发明授权
- 专利标题: Method and system for providing runtime vulnerability defense for cross domain interactions
- 专利标题(中): 为交叉域交互提供运行时漏洞防御的方法和系统
-
申请号: US12546754申请日: 2009-08-25
-
公开(公告)号: US08341239B2公开(公告)日: 2012-12-25
- 发明人: Da Ming Hao , Lin Luo , Ye Wang , Yu Zhang
- 申请人: Da Ming Hao , Lin Luo , Ye Wang , Yu Zhang
- 申请人地址: US NY Armonk
- 专利权人: International Business Machines Corporation
- 当前专利权人: International Business Machines Corporation
- 当前专利权人地址: US NY Armonk
- 代理商 Vazken Alexanian
- 优先权: CN200810212617 20080825
- 主分类号: G06F15/16
- IPC分类号: G06F15/16
摘要:
A runtime vulnerability defense method, system, and computer readable article of manufacture tangibly embodying computer readable instructions for executing the method for cross domain interactions for a Web application. The method includes: creating a first and second iFrame object by the Web application which belong to a lower domain; creating an object O by the first iFrame object; sharing the created object O by the second iFrame object; promoting the domain of the second iFrame object to an upper domain; creating in the shared object O a source accessing function for submitting to a third party server a request to access the content of the third party server; and creating in the shared object O a sanitization function for sanitizing the response received from the server.