公开(公告)号：US09098710B2

公开(公告)日：2015-08-04

申请号：US14028685

申请日：2013-09-17

Applicant: Google Inc.

Inventor： Erik Kay ,  Adam Barth

IPC: G06F17/00 ,  G06F21/60 ,  G06F21/12 ,  G06F21/51 ,  H04L29/06 ,  G06F9/445 ,  G06F21/57 ,  G06F21/30

CPC classification number: G06F21/60 ,  G06F8/61 ,  G06F21/121 ,  G06F21/30 ,  G06F21/51 ,  G06F21/577 ,  G06F2221/033 ,  G06F2221/2101 ,  G06F2221/2119 ,  G06F2221/2141 ,  H04L63/1433 ,  H04L63/1466

Abstract: According to one general aspect, a computer-implemented method for implementing default security features for web applications and browser extensions includes receiving a request to include a web application or a web browser extension in a digital marketplace. A determination is made if the web application or the web browser extension conforms to default security features, wherein the default security features include a prohibition against running in-line script on web pages. The web application or the browser extension is included in the digital marketplace if the web application or the browser extension conforms to the default security features.

Abstract translation: 根据一个一般方面，用于实现用于web应用和浏览器扩展的默认安全特征的计算机实现的方法包括在数字市场中接收包括web应用或Web浏览器扩展的请求。 确定Web应用程序或Web浏览器扩展是否符合默认安全功能，其中默认安全功能包括禁止在网页上运行在线脚本。 如果Web应用程序或浏览器扩展符合默认安全功能，则Web应用程序或浏览器扩展程序包含在数字市场中。

公开(公告)号：US20150180875A1

公开(公告)日：2015-06-25

申请号：US14522897

申请日：2014-10-24

Applicant: GOOGLE INC.

Inventor： Erik Kay

IPC: H04L29/06

CPC classification number: H04L63/10 ,  G06F17/30887 ,  G06F21/128 ,  G06F21/56 ,  G06F21/629 ,  H04L63/102 ,  H04L63/123 ,  H04L63/1441 ,  H04L63/145 ,  H04L67/02 ,  H04W12/08 ,  H04W12/12

Abstract: A method can include receiving a static web application at a trusted server, validating assurance characteristics of the static web application, and upon successful validation of the static web application, providing access to the static web application via a URL that identifies the static web application at a trusted server location. The static web application, when executed on the browser running on the client device, can be granted at least one permission to utilize local resources of the client device during execution of the static web application by the browser. Upon receiving a change to an object of the static web application, the validating of the assurance characteristics of the static web application, as a whole, can be performed before the change to the object is made accessible via the URL.

Abstract translation: 一种方法可以包括在受信任的服务器处接收静态web应用程序，验证静态Web应用程序的保证特征，以及在成功验证静态Web应用程序之后，通过标识静态Web应用程序的URL提供对静态Web应用程序的访问 信任的服务器位置。 静态Web应用程序在运行在客户端设备上的浏览器上执行时，可以在浏览器执行静态Web应用程序期间，至少授予一个权限来利用客户端设备的本地资源。 在接收到静态Web应用的对象的改变之后，可以在通过URL访问对象的改变之前，执行对整个静态web应用的保证特征的验证。

公开(公告)号：US20140020053A1

公开(公告)日：2014-01-16

申请号：US14028685

申请日：2013-09-17

Applicant: Google Inc.

Inventor： Erik Kay ,  Adam Barth

IPC: G06F21/60

CPC classification number: G06F21/60 ,  G06F8/61 ,  G06F21/121 ,  G06F21/30 ,  G06F21/51 ,  G06F21/577 ,  G06F2221/033 ,  G06F2221/2101 ,  G06F2221/2119 ,  G06F2221/2141 ,  H04L63/1433 ,  H04L63/1466

Abstract: According to one general aspect, a computer-implemented method for implementing default security features for web applications and browser extensions includes receiving a request to include a web application or a web browser extension in a digital marketplace. A determination is made if the web application or the web browser extension conforms to default security features, wherein the default security features include a prohibition against running in-line script on web pages. The web application or the browser extension is included in the digital marketplace if the web application or the browser extension conforms to the default security features.

Abstract translation: 根据一个一般方面，用于实现用于web应用和浏览器扩展的默认安全特征的计算机实现的方法包括在数字市场中接收包括web应用或Web浏览器扩展的请求。 确定Web应用程序或Web浏览器扩展是否符合默认安全功能，其中默认安全功能包括禁止在网页上运行在线脚本。 如果Web应用程序或浏览器扩展符合默认安全功能，则Web应用程序或浏览器扩展程序包含在数字市场中。