Cross-Origin JavaScript Capability Leaks
In Proc. of the 18th USENIX Security Symposium (USENIX Security 2009)
Source Code
The following patches are the code for our heap graph tool and access control prototype. Note that the patches presented here are meant to be simple, demonstrative prototypes, not exhaustive implementations. This means two things: (a) the code is not the best or prettiest that has ever been written, and (b) it may be buggy and/or incomplete. The patch is meant to work with version 3 of WebKit, current on November 11th, 2008. It might require modification to work on the more recent versions of WebKit. All of our new code is released under the terms of the GNU Library General Public License.