摘要 |
Access control for each part in an HTML document constituting a Web page is performed according to the origin of the part in the document. Thereby, a content provided by a malicious user or server is prevented from fraudulently reading and writing other parts in the HTML document. More precisely, on a server side, each content (including a JavaScript program) is automatically provided with a label indicating the domain that is the origin of the content. Thereby, the control of accesses to multiple domains (cross domain access control) can be performed on a client side. Under this configuration, a combination of the contents, metadata and the access control policy is transmitted from the server side to the client side.
|