Abstract: JSON is moving from being an underground secret, known and used by very few, to becoming the clear choice for mainstream data applications. The first Web extra is a video interview with Douglas Crockford on the creation of JavaScript Object Notation (JSON). The second Web extra is an audio podcast by Charles Severance, author of Computing Conversations.

Abstract: For web programmers, it is important to choose the proper JavaScript framework that not only serves their current web project needs, but also provides code of high quality and good performance. The scope of this work is to provide a thorough quality and performance evaluation of the most popular JavaScript frameworks, taking into account well established software quality factors and performance tests. The major outcome is that we highlight the pros and cons of JavaScript frameworks in various areas of interest and signify which and where are the problematical points of their code, that probably need to be improved in the next versions.

Abstract: JavaScript-based applications are very popular on the web today. However, the lack of effective protection makes various kinds of privacy violation attack possible, including cookie stealing, history sniffing and behavior tracking. There have been studies of the prevalence of such attacks, but the dynamic nature of the JavaScript language makes reasoning about the information flows in a web application a challenging task. Previous small-scale studies do not present a complete picture of privacy violations of today's web, especially in the context of Internet advertisements and web analytics. In this paper we present a novel, fast and scalable architecture to address the shortcomings of previous work. Specifically, we have developed a novel technique called principal-based tainting that allows us to perform dynamic analysis of JavaScript execution with lowered performance overhead. We have crawled and measured more than one million websites. Our findings show that privacy attacks are more prevalent and serious than previously known.

Abstract: Parallel hardware is today's reality and language extensions that ease exploiting its promised performance flourish. For most mainstream languages, one or more tailored solutions exist that address the specific needs of the language to access parallel hardware. Yet, one widely used language is still stuck in the sequential past: JavaScript, the lingua franca of the web.Our position is that existing solutions do not transfer well to the world of JavaScript due to differences in programming models, the additional requirements of the web, like safety, and to developer expectations. To address this we propose River Trail, a new parallel programming API designed specifically for JavaScript and we show how it satisfies the needs of the web. To prove that our approach is viable, we have implemented a prototype JIT compiler in Fire-fox that shows an order of magnitude performance improvement for a realistic web application.

Abstract: Running on billions of today's computing devices, JavaScript has become a ubiquitous platform for deploying web applications Unfortunately, an application developer who wishes to include a third-party script must enter into an implicit trust relationship with the third-party--granting it unmediated access to its entire application content In this paper, we present jsjs, a JavaScript interpreter (which runs in JavaScript) that allows an application to execute a third-party script inside a completely isolated, sandboxed environment An application can, at runtime, create and interact with the objects, properties, and methods available from within the sandboxed environment, giving it complete control over the third-party script jsjs supports the full range of the JavaScript language, is compatible with major browsers, and is resilient to attacks from malicious scripts We conduct a performance evaluation quantifying the overhead of using jsjs and present an example of using jsjs to execute Twitter's Tweet Button API

Abstract: The paper presents a distributed computing system that is based on evolutionary algorithms and utilizing a web browser on a client's side. Evolutionary algorithm is coded in JavaScript language embedded in a web page sent to the client. The code is optimized with regards to the memory usage and communication efficiency between the server and the clients. The server side is also based on JavaScript language, as node.js server was applied. The proposed system has been tested on the basis of permutation flowshop scheduling problem, one of the most popular optimization benchmarks for heuristics studied in the literature. The results have shown, that the system scales quite smoothly, taking additional advantage of local search algorithm executed by some clients.

Abstract: Currently, mobile devices might suffer from their own limited resources to support complex Web applications. We present a framework that can offload JavaScript applications to cloud. Based on dynamic analysis and profiling, our approach partitions the computation-intensive tasks for remote execution and efficiently improves performance

Abstract: The JavaScript programming language, originally developed as a simple scripting language, is now the language of choice for web applications. All the top 100 sites on the web use JavaScript and its use outside web pages is rapidly growing. However, JavaScript is not yet ready for programming in the large: it does not support a module system. Lack of namespaces introduces module patterns, and makes it difficult to use multiple JavaScript frameworks together.In this paper, we propose a formal specification of a JavaScript module system. A module system for JavaScript will allow safe and incremental development of JavaScript web applications. While the next version of the JavaScript standard proposes a module system, it informally describes its design in prose. We formally specify a module system as an extension to the existing JavaScript language, and rigorously describe its semantics via desugaring to LambdaJS, a prior core calculus for JavaScript. We implement the desugaring process and show its faithfulness using real-world test suites. Finally, we define a set of properties for valid JavaScript programs using modules and formally prove that the proposed module system satisfies the validity properties.

Abstract: Today, more than 99% of web-browsers are enabled with Javascript capabilities, and Javascript's popularity is only going to increase in the future. However, due to bytecode interpretation, Javascript codes suffer from severe performance penalty (up to 50x slower) compared to the corresponding native C/C++ code. We recognize that the first step to bridge this performance gap is to understand the the architectural execution characteristics of Javascript benchmarks. Therefore, this paper presents an in-depth architectural characterization of widely used V8 and Sunspider Javascript benchmarks using Google's V8 javascript engine. Using statistical data analysis techniques, our characterization study discovers and explains correlation among different execution characteristics in microarchitecture dependent as well as microarchitecture independent fashion. Furthermore, our study measures (dis)similarity among 33 different Javascript benchmarks and discusses its implications. Given the widespread use of Javascripts, we believe our findings are useful for both performance analysis and benchmarking communities.

Abstract: A method includes, by one or more computing devices, determining JavaScript statements to be evaluated, parsing the JavaScript statements, translating the JavaScript statements into Java bytecodes and JavaScript-specific instructions, executing the Java bytecodes in a Java execution engine, calling a JavaScript run-time engine from the Java execution engine, handling one or more semantic operations associated with the JavaScript-specific instructions through use of the JavaScript run-time engine, and providing return values to the Java execution engine. The statements are configured for execution on a computing device. The set of Java bytecodes and JavaScript-specific instructions is configured to conduct symbolic execution of one or more portions of the JavaScript statements. The symbolic execution is configured to evaluate the JavaScript statements.

Abstract: This paper proposes a complexity metric for Java script since JavaScript is the most popular scripting language that can run in all of the major web browsers. The proposed metric "JavaScript Cognitive Complexity Measure (JCCM)" is intended to assess the design quality of scripts. The metrics has been evaluated theoretically and validated empirically through real test cases. The metric has also been compared with other similar metrics. The theoretical, empirical validation and comparative study prove the worth and robustness of the metric.

Abstract: Recently, many malicious users have attacked web browsers using JavaScript code that can execute dynamic actions within the browsers By forcing the browser to execute malicious JavaScript code, the attackers can steal personal information stored in the system, allow malware program downloads in the client’s system, and so on In order to reduce damage, malicious web pages must be located prior to general users accessing the infected pages In this paper, a novel framework (JsSandbox) that can monitor and analyze the behavior of malicious JavaScript code using internal function hooking (IFH) is proposed IFH is defined as the hooking of all functions in the modules using the debug information and extracting the parameter values The use of IFH enables the monitoring of functions that API hooking cannot JsSandbox was implemented based on a debugger engine, and some features were applied to detect and analyze malicious JavaScript code: detection of obfuscation, deobfuscation of the obfuscated string, detection of URLs related to redirection, and detection of exploit codes Then, the proposed framework was analyzed for specific features, and the results demonstrate that JsSandbox can be applied to the analysis of the behavior of malicious web pages

Abstract: We present and evaluate a compiler from Prolog (and extensions) to JavaScript which makes it possible to use (constraint) logic programming to develop the client side of web applications while being compliant with current industry standards. Targeting JavaScript makes (C)LP programs executable in virtually every modern computing device with no additional software requirements from the point of view of the user. In turn, the use of a very high-level language facilitates the development of high-quality, complex software. The compiler is a back end of the Ciao system and supports most of its features, including its module system and its rich language extension mechanism based on packages. We present an overview of the compilation process and a detailed description of the run-time system, including the support for modular compilation into separate JavaScript code. We demonstrate the maturity of the compiler by testing it with complex code such as a CLP(FD) library written in Prolog with attributed variables. Finally, we validate our proposal by measuring the performance of some LP and CLP(FD) benchmarks running on top of major JavaScript engines.

Abstract: JavaScript is a dynamic, weakly typed, multi-paradigm programming language that supports object-oriented, imperative, and functional programming styles. While web developers appreciate this flexibility when implementing complex and interactive web applications, this wide range of possible styles can hinder program comprehension and make maintenance difficult, especially in large projects involving many different programmers. A particular problem is the several different ways in which object-oriented classes can be expressed in JavaScript. In this work we aim at enhancing the maintainability of object-oriented JavaScript applications by automatically normalizing the representation of classes to a single model.

Abstract: JavaScript on webpages linked to by URLs in messages is identified and the JavaScript is extracted. The JavaScript is then subjected to a JavaScript execution and analysis process whereby the JavaScript is executed in the context of a simulated web browser. The behavior of the JavaScript is then analyzed to identify one or more of: any URLs to be redirected to; any further executable JavaScript; and any content dynamically written to the webpage. The results are then either recursed into or are recorded and used to aid in the identification of spam messages.

Abstract: If you're familiar with HTML, you can quickly learn how to build interactive, data-driven websites with the powerful combination of PHP, MySQL, and JavaScript - the top technologies for creating modern sites. This hands-on guide explains each technology separately, shows you how to combine them, and introduces valuable web programming concepts such as objects, XHTML, cookies, and session management. Carefully paced for non-programmers, this second edition provides an extensive introduction to CSS, and benefits from reader questions and suggestions. You'll practice what you've learned with review questions in each chapter, and a sample social networking platform built with the elements introduced in this book. Understand PHP essentials and the basics of object-oriented programming Master MySQL, from database structure to complex queries Create web pages with PHP and MySQL by integrating forms and other HTML features Learn about JavaScript, from functions and event handling to accessing the Document Object Model Pick up the basics of CSS and see its role in web pages and JavaScript programming Make Ajax calls and turn your website into a highly dynamic environment Upload and manipulate files and images, validate user input, and secure your applications

Abstract: A method, system, Web-environment and computer program product for automatically generating proxies and meta-proxies for script code in an HTML document. The invention preferably operates with a system that allows for JavaScript to be utilized on the server-side.

Abstract: JavaScript is a popular scripting language for creating dynamic and interactive web pages. Unfortunately, JavaScript also provides the ground for web-based attacks that exploit vulnerabilities in web browsers and unnoticeably infect users with malicious software. Regular security tools, such as anti-virus scanners, increasingly fail to fend off this threat, as they are unable to cope with the rapidly evolving diversity and obfuscation of these JavaScript attacks. In this article, we present Cujo, a learning-based system for detection and prevention of JavaScript attacks. Embedded in a web proxy, Cujo transparently inspects web pages and blocks the delivery of malicious JavaScript code. A lightweight static and dynamic analysis is performed, which enables learning and detecting malicious patterns in the structure and behavior of JavaScript code. To operate the system in practice we introduce an architecture for automatically collecting and sanitizing data for retraining Cujo. We demonstrate the efficacy of this architecture in an empirical evaluation, where Cujo identifies 93% of real attacks with few false alarms—even if the attacks are present in benign web pages during training of the system.

Abstract: This hands-on book looks past the hype and buzzwords surrounding HTML5 and gives you a conservative and practical approach to using HTML5, JavaScript MVC frameworks, and the latest W3C specifications. Youll quickly master how to build mobile and desktop web apps that are widely supported across all major web browsers and devices. Even though Web Storage, Web Workers, Geolocation, Device Orientation, and WebSockets have been covered many times in the past, it is often from a very high or basic level. This book goes into the trenches to review actual use cases for each of these APIs and gives real-world examples on how to use each one. If you're familiar with JavaScript, CSS and HTML basics and are ready to start piecing together the architecture of HTML5, then this book is for you. Assemble a coherent architectural whole from HTML5s complex collection of parts Gain a clear understanding of client-side architecture and the "mobile first" approach Design, create, and tune eye-catching and robust mobile web apps Explore how the top five JavaScript MVC frameworks interact with the server Learn best practices for setting up a raw WebSocket server Examine how sites such as Google, Twitter, and Amazon store data on the client Use real-world methods for applying geolocation, and learn the pitfalls of various implementations Process images and other data in the background with Web Workers

Abstract: We introduce the Utrecht Haskell Compiler JavaScript backend, which allows one to compile Haskell code to JavaScript, so it can be run in the browser. To interface with JavaScript and overcome part of the impedance mismatch between the two languages, we introduce the Foreign Expression Language; a small subset of JavaScript for use in Foreign Function Interface imports. Finally we discuss the implementation of a JavaScript application, completely written in Haskell, with which we show that it is now possible to write an entire JavaScript application completely in Haskell.

Abstract: JavaScript is a core language of web applications, and it is the most frequently used web language, which is used in more than 90% of web pages around the world. The performance of JavaScript engines becomes an important issue. In order to increase the execution speed of web applications, many JavaScript engines are embedded in JIT (Just-in-time) Compiler. However, JIT compilers are required to execute and compile applications at the same time. Therefore, this technique has been hardly applicable to embedded systems, in which system resources are limited. In this paper, we present a reusing technique for JIT compiled code in the JavaScript engine to reduce compilation overhead.

Abstract: Get Started Fast with Modern JavaScript Web Development! With the arrival of HTML5, jQuery, and Ajax, JavaScript web development skills are more valuable than ever! This complete, hands-on JavaScript tutorial covers everything you need to know now. Using line-by-line code walkthroughs and end-of-chapter exercises, top web developer and speaker Tim Wright will help you get results fast, even if youve never written a line of JavaScript before. Smart, friendly, enthusiastic, and packed with modern examples, Learning JavaScript covers both design-level and development-level JavaScript. Youll find expert knowledge and best practices for everything from jQuery and interface design to code organization and front-end templating. Wrights focused coverage includes regular break points and clear reviews that make modern JavaScript easier to learnand easier to use! Learning JavaScript is your fastest route to success with JavaScriptwhether youre entirely new to the language or you need to sharpen and upgrade skills you first learned a decade ago! Coverage includes Mastering all of the JavaScript concepts and terminology you need to write new programs or efficiently modify existing code Creating robust, secure code for both the design and development levels Maximizing usability, reusability, accessibility, clarity, security, and performance Taking full advantage of the browser environments your code will run in Accessing the DOM to create behaviors and data interactions Storing data for easy and efficient access Using variables, functions, loops, and other core language features Interacting with users through events Communicating with servers through Ajax Improving your productivity with JavaScript libraries

Abstract: The JavaScript Blended Analysis Framework is designed to perform a general-purpose, practical combined static/dynamic analysis of JavaScript programs, while handling dynamic features such as run-time generated code and variadic func- tions. The idea of blended analysis is to focus static anal- ysis on a dynamic calling structure collected at runtime in a lightweight manner, and to rene the static analysis us- ing additional dynamic information. We perform blended points-to analysis of JavaScript with our framework and compare results with those computed by a pure static points- to analysis. Using JavaScript codes from actual webpages as benchmarks, we show that optimized blended analysis for JavaScript obtains good coverage (86.6% on average per website) of the pure static analysis solution and nds ad- ditional points-to pairs (7.0% on average per website) con- tributed by dynamically generated/loaded code.

Abstract: Search engines use a crawling system to recursively download web pages, analyze HTML pages, and generate a new list of URLs to crawl. As web pages are becoming more dynamic than before, JavaScript is heavily used, which poses a great challenge for the crawling system, because now many URLs are embedded in the JavaScript code and are invisible to the crawler. Worse, there is no study on the usage patterns of these URLs and the impact of JavaScript-generated URLs is unknown. We propose a browser emulation method to study the usage of URLs from JavaScript code. In order to find these URLs, we instrument a browser core to output all URLs inside a web page, including those generated from JavaScript. Then we classify these URLs into a number of types and study reasons that web developers put them in JavaScript. We analyze top Internet sites and popular web pages. The results show that more than half of them contain URLs generated from JavaScript, which accounts for about 6-19% of total URLs. Among them, 26-41% refer to potential important contents that should be indexed by search engine crawlers, and advertising URLs are about 26-35%.

Abstract: A computing device adapted to receive at least one JavaScript, the computing device comprising a processor type and one or more architectural features. The at least one JavaScript comprises one or more first sections of the JavaScript and one or more second sections of the JavaScript. The one or more first sections of the JavaScript may be pre-compiled using the processor type or the one or more architectural features. The one or more second sections of the JavaScript may be sent to a JavaScript Compiler in source format. A JavaScript Engine may be adapted to execute the one or more first sections of the JavaScript and the subsequently compiled one or more second sections of the JavaScript, keeping elements of the scripting code proprietary, with the pre-compilation of the one or more first sections of the JavaScript eliminating run-time compilation and therefore providing performance benefits.

Abstract: Acceptance testing is an important part of software development and it is performed to ensure that a system delivers its required functionalities. Today, most modern interactive web applications are designed using Web 2.0 technologies, many among them relying on JavaScript. JavaScript enables the development of client-side functionality through the dynamic modification of the web-page's content and structure without calls to the server. This implies that server-side testing frameworks will necessarily fail to test the complete application behaviors. In this paper we present a method for automated acceptance testing of JavaScript web applications to ensure that required functionalities have been implemented. Using an intuitive, human-readable scripting language our method allows users to describe user stories in high level declarative test scripts and to then execute these test scripts on a web application using an automated website crawler. We also describe a case study that evaluates our approach in terms of capabilities to translate user stories in automated acceptance test scripts.

Abstract: After Web applications have successfully found their way to PCs, smartphones and tablets, they are on the verge to be used on in-vehicle infotainment (IVI) systems. One of the often claimed drawbacks of Web applications is their low performance in conjunction with limited resources. We have created a benchmark framework to evaluate the performance of JavaScript in comparison to native code. The framework is designed to take the resource constraints of IVI systems into account. We conclude that general calculation tasks in JavaScript are on the average two to four times slower than native compiled counterparts on embedded vehicle hardware. The factor is independent from the allowed resource limits for each calculation. Using new features for Web applications (e.g. local storage functionality) or making frequent use of recursions there is a significant performance drop in JavaScript. In these cases native code runs up to 10 times faster than their counterparts in JavaScript.