Invention Grant
US08856874B2 Method and apparatus for serving content elements of a markup language document protected against cross-site scripting attack
有权
用于服务保护跨站点脚本攻击的标记语言文档的内容元素的方法和装置
- Patent Title: Method and apparatus for serving content elements of a markup language document protected against cross-site scripting attack
- Patent Title (中): 用于服务保护跨站点脚本攻击的标记语言文档的内容元素的方法和装置
-
Application No.: US12782801Application Date: 2010-05-19
-
Publication No.: US08856874B2Publication Date: 2014-10-07
- Inventor: Olgierd Pieczul , Mark Alexander McGloin , Mary Ellen Zurko
- Applicant: Olgierd Pieczul , Mark Alexander McGloin , Mary Ellen Zurko
- Applicant Address: US NY Armonk
- Assignee: International Business Machines Corporation
- Current Assignee: International Business Machines Corporation
- Current Assignee Address: US NY Armonk
- Agent Jeffrey S. LaBaw; David H. Judson
- Main IPC: G06F7/04
- IPC: G06F7/04 ; H04L29/06 ; G06F21/53
Abstract:
A web application decomposed into one or more domain sandboxes ensures that the contents of each sandbox are protected from attacks on the web application outside that sandbox. Sandboxing is achieved on a per-element basis by identifying content that should be put under protection, generating a secure domain name for the identified content, and replacing the identified content with a unique reference (e.g., an iframe) to the generated secure domain. The identified content is then served only from the generated secure domain using a content handler.
Public/Granted literature
Information query
