

Rootkits for JavaScript Environments [pdf] - chorola
http://static.usenix.org/event/woot09/tech/full_papers/adida.pdf

======
nadaviv
If you manage to get the code to execute on a worker or an iframe, you should
have a clean environment to operate in, with your own copy of the native
environment and prototypes.

The question is... how do you create an iframe or worker safely?
document.createElement and window.Worker can be poisoned too.

Perhaps its possible to verify the functions you're using are native and not
created in user-land? that way, at least you could identify the attack and
stop execution.

~~~
pfraze
If you knew what JS to expect from the host, you might cache a checksum and
compare after load.

