公开(公告)号：US20070199051A1

公开(公告)日：2007-08-23

申请号：US11355122

申请日：2006-02-15

申请人： Sujal Parikh ,  Lauren Lavoie ,  Karen Corby ,  Mark Alcazar ,  Hua Wang ,  Kusuma Vellanki

发明人： Sujal Parikh ,  Lauren Lavoie ,  Karen Corby ,  Mark Alcazar ,  Hua Wang ,  Kusuma Vellanki

IPC分类号： H04L9/32

CPC分类号： G06F21/53 ,  G09G2358/00

摘要： Described is a technology by which a managed web browser control hosts an unmanaged web OLE control to control navigation requests by the unmanaged web OLE control on behalf of partially trusted code. Site locking may be performed to constrain a site to navigation only to other pages within its site, thereby preventing navigation to an undesirable location. In one example, the unmanaged web OLE control communicates information corresponding to a navigation request to the managed web browser control, and the managed web browser control processes the information to establish whether the navigation is to be allowed or blocked. The benefits of site-locking with respect to privacy are also described, as is z-order management to protect against site spoofing.

摘要翻译： 描述了一种技术，通过该技术，托管Web浏览器控件托管非托管网络OLE控件以代表部分可信代码由非托管网络OLE控件控制导航请求。 可以执行站点锁定以限制站点仅导航到其站点内的其他页面，从而防止导航到不期望的位置。 在一个示例中，非托管网络OLE控件将对应于导航请求的信息传送到被管理的web浏览器控件，并且被管理的web浏览器控件处理信息以确定是否允许或阻止导航。 还描述了关于隐私的站点锁定的好处，以及z序管理以防止站点欺骗。

公开(公告)号：US20060253796A1

公开(公告)日：2006-11-09

申请号：US11121572

申请日：2005-05-04

申请人： Hua Wang ,  Anup Manandhar ,  Julia Farago ,  Mark Alcazar ,  Sujal Parikh ,  Hamid Mahmood

发明人： Hua Wang ,  Anup Manandhar ,  Julia Farago ,  Mark Alcazar ,  Sujal Parikh ,  Hamid Mahmood

IPC分类号： G06F3/00

CPC分类号： G06F9/451

摘要： Described is a method and system by which a computer program window is sized based on the content to display. The window may automatically resize itself as content changes. When laying out an element tree of elements that contain the content, the elements provide desired size information to a parent container, and so on, up to the root element (e.g., a window). If a window property is set to size to the content, a window size is computed during layout, having a height and/or width based on the child elements plus X and Y deltas for a window non-client area and borders. Logic attached to window message handling controls changes to the content/window, such as to automatically resize for changed content, and to selectively turn off or persist the size to content property. Sizing to content may be programmatically limited to one dimension, with the other dimension fixed.

摘要翻译： 描述了基于要显示的内容来计算计算机程序窗口的大小的方法和系统。 随着内容的变化，窗口可能会自动调整自己的大小。 当布置包含内容的元素的元素树时，元素向父容器提供期望的大小信息，等等，直到根元素（例如，窗口）。 如果将窗口属性设置为与内容大小，则在布局期间计算窗口大小，具有基于子元素的高度和/或宽度加上窗口非客户区域和边框的X和Y三角形。 附加到窗口消息处理的逻辑控制对内容/窗口的更改，例如自动调整已更改内容的大小，并选择性地关闭或将大小持久保持为内容属性。 对内容的大小可以以编程方式限制在一个维度上，另一个维度是固定的。

公开(公告)号：US20070209073A1

公开(公告)日：2007-09-06

申请号：US11364359

申请日：2006-02-28

申请人： Karen Corby ,  Mark Alcazar ,  Viresh Ramdatmisier ,  Ariel Kirsman ,  Andre Needham ,  Akhilesh Kaza ,  Raja Krishnaswamy ,  Jeff Cooperstein ,  Charles Kaufman ,  Chris Anderson ,  Venkata Prasad ,  Aaron Goldfeder ,  John Hawkins

发明人： Karen Corby ,  Mark Alcazar ,  Viresh Ramdatmisier ,  Ariel Kirsman ,  Andre Needham ,  Akhilesh Kaza ,  Raja Krishnaswamy ,  Jeff Cooperstein ,  Charles Kaufman ,  Chris Anderson ,  Venkata Prasad ,  Aaron Goldfeder ,  John Hawkins

IPC分类号： G06F12/14

CPC分类号： G06F21/62 ,  G06F21/51 ,  G06F21/53 ,  G06F21/577

摘要： Described is a technology including an evaluation methodology by which a set of privileged code such as a platform's API method may be marked as being security critical and/or safe for being called by untrusted code. The set of code is evaluated to determine whether the code is security critical code, and if so, it is identified as security critical. Such code is further evaluated to determine whether the code is safe with respect to being called by untrusted code, and if so, is marked as safe. To determine whether the code is safe, a determination is made as to whether the first set of code leaks criticality, including by evaluating one or more code paths corresponding to one or more callers of the first set of code, and by evaluating one or more code paths corresponding to one or more callees of the first set of code.

摘要翻译： 描述了一种技术，其包括评估方法，通过该评估方法，可以将一组特权代码（例如平台的API方法）标记为由不受信任的代码调用的安全关键和/或安全。 评估代码集以确定代码是否是安全关键代码，如果是，则将其标识为安全关键。 进一步评估这些代码以确定代码是否对于被不受信任的代码调用是安全的，如果是，则将其标记为安全的。 为了确定代码是否安全，确定第一组代码是否泄漏关键性，包括通过评估与第一组代码的一个或多个调用者相对应的一个或多个代码路径，以及通过评估一个或多个 对应于第一组代码的一个或多个被调用者的代码路径。

公开(公告)号：US07664865B2

公开(公告)日：2010-02-16

申请号：US11355122

申请日：2006-02-15

申请人： Sujal S. Parikh ,  Lauren B. Lavoie ,  Karen Elizabeth Corby ,  Mark Alcazar ,  Hua Wang ,  Kusuma P. Vellanki

发明人： Sujal S. Parikh ,  Lauren B. Lavoie ,  Karen Elizabeth Corby ,  Mark Alcazar ,  Hua Wang ,  Kusuma P. Vellanki

IPC分类号： G06F15/16 ,  G06F7/04 ,  G06F17/30 ,  H04L29/06 ,  G06F15/173

CPC分类号： G06F21/53 ,  G09G2358/00

摘要： Described is a technology by which a managed web browser control hosts an unmanaged web OLE control to control navigation requests by the unmanaged web OLE control on behalf of partially trusted code. Site locking may be performed to constrain a site to navigation only to other pages within its site, thereby preventing navigation to an undesirable location. In one example, the unmanaged web OLE control communicates information corresponding to a navigation request to the managed web browser control, and the managed web browser control processes the information to establish whether the navigation is to be allowed or blocked. The benefits of site-locking with respect to privacy are also described, as is z-order management to protect against site spoofing.

摘要翻译： 描述了一种技术，通过该技术，托管Web浏览器控件托管非托管网络OLE控件以代表部分可信代码由非托管网络OLE控件控制导航请求。 可以执行站点锁定以限制站点仅导航到其站点内的其他页面，从而防止导航到不期望的位置。 在一个示例中，非托管网络OLE控件将对应于导航请求的信息传送到被管理的web浏览器控件，并且被管理的web浏览器控件处理信息以确定是否允许或阻止导航。 还描述了关于隐私的站点锁定的好处，以及z序管理以防止站点欺骗。

公开(公告)号：US08601278B2

公开(公告)日：2013-12-03

申请号：US13570044

申请日：2012-08-08

申请人： Sundaram Ramini ,  Joseph S. Beda ,  Mark Alcazar ,  Roberto A. Franco ,  Roland Katsuaki Tokumi ,  John G. Bedworth

发明人： Sundaram Ramini ,  Joseph S. Beda ,  Mark Alcazar ,  Roberto A. Franco ,  Roland Katsuaki Tokumi ,  John G. Bedworth

IPC分类号： G06F21/00

CPC分类号： H04L63/104 ,  H04L63/102

摘要： A method and system for validating access to a group of related elements are described. The elements within the group access a security context associated with a markup domain when a call is made to an element. An authorized call to an element is enabled such that the markup domain is navigated to a new web page. However, an unauthorized call is prevented so that the navigation to the new web page is not permitted. After the markup domain has been navigated, the security context associated with the markup domain is invalidated. A new security context is generated and associated with the markup domain. The elements associated with the web page navigated from are inaccessible after navigation of the markup domain to the new page. The association of the new security context with the markup domain prevents an unauthorized user from accessing any element that references the previous security context.

摘要翻译： 描述用于验证对一组相关元素的访问的方法和系统。 当对元素进行调用时，组内的元素访问与标记域相关联的安全上下文。 启用对元素的授权呼叫，使得标记域被导航到新的网页。 然而，防止未经授权的呼叫，使得不允许对新网页的导航。 标记域已导航后，与标记域相关联的安全上下文将无效。 生成新的安全上下文并与标记域相关联。 与导航到网页的网页相关联的元素在标记域导航到新页面后是无法访问的。 新安全上下文与标记域的关联可防止未经授权的用户访问引用先前安全上下文的任何元素。

公开(公告)号：US20060101436A1

公开(公告)日：2006-05-11

申请号：US10974422

申请日：2004-10-26

申请人： Christopher Anderson ,  Margaret Goodwin ,  Mark Alcazar

发明人： Christopher Anderson ,  Margaret Goodwin ,  Mark Alcazar

IPC分类号： G06F9/45

CPC分类号： G06F9/45537

摘要： Software programming models are provided for supporting host-environment agnostic content that can be hosted in different hosting environments (e.g., browser or window) without needing to rewrite the content. The models comprise a host-environment abstraction wrapper that provides a transparent layer of abstraction between content and host-environment specific instructions. The host-environment abstraction wrapper supports the use of host-environment independent interaction instructions or declarative statements in content by invoking host-environment specific implementation details on behalf of the content. The host-environment independent interaction instructions represent particular interactions between some content and a hosting environment, but do not provide host-environment implementation instructions that are specific to any particular hosting environment.

摘要翻译： 提供了软件编程模型，用于支持可以托管在不同托管环境（例如浏览器或窗口）中的主机环境不可知内容，而无需重写内容。 这些模型包括主机环境抽象包装器，它在内容和主机环境特定的指令之间提供透明的抽象层。 主机环境抽象包装器通过代表内容调用主机环境特定的实现细节来支持在内容中使用与主机与环境无关的交互指令或声明性语句。 主机与环境无关的交互指令表示某些内容与主机环境之间的特定交互，但不提供特定于任何特定主机环境的主机环境实现指令。

公开(公告)号：US20060031778A1

公开(公告)日：2006-02-09

申请号：US10884745

申请日：2004-07-01

申请人： Margaret Goodwin ,  Mark Alcazar

发明人： Margaret Goodwin ,  Mark Alcazar

IPC分类号： G06F3/00

CPC分类号： G06F8/38

摘要： A platform that provides the ability for a developer to specify different synchronicity properties for navigations within the same application is disclosed. This includes the ability to specify synchronicity globally for the entire application, to specify different synchronicities on different navigation windows within the application, and on different frames within the same navigation window. It also includes the ability to override the synchronicity of a navigation window or frame for a specific hyperlink or navigation without changing the property for other navigations within the same navigation window or frame. Two classes of navigation objects (navigation window and frame) and computer-implemented methods for retrieving and rendering data are disclosed. The navigation objects include a synchronicity attribute that dictates whether the object will render data synchronously (i.e., at one time after the data has been retrieved) or asynchronously (i.e., substantially as the data is received by the client computer and navigation object).

摘要翻译： 公开了一种提供开发人员为同一应用程序中的导航指定不同同步性的能力的平台。 这包括为整个应用程序全局指定同步性的能力，在应用程序内的不同导航窗口以及同一导航窗口中的不同框架上指定不同的同步性。 它还包括覆盖特定超链接或导航的导航窗口或框架的同步性的能力，而不会更改同一导航窗口或框架内其他导航的属性。 公开了两类导航对象（导航窗口和框架）以及用于检索和呈现数据的计算机实现的方法。 导航对象包括指示对象是否同步呈现数据的同步属性（即，在数据被检索之后的一次）或异步地（即，基本上由客户端计算机和导航对象接收数据）。

公开(公告)号：US20050108678A1

公开(公告)日：2005-05-19

申请号：US10715804

申请日：2003-11-18

申请人： Margaret Goodwin ,  Mark Alcazar

发明人： Margaret Goodwin ,  Mark Alcazar

IPC分类号： G06F9/44 ,  G06F9/445

CPC分类号： G06F8/61 ,  G06F8/20 ,  G06F9/454

摘要： This Application Model includes elements that define the scope of an application, its startup and shutdown behavior, and how it manages windows and resources; provide basic navigation functionality, journaling and journal extensibility, browser integration, and Structured Navigation; and define the way an application is deployed, installed, activated, updated, rolled back, and removed from the system in a secure, non-impactful way. It also enables using the same tools and languages for Web applications and locally installed applications, and allows the same application to be hosted in the browser or in a standalone window, based on a compile-time attribute.

摘要翻译： 此应用程序模型包括定义应用程序范围，启动和关闭行为以及如何管理Windows和资源的元素; 提供基本的导航功能，日志记录和日志可扩展性，浏览器集成和结构化导航; 并定义应用程序以安全，无冲击的方式部署，安装，激活，更新，回滚和从系统中删除的方式。 它还可以为Web应用程序和本地安装的应用程序使用相同的工具和语言，并允许基于编译时属性将相同的应用程序托管在浏览器或独立窗口中。

公开(公告)号：US20120304316A1

公开(公告)日：2012-11-29

申请号：US13570044

申请日：2012-08-08

申请人： Sundaram Ramani ,  Joseph S. Beda ,  Mark Alcazar ,  Roberto A. Franco ,  Roland Katsuaki Tokumi ,  John G. Bedworth

发明人： Sundaram Ramani ,  Joseph S. Beda ,  Mark Alcazar ,  Roberto A. Franco ,  Roland Katsuaki Tokumi ,  John G. Bedworth

IPC分类号： G06F21/00

CPC分类号： H04L63/104 ,  H04L63/102

摘要： A method and system for validating access to a group of related elements are described. The elements within the group access a security context associated with a markup domain when a call is made to an element. An authorized call to an element is enabled such that the markup domain is navigated to a new web page. However, an unauthorized call is prevented so that the navigation to the new web page is not permitted. After the markup domain has been navigated, the security context associated with the markup domain is invalidated. A new security context is generated and associated with the markup domain. The elements associated with the web page navigated from are inaccessible after navigation of the markup domain to the new page. The association of the new security context with the markup domain prevents an unauthorized user from accessing any element that references the previous security context.

摘要翻译： 描述用于验证对一组相关元素的访问的方法和系统。 当对元素进行调用时，组内的元素访问与标记域相关联的安全上下文。 启用对元素的授权呼叫，使得标记域被导航到新的网页。 然而，防止未经授权的呼叫，使得不允许对新网页的导航。 标记域已导航后，与标记域相关联的安全上下文将无效。 生成新的安全上下文并与标记域相关联。 与导航到网页的网页相关联的元素在标记域导航到新页面后是无法访问的。 新安全上下文与标记域的关联可防止未经授权的用户访问引用先前安全上下文的任何元素。

公开(公告)号：US20060156231A1

公开(公告)日：2006-07-13

申请号：US11276606

申请日：2006-03-07

申请人： Ashraf Michail ,  Mark Alcazar ,  John Bedworth

发明人： Ashraf Michail ,  Mark Alcazar ,  John Bedworth

IPC分类号： G06F17/24

CPC分类号： G06F17/24

摘要： An extensible editor allows integration of extensions that modify the editor's default behavior and provide customized feedback to users. The editor includes interfaces through which extensions are connected to the editor and through which selection services and highlight rendering services are provided. The selection services interfaces provide a clear separation of a logical selection position in the document and the visual feedback provided for the selection, allowing extensions to be designed that provide customized selection feedback. The highlight rendering services interfaces provide an extension with the ability to augment an existing selection without modifying the actual document. The editor also includes an event routing model that works to decrease the occurrence of conflicts between the editor and extensions and between extensions. Upon the occurrence of an event, the editor routes the event to each extension before the editor's default handling of the event occurs. When an extension responds to an event, the extension may “consume” the event by indicating to the editor not to allow further processing of the event. After an event has been pre-processed by each extension, the default editor acts on the event. The editor then routes the event to each extension again, to allow each extension to process the event after the default editor has acted. When the post-processing is completed, each extension is notified of the actions taken by the editor and by each of the other extensions.

摘要翻译： 可扩展的编辑器可以集成扩展，修改编辑器的默认行为，并向用户提供定制的反馈。 编辑器包括扩展连接到编辑器的接口，并提供选择服务和突出显示服务。 选择服务界面提供文档中的逻辑选择位置和为选择提供的视觉反馈的明确分离，允许设计提供定制选择反馈的扩展。 突出显示服务界面提供扩展功能，可以扩展现有选择，而无需修改实际文档。 编辑器还包括一个事件路由模型，可以减少编辑器和扩展之间以及扩展之间冲突的发生。 发生事件后，编辑器将在发生事件的默认处理之前将事件路由到每个扩展。 当分机响应事件时，分机可以通过向编辑器指示不允许进一步处理事件来“消耗”事件。 事件由每个扩展名预先处理后，默认编辑器对事件进行操作。 然后，编辑器再次将事件路由到每个扩展，以允许每个扩展在默认编辑器执行后处理事件。 当后期处理完成后，每个分机都被通知编辑者和其他每个分机所采取的行动。