| 摘要 |
There is provided a method of preventing unwanted code execution in a computing environment executing a scripting language and associated environment, wherein said computing environment comprises at least one server-side resource and a client side resource, comprising determining “safe” and “at risk” or “restricted” portions of the scripting language and associated environment, determining “trusted” and “untrusted” portions of the scripting language and associated environment, determining at least one “trusted” server-side resource, receiving from the “trusted” server-side resource an initial message containing one or more high-entropy secrets, and providing an unwanted code execution protection mechanism by reconfiguring said “at risk” or “restricted” portions of the scripting language and associated environment to require presentation of the one or more high-entropy secrets in order to execute. |
| 主权项 |
1. A method of preventing unwanted code execution in a client/server computing environment executing a client-side script by an internet browser, said internet browser comprising functions, objects and properties, and their instances, wherein the client/server computing environment comprises at least one server-side resource in network communications with the internet browser, wherein the internet browser receives the script from at least one script source and executes the script, wherein the at least one script source includes any one or combination of: messages received from the at least one server-side resource in response to requests made by the internet browser; the script entered by a user of the internet browser through a debug console; the script entered by a user through the internet browser address bar; the script contained in third party browser add-ons attached to the browser; and the script retrieved from a local storage device, the method comprising:
determining safe and at risk or restricted portions of the internet browser, wherein at least one of the portions of the internet browser comprises instances of the functions, objects and properties; determining at least one of the at least one server-side resource to be a trusted resource; determining trusted and untrusted portions of the script wherein trusted script includes script contained in messages received from the trusted resource using the network communications, and untrusted script refers to script received from untrusted script sources; receiving, by the internet browser, from the trusted resource at least one message using the network communications containing one or more passwords; and in response to the receiving, preventing, by the internet browser, unwanted code execution by:
re-writing said at risk portions of the internet browser to require presentation of the one or more passwords to the internet browser in order for the internet browser or any script to execute said at risk portions, wherein re-writing is executed during runtime of the internet browser and includes altering the internet browser by a rewriter program executing in the internet browser, wherein the trusted resource includes the one or more passwords within each messages containing trusted script sent to the internet browser using the network communications subsequent to the at least one message, in order that the trusted script contained in the each messages is permitted to execute said at risk portions of the internet browser. |
