Comparing the
vulnerable code slices in figures 1a–
1c with their safe counterparts in figures
2a–2c shows our approach does
not impose significant changes in developer
workflow, nor major changes
to code. For example, in Figure 2b
(5'), we simply use a safe wrapper instead
of the “raw” Web-platform API;
otherwise, this code and its fan-in remain
unchanged.