Invention Grant
US09160756B2 Method and apparatus for protecting markup language document against cross-site scripting attack
有权
用于保护标记语言文档以防止跨站点脚本攻击的方法和装置
- Patent Title: Method and apparatus for protecting markup language document against cross-site scripting attack
- Patent Title (中): 用于保护标记语言文档以防止跨站点脚本攻击的方法和装置
-
Application No.: US12782757Application Date: 2010-05-19
-
Publication No.: US09160756B2Publication Date: 2015-10-13
- Inventor: Olgierd Pieczul , Mark Alexander McGloin , Mary Ellen Zurko
- Applicant: Olgierd Pieczul , Mark Alexander McGloin , Mary Ellen Zurko
- Applicant Address: US NY Armonk
- Assignee: International Business Machines Corporation
- Current Assignee: International Business Machines Corporation
- Current Assignee Address: US NY Armonk
- Agent Jeffrey S. LaBaw; David H. Judson
- Main IPC: H04L29/00
- IPC: H04L29/00 ; H04L29/06 ; G06F21/53
Abstract:
A method for decomposing a web application into one or more domain sandboxes ensures that the contents of each sandbox are protected from attacks on the web application outside that sandbox. Sandboxing is achieved on a per-element basis by identifying content that should be put under protection, generating a secure domain name for the identified content, and replacing the identified content with a unique reference (e.g., an iframe) to the generated secure domain. The identified content is then served only from the generated secure domain.
Public/Granted literature
- US20110289546A1 Method and apparatus for protecting markup language document against cross-site scripting attack Public/Granted day:2011-11-24
Information query
