| 摘要 |
<p>Methods, servers, and systems for encoding security labels in a dynamic language value to allow cross script communications within client application while limiting the types of information that is allowed to be communicated back to a host server. Static analysis is performed during compilation, and the results are used to generate and insert additional code that updates, modifies and propagates labels (e.g., JavaScript labels) attached to values (e.g., JavaScript values) during execution of a program. To support popular language features that allow for strong integration with other web-based systems, malicious code is allowed to perform operations locally (e.g., on the client), and a detection and prevention mechanism identifies and stops malicious code from sending requests or gathered information over the network, naturalizing attacks and improving the security of applications that embed dynamic language code.</p> |
