In recent years, dynamic scripting languages (e.g., JavaScript®, ActionScript®, DART®, PHP, Python®, Ruby, etc.) have become significantly more powerful, and as a result, are now more widely used to implement online and web-based software applications. Dynamic scripting languages now include a number of features typically associated with high-level software languages, a flexible typing system, an extensive set of libraries, and other features that strongly support integration with other web-based systems. For these and other reasons, dynamic scripting languages are now used by most Web 2.0 applications and are growing in popularity.
Another growing trend in online and web-based software development is the embedding of third party scripts into a client application (e.g., webpage, browser, etc.). Embedded scripts may be used to retrieve, and place content and executable code (e.g., advertising banners, stock tickers, etc.) on third party sites. Embedded scripts may also be used to implement mashups, which are web-pages or applications that combine data, code, features, services, and/or functions from two or more sources to create a new service or application. Many dynamic scripting languages include features that support these growing trends, and as a result, are being used more frequently to embed scripts in websites. These embedded third party scripts may include malicious code that allows an attacker to exploit language vulnerabilities to gather sensitive information and send it to an attacker-controlled server Improving the security of scripting languages and applications that embed third-party scripting languages is becoming an ever more important design criterion.