Abstract

While conducting a security analysis of JavaScript and VBScript, the most popular scripting languages on the Web, we found some serious #aws. Motivated by this outcome, we propose steps towards a sound de#nition and design of a security framework for scripting languages on the Web. We show that if such a security framework had been integrated into the respective scripting languages from the very beginning, the probability of preventing the multiple security #aws, that we and other research groups identi#ed, would have been greatly increased.