Web browser support has evolved piecemeal
to balance the security and interoperability requirements
of client-side script services. This evolution has led to an
inadequate security model that forces Web applications to
choose between security and interoperation. We draw an
analogy between Web sites’ sharing of browser resources
and users’ sharing of operating system resources, and use
this analogy as a guide to develop protection and communication
abstractions in MashupOS: a set of abstractions
that isolate mutually-untrusting web services within the
browser, while allowing safe forms of communication.