主权项 |
1. A method of restricting usage of a Document Object Model (DOM) and browser application programming interfaces (API) by an edge server device, comprising:
receiving, by the edge server device, a request for a webpage file from a web browser running on a device; injecting, by the edge server device, a DOM virtualization client on the device by adding JavaScript DOM virtualization client code in the webpage file to form a modified webpage file, and wherein the JavaScript DOM virtualization client code is executable by the web browser, and wherein adding JavaScript DOM virtualization client code comprises:
adding JavaScript code that, when executed by the web browser, causes the DOM virtualization client to intercept a usage of a DOM API associated with one or more scripts running on the web browser;adding JavaScript code that, when executed by the web browser, causes the DOM virtualization client to determine whether the usage of the DOM API by the one or more scripts is allowed based on a DOM API access control list, wherein the DOM API access control list excludes usage of the DOM API by at least some scripts; andadding JavaScript code that, when executed by the web browser, causes the DOM virtualization client to process the usage of the DOM API based on the determination; and sending to the web browser the modified webpage file with the JavaScript DOM virtualization client code added. |