SYSTEMS AND METHODS FOR PARSING USER-GENERATED CONTENT TO PREVENT ATTACKS

摘要

The present invention relates to systems and methods for parsing of a token stream for user generated content in order to prevent attacks on the user generated content. The systems and methods include a database which stores one or more whitelists, and a parser. The parser removes tokens from the token stream by comparing the tokens against the whitelist. Next, the parser validates CSS property values, encodes data within attribute values and text nodes, reconciles closing HTML tags, and coerces media tags into safe variants. The tokens removed may be any of HTML tags, HTML attributes, HTML protocols, CSS selectors and CSS properties.

主权项

1. A method for parsing a token stream symbolizing user generated content, using a computer implemented security system, the method comprising:
removing tokens from the token stream by comparing the tokens against a whitelist, and filtering for tokens not found in the whitelist; validating CSS property values; encoding data within attribute values and text nodes; reconciling closing HTML tags; and coercing media tags into safe variants.