公开(公告)号：US20040268139A1

公开(公告)日：2004-12-30

申请号：US10606089

申请日：2003-06-25

申请人： MICROSOFT CORPORATION

发明人： Brian S. Christian ,  Russell M. Eames ,  Thomas Fakes ,  Bhavesh R. Thaker

IPC分类号： H04L009/00 ,  H04L009/32 ,  G06F011/30 ,  G06F012/14

CPC分类号： H04L63/0227 ,  H04L63/14

摘要： Systems and methods are described for declarative client input security screening. A configuration module in a web-based application (or project) that includes one or more web pages is designed to allow client input to be screened for the web pages by declaring particular screening attributes and actions therein. A global section in such a configuration module includes security screens that apply to input of all types, while other individual sections include security screens that apply only to input of particular type. The global section provides a way to consolidate screening that applies to all client input types, thereby precluding redundant screens having to be maintained in each individual section. Client input that survives the security screening is cached and used in normal page processing. By including the security screens in a declarative section, maintenance is made more efficient and reliable.

摘要翻译： 描述用于声明性客户端输入安全性筛选的系统和方法。 包括一个或多个网页的基于Web的应用程序（或项目）中的配置模块被设计为允许通过在其中声明特定的筛选属性和动作来筛选网页的客户端输入。 这种配置模块中的全局部分包括适用于所有类型的输入的安全屏幕，而其他单独的部分包括仅适用于特定类型的输入的安全屏幕。 全局部分提供了一种整合适用于所有客户端输入类型的筛选的方法，从而排除了必须在每个单独部分中维护冗余的屏幕。 在安全筛选中幸存的客户端输入被缓存并用于正常的页面处理。 通过将安全屏幕包含在声明部分中，维护更加高效可靠。