Abstract :
Pivot is a new JavaScript isolation framework for web applications. Pivot uses iframes as its low-level isolation containers, but it uses code rewriting to implement synchronous cross-domain interfaces atop the asynchronous cross-frame postMessage( ) primitive. Pivot layers a distributed scheduling abstraction across the frames, essentially treating each frame as a thread which can invoke RPCs that are serviced by external threads. By rewriting JavaScript call sites, Pivot can detect RPC invocations, Pivot exchanges RPC requests and responses via postMessage( ), and it pauses and restarts frames using a novel rewriting technique that translates each frame´s JavaScript code into a restart able generator function. By leveraging both iframes and rewriting, Pivot does not need to rewrite all code, providing an order-of-magnitude performance improvement over rewriting-only solutions. Compared to iframe-only approaches, Pivot provides synchronous RPC semantics, which developers typically prefer over asynchronous RPCs. Pivot also allows developers to use the full, unrestricted JavaScript language, including powerful statements like eval( ).
Keywords :
Java; Web sites; program compilers; rewriting systems; JavaScript call sites; JavaScript code; JavaScript isolation framework; Pivot; RPC invocations; RPC requests; Web applications; asynchronous cross-frame postMessage() primitive; code rewriting; distributed scheduling abstraction; eval(); generator chains; iframe-only approaches; iframes; low-level isolation containers; order-of-magnitude performance improvement; restartable generator function; rewriting technique; rewriting-only solutions; synchronous cross-domain interfaces; synchronous mashup isolation; unrestricted JavaScript language; Browsers; Generators; Libraries; Reactive power; Runtime; Satellites; Security;
