| 发明名称 |
Automatic Code and Data Separation of Web Application |
| 摘要 |
Aspects of the subject disclosure are directed towards detecting instances within a web application where code and data are not separated, e.g., inline code in the application. One or more implementations automatically transform the web application into a transformed version where code and data are clearly separated, e.g., inline code is moved into external files. The transformation protects against a large class of cross-site scripting attacks. |
| 申请公布号 |
US2014373087(A1) |
申请公布日期 |
2014.12.18 |
| 申请号 |
US201313921169 |
申请日期 |
2013.06.18 |
| 申请人 |
Microsoft Corporation |
发明人 |
Ciu Weidong;Doupe Adam Loe;Jakubowski Mariusz H.;Peinado Marcus |
| 分类号 |
H04L29/06 |
主分类号 |
H04L29/06 |
| 代理机构 |
|
代理人 |
|
| 主权项 |
1. A method comprising, statically analyzing a web application to detect when inline code is present, including performing static data flow analysis of the web application to approximate output of the web application, and parsing data representative of the approximated output to identify any inline code. |
| 地址 |
Redmond WA US |
