Language Support for Extensible Web Browsers Benjamin Lerner and Dan Grossman.

Slides:



Advertisements
Similar presentations
Feedback on the report. It is like the exam The way I mark your report is similar to the way I shall mark your exam.
Advertisements

Introducing JavaScript
WEAVING CODE EXTENSIONS INTO JAVASCRIPT Benjamin Lerner, Herman Venter, and Dan Grossman University of Washington, Microsoft Research.
Internet Browsers and Add-ons Popular browsers What a browser does Javascript Add-ons Also see an explanation and examples of HTML code in Past Meeting.
Detecting Conflicts Among Declarative UI Extensions Benjamin Lerner Brown University Dan Grossman UW Computer Science & Engineering.
An Evaluation of the Google Chrome Extension Security Architecture
Browser Toolbars You Shouldn’t Do Without How the WAT and WDT Can Help You Design Accessible Websites.
The Most Dangerous Code in the Browser Stefan Heule, Devon Rifkin, Alejandro Russo, Deian Stefan Stanford University, Chalmers University of Technology.
1 Introducing Collaboration to Single User Applications A Survey and Analysis of Recent Work by Brian Cornell For Collaborative Systems Fall 2006.
1 CA201 Word Application Creating Document for the Web Week # 9 By Tariq Ibn Aziz Dammam Community college.
Plugin for Firefox CS297 – Vijay Rao. Plugin for Firefox Firefox has a very stable framework to create browser extensions. It uses XUL to specify overlays.
Firefox 2 Feature Proposal: Remote User Profiles TeamOne August 3, 2007 TeamOne August 3, 2007.
CSE 219 COMPUTER SCIENCE III PROPERTIES OF HIGH QUALITY SOFTWARE.
Object-Oriented Analysis and Design
XP Tutorial 1 New Perspectives on JavaScript, Comprehensive1 Introducing JavaScript Hiding Addresses from Spammers.
1 An introduction to design patterns Based on material produced by John Vlissides and Douglas C. Schmidt.
1 Using jQuery JavaScript & jQuery the missing manual (Second Edition)
UNC Webmasters Meeting March 2, An amazing range of possibilities, covering virtually every aspect involved in web page/site development!
Definition from Wikipedia.  The Prototype JavaScript Framework  implemented as a single file of JavaScript code  named prototype.js (
2. Introduction to the Visual Studio.NET IDE 2. Introduction to the Visual Studio.NET IDE Ch2 – Deitel’s Book.
XML User Interface Language (XUL) Karl Strength April 16, 2006.
DAT602 Database Application Development Lecture 15 Java Server Pages Part 1.
Presented by…. Group 2 1. Programming language 2Introduction.
HTML and Designing Web Pages. u At its creation, the web was all about –Web pages were clumsily assembled –Web sites were accumulations of hyperlinked.
DHTML. What is DHTML?  DHTML is the combination of several built-in browser features in fourth generation browsers that enable a web page to be more.
Beyond the UI Using Tools to Improve Testing Jeremy Traylor
SQL Power Injector Avadanei AlinBalan Robert. What is SQL Power Injector ?  A graphical application created in C#.Net 1.1 that helps the penetration.
Internet Browsers: Add-ons for Google Chrome. Browser Add-ons These are small programs that you choose to install inside your browser (therefore making.
Styling and theming Build campaigns in style. What we'll look at... How a web document is structured How HTML and CSS fit together Tools you will need.
Title, meta, link, script.  The title looks like:  The tag defines the title of the document in the browser toolbar.  It also: ◦ Provides a title for.
Internet Browsers and Add-ons Popular browsers Browser stats (shown in talk) What a browser does Javascript (shown in talk) * Add-ons * Also see an explanation.
OOP (Java): Simple/ OOP (Java) Objectives – –give some simple examples of Java applications and one applet 2. Simple Java Programs Semester.
1 JavaScript in Context. Server-Side Programming.
Computing Fundamentals Module Lesson 3 — Changing Settings and Customizing the Desktop Computer Literacy BASICS.
Hyper/J and Concern Manipulation Environment. The need for AOSD tools and development environment AOSD requires a variety of tools Life cycle – support.
Extending HTML CPSC 120 Principles of Computer Science April 9, 2012.
Enhancing the Web With End-User Programming Tak Yeon Lee, Ben Bederson.
Lesson 12: Creating a Manual and Using Mail Merge.
Mozilla Firefox is a web browser descended from the Mozilla Application Suite and managed by Mozilla CorporationCorporation. Firefox had 21.73% of the.
Copyright © IBM Corp., All rights reserved. From SWT to RCP: Experiences implementing RSSOwl 2.0 with RCP Benjamin Pasero.
XP New Perspectives on Windows 2000 Professional Windows 2000 Tutorial 2 1 Microsoft Windows 2000 Professional Tutorial 2 – Working With Files.
Web Automation Testing With Selenium By Rajesh Kanade.
JavaScript, jQuery, and Mashups Incorporating JavaScript, jQuery, and other Mashups into existing pages.
Department of Computer Science Internet Performance Measurements using Firefox Extensions Scot L. DeDeo Professor Craig Wills.
1 JavaScript
Presentation to Area 2 Computer and Technology Group 15 May 2013.
SUPPORTING DYNAMIC, THIRD-PARTY CODE CUSTOMIZATIONS IN JAVASCRIPT USING ASPECTS Benjamin Lerner, Herman Venter, and Dan Grossman University of Washington,
Adding maps, widgets, searchbox Week 07 TCNJ Web 2 Jean Chu.
Protecting Browsers from Extension Vulnerabilities Paper by: Adam Barth, Adrienne Porter Felt, Prateek Saxena at University of California, Berkeley and.
1 JavaScript in Context. Server-Side Programming.
‘‘BROWSER WARS’’ Written by: Oliver from Zeta.net Presented by: Olivia Chung ENGL 393.
ScriptOnce™ & Best Practices. Agenda 2 Automation that works ScriptOnce –Minimal maintenance –Easy to add devices Robustness –Reliable Scripts - Minimize.
Javascript Intro Instructor: Shalen Malabon. Lesson Plan Core Javascript Syntax Types and Objects Functions DOM Event Handling Debugging Javascript Smarter.
Instructional/6-8/General Session 1 of 1 Get Going with eChalk Digital File Locker.
Introduction to JavaScript LIS390W1A Web Technologies and Techniques 24 Oct M. Cameron Jones.
Javascript Basic Concepts Presentation By: Er. Sunny Chanday Lecturer CSE/IT RBIENT.
Smart Calendar Chrome Extension v Dec. 28, 2010 Kyoungryol Kim 1.
Browsing Tips Mozilla Firefox. About Firefox Available at Available at Maintained.
HTML is the language that allows text and graphics to be displayed as Web pages. It is a set of special codes, called tags, that tells a browser application.
+ CIW LESSON 4 Web Browsers. + Basic Functions of Web Browsers Provide a way for users to access and navigate Web pages Display Web pages properly Provide.
Reference Management Software Tools Zotero – Download Instructions
Selenium HP Web Test Tool Training
Selenium HP Web Test Tool Training
CONTENT MANAGEMENT SYSTEM CSIR-NISCAIR, New Delhi
Quantifying the Fingerprintability of Browser Extensions
Presented by Brian Nicholson
14 A Brief Look at JavaScript and jQuery.
Adding Images to PowerPoint
Protecting Browsers from Extension Vulnerabilities
Presentation transcript:

Language Support for Extensible Web Browsers Benjamin Lerner and Dan Grossman

Position  Browser extensions are a good thing What are extensions? What are extensions? Why use them? Why use them?  Current approaches have important flaws False design tradeoffs False design tradeoffs Languages used are poor Languages used are poor  PL techniques can help UI: declarative compositional overlays UI: declarative compositional overlays Behavior: aspects Behavior: aspects 2

What are web-browser extensions?  Downloadable code to customize the browser  Different from plugins 3

Why extensions?  Extensions avoid bloat Pick and choose the features you want Pick and choose the features you want  Extensions can experiment Provide new features after products ship Provide new features after products ship  Wildly popular: 6,000+ extensions 6,000+ extensions 1.5 Billion downloads 1.5 Billion downloads 4

What’s wrong with extensions today?  Two browser designs: Firefox and Chrome  The designs force a trade-off: Huge flexibility, or Huge flexibility, or Robustness Robustness  For both, the programming model is very poor  Why can’t we do better? 5

Programming example: Mouse Gestures  “Right-click-and-drag” gestures  Shape of gesture  browser command  Work-alike versions for Chrome and Firefox 6

Firefox: flexible but brittle  Firebug + YSlow, Firefinder, FireCookie… Deliberately extend another extension Deliberately extend another extension supercharge-firebug/ supercharge-firebug/ supercharge-firebug/ supercharge-firebug/  AdBlock Plus + NoScript Deliberately break another extension Deliberately break another extension mozilla-community/ mozilla-community/ mozilla-community/ mozilla-community/  Currently no way to distinguish these cases 7

Firefox: free-form code injection aioContent = document.getElementById("content"); aioContent.aioNativeRemoveTab = aioContent.removeTab; eval("aioContent.aioNativeRemoveTab = " + aioContent.aioNativeRemoveTab.toString().replace( 'this.selectedTab', 'this.selectedTab', '…various replacement code…')); '…various replacement code…')); aioContent.removeTab = function(aTab) { …various preprocessing… …various preprocessing… aioContent.aioNativeRemoveTab(aTab); aioContent.aioNativeRemoveTab(aTab);} Get a reference to the main window Alias the removeTab function Modify the function at that alias Replace the original with a call to the modified version 8

Chrome: robust but limited  StumbleUpon Provides a “toolbar” in the page, Provides a “toolbar” in the page, …but it’s not a true chrome toolbar …but it’s not a true chrome toolbar  Currently no fix without new APIs 9

Chrome: tightly-constrained In the background page: close_tab:function(tab){ chrome.tabs.remove(tab.id); chrome.tabs.remove(tab.id);}, Injected into the main page: var ACTION = { … "close this tab" : function(){ "close this tab" : function(){ connection.postMessage('close_tab'); connection.postMessage('close_tab'); }, }, …} Predefined object to manipulate tabs Page communicates to background via postMessage API 10

Towards a middle ground  Goal: flexibility and robustness Free-form UI extension Free-form UI extension Benign extensions can extend each other Benign extensions can extend each other Malicious extensions can’t hurt each other Malicious extensions can’t hurt each other  Separate techniques for UI and code: UI: Declarative, compositional overlays UI: Declarative, compositional overlays Code: aspects Code: aspects 11

Overlays  Intuition: “Tree-structured patch”  When are overlays successfully applied?  When are overlays in conflict?  When should overlays be prohibited? Hello World Hello World 12

Compositional overlays  The tree-patching part is fine, but need to:  Declare expectations of the base document  Declare invariants asserted by the overlay  Can now detect conflicting assertions 13 Require “greeting” Last “greeting” (“greeting”, World ) Require “greeting” Last “greeting” (“greeting”, World ) Require “greeting” Last “greeting” (“greeting”, Toronto ) Require “greeting” Last “greeting” (“greeting”, Toronto ) Last “greeting”

Programming redux: using aspects aioContent = document.getElementById("content"); aioContent.aioNativeRemoveTab = aioContent.removeTab; eval("aioContent.aioNativeRemoveTab = " + aioContent.aioNativeRemoveTab.toString().replace( 'this.selectedTab', 'this.selectedTab', '…various replacement code…')); '…various replacement code…')); aioContent.removeTab = function(aTab) { …various preprocessing… …various preprocessing… aioContent.aioNativeRemoveTab(aTab); aioContent.aioNativeRemoveTab(aTab);} Get a reference to the main window Alias the removeTab function Advise field accesses explicitly Add before advice to the function aioContent = document.getElementById("content"); aioContent.aioNativeRemoveTab = aioContent.removeTab; at pointcut(field(this.selectedTab) && within(aioContent.removeTab)) around { get { …various replacement code… } }; at pointcut(callee(aioContent.removeTab)) before (aTab) { before (aTab) { …various preprocessing… …various preprocessing…} Come to OOPSLA for more details  When are aspects successfully woven?  When should aspects be prohibited? 14

Conclusion  Browser extensions are here to stay  Programming them needs our help  Two potential techniques: UI: compositional overlays UI: compositional overlays Code: aspects Code: aspects 15

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.