发明名称 |
Methods and systems for scripting defense |
摘要 |
Methods and systems for cross-site scripting (XSS) defense are described herein. An embodiment includes, embedding one or more tags in content at a server to identify executable and non-executable regions in the content and transmitting the content with the tags to a client based on a request from the client. Another embodiment includes receiving content embedded with one or more permission tags from a server, processing the content and the permission tags, and granting permission to a browser to execute executable content in the content based on the permission tags. A method embodiment also includes receiving content embedded with one or more verify tags from a server, performing an integrity check using the verify tags and granting permission to a browser to execute executable content in the content based on the integrity check. |
申请公布号 |
US8931084(B1) |
申请公布日期 |
2015.01.06 |
申请号 |
US200912558173 |
申请日期 |
2009.09.11 |
申请人 |
Google Inc. |
发明人 |
Paya Cem;Sigurdsson Johann Tomas;Gwalani Sumit |
分类号 |
H04L29/06;H04L29/08;G06F21/12 |
主分类号 |
H04L29/06 |
代理机构 |
Fox Rothschild LLP |
代理人 |
Fox Rothschild LLP |
主权项 |
1. A computer implemented method for processing permission tags embedded by a server to enable a client to identify executable or non-executable regions in content received by the client, comprising:
sending a request from the client to the server for the content, wherein the client sends the request to the server through a browser running at the client, wherein the browser is configured to include:
an opt-in setting that, when activated, causes the browser to run all executable content unless expressly forbidden by a permission tag, andan opt-out setting that, when activated, causes the browser to run no executable content except that which is expressly permitted by a permission tag; receiving the content embedded with one or more permission tags from the server, wherein each of the permission tags comprises a permission attribute that indicates whether any script following the tag is to be executed; processing the content and the one or more permission tags; and granting permission to the browser to execute the content based on the one or more permission tags in the content. |
地址 |
Mountain View CA US |