Date of Award


Document Type

Thesis (Undergraduate)

Department or Program

Department of Computer Science

First Advisor

Sergey Bratus

Second Advisor

Sean W. Smith


Browser security revolves around the same-origin policy, but it does not defend against all attacks as evidenced by the prevalence of cross-site scripting attacks. Rather than solve that attack in particular, I have opted for a more general solution. I have modified WebKit to allow data flow tracking via labels and to allow security-sensitive operations to be allowed or denied from JavaScript.


Originally posted in the Dartmouth College Computer Science Technical Report Series, number TR2014-750.