JS']JSISOLATE: Lightweight In-Browser Java']JavaScript Isolation

Modern web applications commonly include third-party scripts from external hosts. While enabling code reuse and enhancing the functionalities, the reliability of client-side JavaScript code can be impaired by the inclusion of other scripts. Since all scripts run in the same execution environment in the browser, executing them all together may cause unexpected effects. For example, global variables with the same name might be defined by multiple scripts, causing the actual value to be unpredictable. In this paper, we design a lightweight browser-based framework, JSISOLATE, that provides an isolated and reliable JavaScript execution environment. JSISOLATE injects scripts into different isolated environments based on their dependency relationship. In this way, it executes scripts with independent functionalities in different contexts, effectively preventing them from interfering with each other. We further evaluated the compatibility and performance overhead of JSISOLATE on Alexa top 1K websites, and showed that it can efficiently isolate scripts while preserving the functionalities.