| 发明名称 | Web page and web browser protection against malicious injections | ||
| 摘要 | A method comprising: loading a web page in a web browser, wherein the web page comprises a call to an anti-injection client-side code; loading the anti-injection client-side code in the web browser; and executing the anti-injection client-side code in the web browser, to: (a) intercept an injection of a node into the DOM (Document Object Model) of the web page, (b) compare the injected node with a list, and (c) based on the comparison, permit or block execution of the injected code. | ||
| 申请公布号 | US9509714(B2) | 申请公布日期 | 2016.11.29 |
| 申请号 | US201514719385 | 申请日期 | 2015.05.22 |
| 申请人 | Cabara Software Ltd. | 发明人 | Sivan Omri;Ronen Eldar;Lavi Yuval |
| 分类号 | G06F11/00;H04L29/06;H04L29/08 | 主分类号 | G06F11/00 |
| 代理机构 | Roach Brown McCarthy & Gruber, P.C. | 代理人 | Roach Brown McCarthy & Gruber, P.C. ;McCarthy Kevin D. |
| 主权项 | 1. A method comprising: operating a web server to receive a call to an anti-injection client-side code from a web browser, wherein the call is facilitated by a code segment in a web page loaded by the web browser; positioning the code segment immediately before a </body>tag of the web page, to: (a) cause the web browser to request the transmitting of the anti-injection client-side code after the web page has finished loading in the web browser, and(b) prevent interception of client-side code originally included in the web page; and transmitting the anti-injection client-side code from the web server to the web browser, wherein the anti-injection client-side code comprises instructions which, when executed by the web browser: (i) intercept an injection of a node into the DOM (Document Object Model) of the web page,(ii) compare the injected node with a list, and(iii) based on the comparison, permit or block execution of the injected node in the web browser. | ||
| 地址 | Tel Aviv IL | ||