| 摘要 |
An active filter monitors a web browser session to identify executable code transmitted in the session. The executable code may be analyzed to determine if the code is digitally signed. When the code is digitally signed by the web server or by another trusted source, the code may be executed. When the code is neither digitally signed or when the source is not trusted, the code may be rejected and not executed. The filter may be implemented as a web browser component or plugin, as well as a gateway device, proxy, or other service. The filter may also be implemented on the server side to reject incoming data that may include unauthenticated code. |
| 主权项 |
1. At a computer system, the computer system including a processor and system memory, the computer system connected to a Wide Area Network (WAN), the computer system including a Web browser for browsing content offered by other computer systems connected to the Wide Area Network (WAN), a method performed on the processor for mitigating a cross site scripting attack against the computer, said method comprising:
continually monitoring Web based content passed to the Web browser during the web browser session; during the continual monitoring, detecting a portion of Web based content from a Web server, the portion of content including both executable code for processing at the Web browser and other content for processing at the Web browser, dispositioning the executable code, including:
determining that the executable code is not digitally signed by the Web server;in response to determining that the executable code is not digitally signed by the Web server, referring to a list provided by the web server, the list listing one or more trusted third parties for executable code supplied by the web server;determining that the executable code is not digitally signed by any of the listed one or more trusted third parties;in response to determining that the executable code is not signed by the Web server and is not signed by any of the listed one or more trusted third parties, determining that the executable code is associated with a cross site scripting attack against the computer; andin response to determining that the executable code is associated with a cross site scripting attack, removing the executable code from the Web based content to form a partial set of Web based content, the executable code being removed from the Web based content prior to processing any of the Web based content at the at the Web browser; and presenting the partial set of Web based content at the Web browser subsequent to removal of the executable code. |
