Invention Grant
- Patent Title: Method and system for providing runtime vulnerability defense for cross domain interactions
- Patent Title (中): 为交叉域交互提供运行时漏洞防御的方法和系统
-
Application No.: US12546754Application Date: 2009-08-25
-
Publication No.: US08341239B2Publication Date: 2012-12-25
- Inventor: Da Ming Hao , Lin Luo , Ye Wang , Yu Zhang
- Applicant: Da Ming Hao , Lin Luo , Ye Wang , Yu Zhang
- Applicant Address: US NY Armonk
- Assignee: International Business Machines Corporation
- Current Assignee: International Business Machines Corporation
- Current Assignee Address: US NY Armonk
- Agent Vazken Alexanian
- Priority: CN200810212617 20080825
- Main IPC: G06F15/16
- IPC: G06F15/16
Abstract:
A runtime vulnerability defense method, system, and computer readable article of manufacture tangibly embodying computer readable instructions for executing the method for cross domain interactions for a Web application. The method includes: creating a first and second iFrame object by the Web application which belong to a lower domain; creating an object O by the first iFrame object; sharing the created object O by the second iFrame object; promoting the domain of the second iFrame object to an upper domain; creating in the shared object O a source accessing function for submitting to a third party server a request to access the content of the third party server; and creating in the shared object O a sanitization function for sanitizing the response received from the server.
Public/Granted literature
- US20100049792A1 METHOD AND SYSTEM FOR PROVIDING RUNTIME VULNERABILITY DEFENSE FOR CROSS DOMAIN INTERACTIONS Public/Granted day:2010-02-25
Information query
