发明名称 |
Web page and web browser protection against malicious injections |
摘要 |
A method comprising: loading a web page in a web browser, wherein the web page comprises a call to an anti-injection client-side code; loading the anti-injection client-side code in the web browser; and executing the anti-injection client-side code in the web browser, to: (a) intercept an injection of a node into the DOM (Document Object Model) of the web page, (b) compare the injected node with a list, and (c) based on the comparison, permit or block execution of the injected code. |
申请公布号 |
US9509714(B2) |
申请公布日期 |
2016.11.29 |
申请号 |
US201514719385 |
申请日期 |
2015.05.22 |
申请人 |
Cabara Software Ltd. |
发明人 |
Sivan Omri;Ronen Eldar;Lavi Yuval |
分类号 |
G06F11/00;H04L29/06;H04L29/08 |
主分类号 |
G06F11/00 |
代理机构 |
Roach Brown McCarthy & Gruber, P.C. |
代理人 |
Roach Brown McCarthy & Gruber, P.C. ;McCarthy Kevin D. |
主权项 |
1. A method comprising:
operating a web server to receive a call to an anti-injection client-side code from a web browser, wherein the call is facilitated by a code segment in a web page loaded by the web browser; positioning the code segment immediately before a </body>tag of the web page, to:
(a) cause the web browser to request the transmitting of the anti-injection client-side code after the web page has finished loading in the web browser, and(b) prevent interception of client-side code originally included in the web page; and transmitting the anti-injection client-side code from the web server to the web browser, wherein the anti-injection client-side code comprises instructions which, when executed by the web browser:
(i) intercept an injection of a node into the DOM (Document Object Model) of the web page,(ii) compare the injected node with a list, and(iii) based on the comparison, permit or block execution of the injected node in the web browser. |
地址 |
Tel Aviv IL |