D. Akhawe, A. Barth, P. E. Lam, J. C. Mitchell, and D. Song, Towards a Formal Foundation of Web Security, 2010 23rd IEEE Computer Security Foundations Symposium, pp.290-304, 2010.
DOI : 10.1109/CSF.2010.27

A. Barth, C. Jackson, and W. Li, Attacks on JavaScript Mashup Communication, W2SP2009, 2009.

A. Barth, C. Jackson, and J. C. Mitchell, Securing frame communication in browsers, Communications of the ACM, vol.52, issue.6, pp.83-91, 2009.
DOI : 10.1145/1516046.1516066

A. Barth, J. Weinberger, and D. Song, Cross-origin Javascript Capability Leaks: Detection, Exploitation, and Defense, USENIX security symposium, pp.187-198, 2009.

P. Bogle and B. Liskov, Reducing cross domain call overhead using batched futures, OOPSLA, 1994.

A. Bohannon and B. C. Pierce, Featherweight Firefox: Formalizing the core of a web browser, Usenix Conference on Web Application Development (WebApps), 2010.

G. Boudol, Typing termination in a higher-order concurrent imperative language, Information and Computation, vol.208, issue.6, pp.716-736, 2010.
DOI : 10.1016/j.ic.2009.06.007

S. Crites, F. Hsu, and H. Chen, OMash, Proceedings of the 15th ACM conference on Computer and communications security, CCS '08, pp.99-108, 2008.
DOI : 10.1145/1455770.1455784

D. Crockford, The <module> Tag, 2010.

P. Efstathopoulos, M. Krohn, S. Vandebogart, C. Frey, D. Ziegler et al., Labels and event processes in the asbestos operating system, SIGOPS Oper. Syst. Rev, vol.39, issue.5, 2005.

C. Fournet, N. Swamy, J. Chen, P. Dagand, P. Strub et al., Fully abstract compilation to javascript, The 40th Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, POPL '13, 2013.
URL : https://hal.archives-ouvertes.fr/hal-00780803

D. Grossman, J. G. Morrisett, and S. Zdancewic, Syntactic type abstraction, ACM Transactions on Programming Languages and Systems, vol.22, issue.6, pp.1037-1080, 2000.
DOI : 10.1145/371880.371887

URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=

D. Hedin and A. Sabelfeld, Information-Flow Security for a Core of JavaScript, 2012 IEEE 25th Computer Security Foundations Symposium, 2012.
DOI : 10.1109/CSF.2012.19

P. L. Arnaud-le-hors, G. Hegaret, J. Nicol, M. Robie, S. Champion et al., Document Object Model (DOM) level 2 Core Specification, p.3, 2000.

A. Ibrahim, Y. Jiao, E. Tilevich, and W. R. Cook, Remote Batch Invocation for Compositional Object Services, 2009.
DOI : 10.1109/MIC.2003.1250585

C. Jackson and H. J. Wang, Subspace, Proceedings of the 16th international conference on World Wide Web , WWW '07, 2007.
DOI : 10.1145/1242572.1242655

D. Jang and R. Jhala, Sorin Lerner, and Hovav Shacham. An Empirical Study of Privacy-violating Information Flows in JavaScript Web Applications, CCS, 2010.

F. De-keukelaere, S. Bhola, M. Steiner, S. Chari, and S. Yoshihama, SMash, Proceeding of the 17th international conference on World Wide Web , WWW '08, 2008.
DOI : 10.1145/1367497.1367570

F. Loitsch, Scheme to JavaScript Compilation, 2009.

M. Ter-louw, K. T. Ganesh, and V. N. Venkatakrishnan, AdJail: Practical Enforcement of Confidentiality and Integrity Policies on Web Advertisements, USENIX Security Symposium, 2010.

Z. Luo and T. Rezk, Mashic compiler: Sandboxing using inter-frame communication, IEEE Computer Security Foundations Symposium, 2012.

S. Maffeis and A. Taly, Language-Based Isolation of Untrusted JavaScript, 2009 22nd IEEE Computer Security Foundations Symposium, pp.77-91, 2009.
DOI : 10.1109/CSF.2009.11

S. Maffeis, J. C. Mitchell, and A. Taly, An Operational Semantics for JavaScript, APLAS, pp.307-325, 2008.
DOI : 10.1007/11601524_11

S. Maffeis, J. C. Mitchell, and A. Taly, Object Capabilities and Isolation of Untrusted Web Applications, 2010 IEEE Symposium on Security and Privacy, 2010.
DOI : 10.1109/SP.2010.16

N. Nikiforakis, L. Invernizzi, A. Kapravelos, S. Van-acker, W. Joosen et al., You are what you include, Proceedings of the 2012 ACM conference on Computer and communications security, CCS '12, p.12, 2012.
DOI : 10.1145/2382196.2382274

J. Gibbs-politz, A. Guha, and S. Krishnamurthi, Typed-based verification of Web sandboxes, Journal of Computer Security, vol.22, issue.4, pp.511-565, 2014.
DOI : 10.3233/JCS-140504

A. Sabelfeld and A. C. Myers, Language-based information-flow security, IEEE Journal on Selected Areas in Communications, vol.21, issue.1, 2003.
DOI : 10.1109/JSAC.2002.806121

A. Sabelfeld and A. C. Myers, A Model for Delimited Information Release, Software Security -Theories and Systems, Second Mext-NSF-JSPS International Symposium, ISSS 2003, pp.174-191, 2003.
DOI : 10.1007/978-3-540-37621-7_9

J. Fragoso, S. , and T. Rezk, An information flow monitor-inlining compiler for securing a core of javascript, IFIP Advances in Information and Communication Technology, pp.278-292, 2014.
URL : https://hal.archives-ouvertes.fr/hal-01087374

S. Vinoski, CORBA: integrating diverse applications within distributed heterogeneous environments, IEEE Communications Magazine, vol.35, issue.2, pp.46-55, 1997.
DOI : 10.1109/35.565655

H. J. Wang, X. Fan, J. Howell, and C. Jackson, Protection and Communication Abstractions for Web Browsers in MashupOS, SOSP '07, pp.1-16, 2007.

C. Yue and H. Wang, A measurement study of insecure javascript practices on the web, ACM Transactions on the Web, vol.7, issue.2, 2013.
DOI : 10.1145/2460383.2460386

N. Zeldovich, S. Boyd-wickizer, E. Kohler, and D. Mazières, Making information flow explicit in HiStar, Proceedings of the 7th USENIX Symposium on Operating Systems Design and Implementation, p.6, 2006.
DOI : 10.1145/2018396.2018419