| 发明名称 | Protecting websites from cross-site scripting | ||
| 摘要 | Methods and systems for protecting websites from cross-site scripting are disclosed. A request for a web page comprising a web page element is received from a client. It is determined if the web page comprises a data integrity token for the web page element. It is also determined if a value of the data integrity token matches an expected value. If the web page comprises the data integrity token and if the value matches the expected value, the web page comprising the web page element is sent to the client. If the web page does not comprise the data integrity token or if the value does not match the expected value, a protective operation is performed. | ||
| 申请公布号 | US9032519(B1) | 申请公布日期 | 2015.05.12 |
| 申请号 | US201213663256 | 申请日期 | 2012.10.29 |
| 申请人 | Amazon Technologies, Inc. | 发明人 | Maher Brian Evan;Joglekar Sachin Purushottam;Johansson Jesper Mikael |
| 分类号 | G06F11/00;H04L29/06;G06F21/55 | 主分类号 | G06F11/00 |
| 代理机构 | Meyertons, Hood, Kivlin, Kowert & Goetzel, P.C. | 代理人 | Kowert Robert C.;Meyertons, Hood, Kivlin, Kowert & Goetzel, P.C. |
| 主权项 | 1. A system, comprising: one or more computers configured to implement a cross-site scripting filter system, wherein the cross-site scripting filter system comprises: a web server configured to: receive a request for a web page from a client, wherein the web page comprises a particular web page element and a different web page element;generate a request identifier for the requested web page according to a technique to obscure prediction of the request identifier by an outside entity; andgenerate the web page comprising the particular web page element and the different web page element, a particular data integrity token for the particular web page element, wherein a value of the particular data integrity token is calculated, for the particular web page element, according to a particular checksum of at least the request identifier and at least a portion of the web page element; anda filter module configured to: determine that the particular web page element comprises the particular data integrity token and that a value of the particular data integrity token matches an expected value of the particular data integrity token;determine that the different web page element does not comprise a different data integrity token or that a value of the different data integrity token does not match an expected value of the different data integrity token; andprotect the client from an effect of the different web page element. | ||
| 地址 | Reno NV US | ||