Web browser-based applications deal with humongous user information using applications of web scripts. In particular, JavaScript applications access information through built-in browser APIs that dynamically load remote scripts and execute with the same privilege as that of the applications - usually referred to as mashup model. Unfortunately, this allows malicious JavaScripts to manipulate the given browser functionalities leading to various web attacks violating users' privacy. Moreover, with the rapid growth of e-commerce sectors, malicious scripts pose a significant challenge to digital transactions. In this paper, we propose an approach that prevents various web-based attacks such as code injection, cross-site scripting (XSS). The approach adopts a Dynamic Labelling algorithm that generates information flow security policies automatically for local variables in JavaScript based on the given policies for sensitive variables. Unlike existing solutions that are too conservative primarily due to the generic flow policies leading to false-alarms, our solution leads to realizing conditions as to when a script accepts the parameters returned by a dynamic script; thus enabling us to build an automatic platform for preventing information flows to malicious scripts without explicit characterization by programmers or users.