to try to transform the code into more easily analyzed static code with fewer evals [9,13,17].…”
Section: The Eval Expressionmentioning
confidence: 99%
“…However, given the number of files with at least one of these features in systems like Moodle, it is not possible to assume, in general, that normal user code will not make use of these features. Another option may be to apply static, or hybrid static/dynamic analysis techniques, to try to transform the code into more easily analyzed static code with fewer evals [9,13,17].…”
Section: The Eval Expressionmentioning
confidence: 99%
“…Furthermore, we believe that many of the remaining uses are unlikely to be refactored by the developers. The reason is that even though several techniques for removing some usages of eval have been proposed years ago [12], [11] and the risks of this function are widely documented [4], [9], using eval unnecessarily is still widespread.…”
Section: B Rq2: Usagesmentioning
confidence: 99%
“…The closest related work to JSAI is the JavaScript static analyzer TAJS by Jensen et al [32,33,34]. While TAJS is intended to be a sound analysis of the entire JavaScript language (sans dynamic code injection), it does not possess any of the characteristics of JSAI described in Section 1.…”
Section: Related Workmentioning
confidence: 99%