Protecting websites from cross-site scripting

Invention Grant

US09553865B2 Protecting websites from cross-site scripting 有权

Title translation: 保护网站免受跨站点脚本攻击

Please log in to see more content

Patent Title: Protecting websites from cross-site scripting
Patent Title (中): 保护网站免受跨站点脚本攻击
Application No.: US14709003

Application Date: 2015-05-11
Publication No.: US09553865B2

Publication Date: 2017-01-24
Inventor: Brian Evan Maher , Sachin Purushottam Joglekar , Jesper Mikael Johansson
Applicant: Amazon Technologies, Inc.
Applicant Address: US NV Reno
Assignee: Amazon Technologies, Inc.
Current Assignee: Amazon Technologies, Inc.
Current Assignee Address: US NV Reno
Agency: Meyertons, Hood, Kivlin, Kowert & Goetzel, P.C.
Agent Robert C. Kowert
Main IPC: G06F11/00
IPC: G06F11/00 ; H04L29/06 ; G06F21/55 ; H04L29/08

Abstract:

Methods and systems for protecting websites from cross-site scripting are disclosed. A request for a web page comprising a web page element is received from a client. It is determined if the web page comprises a data integrity token for the web page element. It is also determined if a value of the data integrity token matches an expected value. If the web page comprises the data integrity token and if the value matches the expected value, the web page comprising the web page element is sent to the client. If the web page does not comprise the data integrity token or if the value does not match the expected value, a protective operation is performed.

Abstract(Chinese):

披露了用于保护网站免受跨站脚本影响的方法和系统。从客户端接收到包括网页元素的网页的请求。确定网页是否包括网页元素的数据完整性令牌。还确定数据完整性令牌的值是否与预期值相匹配。如果网页包括数据完整性令牌，并且如果该值与期望值匹配，则包含网页元素的网页被发送到客户端。如果网页不包含数据完整性令牌，或者如果该值与预期值不匹配，则执行保护操作。

Public/Granted literature

US20150319189A1 PROTECTING WEBSITES FROM CROSS-SITE SCRIPTING Public/Granted day:2015-11-05

Information query

Espacenet

IPC分类:

G	物理
G06	计算；推算或计数
G06F	电数字数据处理（基于特定计算模型的计算机系统入G06N）
G06F11/00	错误检测；错误校正；监控（在记录载体上作出核对其正确性的方法或装置入G06K5/00；基于记录载体和传感器之间的相对运动而实现的信息存储中所用的方法或装置入G11B，例如G11B20/18；静态存储中所用的方法或装置入G11C29/00）