CN103761114A - Method and device for loading extensions and/or plugins on browser side - Google Patents
Method and device for loading extensions and/or plugins on browser side Download PDFInfo
- Publication number
- CN103761114A CN103761114A CN201310493213.8A CN201310493213A CN103761114A CN 103761114 A CN103761114 A CN 103761114A CN 201310493213 A CN201310493213 A CN 201310493213A CN 103761114 A CN103761114 A CN 103761114A
- Authority
- CN
- China
- Prior art keywords
- plug
- expansion
- unit
- security
- browser
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Landscapes
- Stored Programmes (AREA)
- Information Transfer Between Computers (AREA)
Abstract
The invention discloses a method and a device for loading extensions and/or plugins on a browser side. The method comprises the following steps: arranging an extension and/or plugin security engine and an extension and/or plugin security configuration file for the engine to call on the browser side, wherein the extension and/or plugin security configuration file comprises security description information of browser extensions and/or plugins; during loading of the extensions and/or plugins on the browser side, calling the extension and/or plugin security configuration file by using the extension and/or plugin security engine, and judging the security of the extensions and/or plugins to be loaded according to the security description information of the extensions and/or plugins; when the extensions and/or plugins to be loaded are judged to be safe extensions and/or plugins, loading on the browser side. By using the method and the device, the security audit efficiency of the browser extensions and/or plugins can be increased effectively.
Description
Technical field
The present invention relates to field of computer technology, relate in particular to method and the device of a kind of browser side loading expansion and/or plug-in unit.
Background technology
It for the extension element providing in browser, is mainly three classes at present: the expansion (being official's expansion) that the first kind, Development of Web Browser side provide; The expansion of affiliate's exploitation of Equations of The Second Kind, browser; The 3rd class, third party are provided to the extension element on the expansion central platform of browser.
For the extension element being provided by third party, be mainly to examine by O&M personnel at present: for the extension element of JavaScript type, be mainly to analyze for the source code of JavaScript by O&M personnel, or carry out automatic decision by source code analysis tool; For the expansion of compiled DLL form, generally can obtain its source code analyzes, or in virtual environment, carry out test run, thereby the behavioral parameters that obtains this extension element determines that it whether riskyly (for example revises system registry, the startup item of modification system, illegally carries out write operation to system file); After main or O&M personnel audit, reach the standard grade and download and install to browser client in the expansion center of just putting into browser.
Owing to needing O&M personnel to examine extension element in prior art, cause security review efficiency low.
Summary of the invention
In view of the above problems, propose the present invention to provide a kind of a kind of browser side that overcomes the problems referred to above or address the above problem at least in part to load method and the device of expansion and/or plug-in unit, effectively improved browser extension profit/or the efficiency of the security audit of plug-in unit.
According to one aspect of the present invention, provide a kind of browser side to load the method for expansion and/or plug-in unit, comprise: in browser side, expansion and/or plug-in security engine are set and supply expansion and/or the plug-in security configuration file of this engine calling, wherein said expansion and/or plug-in security configuration file comprise the security descriptor information of browser extension and/or plug-in unit; When browser side loads expansion and/or plug-in unit, expansion and/or the expansion of plug-in security engine calling and/or plug-in security configuration file, and according to the expansion that will be loaded described in the security descriptor information judgement of expansion and/or plug-in unit and/or the security of plug-in unit; By being judged as safe expansion and/or plug-in unit, in browser side, load.
The expansion of having installed in current browser that will load and/or plug-in unit when alternatively, the described expansion that will be loaded in browser side and/or plug-in unit are included in browser and start, in the use procedure of browser, user is initiated the expansion of installing and/or plug-in unit, in browser side, is expanded and/or the expansion of the renewal that loads during update of plug-in and/or plug-in unit and one or more in the expansion when account is synchronous and/or plug-in unit for the user who has logined browser account by the expansion center of browser.
Alternatively, the expansion that described expansion and/or plug-in security configuration file comprise and/or the security descriptor information of plug-in unit comprise: the information of expansion and/or the self information of plug-in unit and the level of security of expansion and/or plug-in unit; Wherein, the self information of described expansion and/or plug-in unit comprises: No. ID of source, expansion and/or the plug-in unit of version information, expansion and/or the plug-in unit of expansion and/or title, expansion and/or the plug-in unit of plug-in unit, expansion and/or the descriptor of plug-in unit and the date issued of expansion and/or plug-in unit.
Alternatively, described expansion and/or plug-in security engine comprise according to the step of the security of the expansion that will be loaded described in the security descriptor information judgement of expansion and/or plug-in unit and/or plug-in unit: this expansion of recording in the security descriptor information of the self information of the expansion that will be loaded in browser side and/or plug-in unit and expansion and/or plug-in unit and/or the self information of plug-in unit are mated, and obtain the information of the level of security of this expansion and/or plug-in unit.
Alternatively, this expansion of recording in the security descriptor information of the self information of the expansion that will be loaded in browser side and/or plug-in unit and expansion and/or plug-in unit and/or the self information of plug-in unit are being mated, and also comprising before obtaining the step of level of security information of this expansion and/or plug-in unit: according to whether safety of the expansion that will be loaded described in the source judgement of the described expansion that will be loaded of recording in described expansion and/or plug-in security configuration file and/or plug-in unit and/or plug-in unit; Wherein, when the source of the expansion that will be loaded described in recording in described expansion and/or plug-in security configuration file and/or plug-in unit is the exploitation side of described browser, expansion and/or the plug-in unit that described in described expansion and/or plug-in security engine judge, will be loaded are safe; When the exploitation side of browser described in the source right and wrong of the expansion that will be loaded and/or plug-in unit described in recording in described expansion and/or plug-in security configuration file, carry out by the described expansion profit that will be loaded in browser side/or the self information of plug-in unit and the corresponding informance of recording in described expansion and/or plug-in security configuration file mate and obtain the level of security information of this expansion and/or plug-in unit, according to matching result and described level of security information, judge whether safety of expansion that this will be loaded and/or plug-in unit.
Alternatively, the information of described level of security comprises blacklist, gray list and white list, wherein, level of security is that expansion and/or the plug-in unit of blacklist is confirmed as existing potential safety hazard, level of security is that expansion and/or the plug-in unit of gray list is confirmed as existing potential potential safety hazard, and the expansion that level of security is white list and/or plug-in unit are confirmed as not having security extension and/or the plug-in unit of risk.
Alternatively, described method also comprises: described expansion and/or plug-in security engine are forbidden or unloading operation automatically for being judged as unsafe expansion and/or plug-in unit, and carry out the demonstration of prompting message; For being judged as safety or existing the expansion of potential safety problem and/or plug-in unit to allow installation and upgrade.
Alternatively, described method also comprises: for being judged as unsafe expansion and/or plug-in unit, in the expansion after browser starts and/or plug-in management interface, this expansion and/or plug-in unit are carried out to mark and/or prompting.
Alternatively, if be judged as unsafe expansion and/or plug-in unit, be expansion and/or the plug-in unit of having installed, expansion and/or plug-in management interface in the scheme of the icon of this expansion and/or plug-in unit and description is made as to grey, and/or with red word clearly point out this expansion and/or plug-in unit dangerous.
Alternatively, if judge that expansion and/or plug-in unit that browser side will load are unsafe expansion and/or plug-in unit, provide safe expansion and/or the installation link of plug-in unit.
According to another aspect of the present invention, also provide a kind of browser side to load the device of expansion and/or plug-in unit, comprise: module is set, be suitable for expansion and/or plug-in security engine being set and supplying expansion and/or the plug-in security configuration file of this engine calling in browser side, wherein said expansion and/or plug-in security configuration file comprise the security descriptor information of browser extension and/or plug-in unit; Security judge module, be suitable for described expansion and/or plug-in security engine when browser side loads expansion and/or plug-in unit, call described expansion and/or plug-in security configuration file, and according to the expansion that will be loaded described in the security descriptor information judgement of expansion and/or plug-in unit and/or the security of plug-in unit; Load-on module, is suitable for loading in browser side being judged as safe expansion and/or plug-in unit.
Alternatively, the described expansion that will be loaded in browser side and/or plug-in unit comprise: the expansion of having installed in current browser that will load when browser starts and/or plug-in unit, in the use procedure of browser, user initiates at the expansion center by browser the expansion of installing and/or plug-in unit, in browser side, expands and/or the expansion of the renewal that loads during update of plug-in and/or plug-in unit and one or more in the expansion when account is synchronous and/or plug-in unit for the user who has logined browser account.
Alternatively, the expansion that described expansion and/or plug-in security configuration file comprise and/or the security descriptor information of plug-in unit comprise: the information of expansion and/or the self information of plug-in unit and the level of security of expansion and/or plug-in unit; Wherein, the self information of described expansion and/or plug-in unit comprises: No. ID of source, expansion and/or the plug-in unit of version information, expansion and/or the plug-in unit of expansion and/or title, expansion and/or the plug-in unit of plug-in unit, expansion and/or the descriptor of plug-in unit and the date issued of expansion and/or plug-in unit.
Alternatively, described security judge module is further adapted for this expansion of recording in the security descriptor information of the self information of the expansion that will be loaded in browser side and/or plug-in unit and expansion and/or plug-in unit and/or the self information of plug-in unit is mated, and obtains the information of the level of security of this expansion and/or plug-in unit.
Alternatively, described security judge module is also suitable for according to whether safety of the expansion that will be loaded described in the source judgement of the described expansion that will be loaded of recording in described expansion and/or plug-in security configuration file and/or plug-in unit and/or plug-in unit; Wherein, when the source of the expansion that will be loaded described in recording in described expansion and/or plug-in security configuration file and/or plug-in unit is the exploitation side of described browser, expansion and/or the plug-in unit that described in described expansion and/or plug-in security engine judge, will be loaded are safe; When the exploitation side of browser described in the source right and wrong of the expansion that will be loaded and/or plug-in unit described in recording in described expansion and/or plug-in security configuration file, carry out the level of security information of the self information of the described expansion that will be loaded in browser side and/or plug-in unit and the corresponding informance of recording in described expansion and/or plug-in security configuration file being mated and obtained this expansion and/or plug-in unit, according to matching result and described level of security information, judge whether safety of expansion that this will be loaded and/or plug-in unit.
Alternatively, the information of described level of security comprises blacklist, gray list and white list, wherein, level of security is that expansion and/or the plug-in unit of blacklist is confirmed as existing potential safety hazard, level of security is that expansion and/or the plug-in unit of gray list is confirmed as existing potential potential safety hazard, and the expansion that level of security is white list and/or plug-in unit are confirmed as not having security extension and/or the plug-in unit of risk.
Alternatively, described device also comprises: disabled module, is suitable for described expansion and/or plug-in security engine and automatically forbids or unloading operation for being judged as unsafe expansion and/or plug-in unit, and carry out the demonstration user of prompting message; Upgrading module, is suitable for for being judged as safety or existing the expansion of potential safety problem and/or plug-in unit to allow installation and upgrade.
Alternatively, described device also comprises: the first prompting module, be suitable for for being judged as unsafe expansion and/or plug-in unit, and in the expansion after browser starts and/or plug-in management interface, this expansion and/or plug-in unit are carried out to mark and/or prompting.
Alternatively, described device also comprises: the second prompting module, if be suitable for judging that expansion and/or plug-in unit that browser side will load are unsafe expansion and/or plug-in unit, expansion and/or plug-in management interface in the scheme of the icon of this expansion and/or plug-in unit and description is made as to grey, and/or with red word clearly point out this expansion and/or plug-in unit dangerous.
Alternatively, described device also comprises: link is installed module is provided, be suitable for when the described expansion that will load in browser side and/or plug-in unit are judged as unsafe expansion and/or plug-in unit, provide safe expansion and/or the installation of plug-in unit to link.
In an embodiment of the present invention, the security engine of expansion and/or plug-in unit and the expansion of its correspondence and/or plug-in security configuration file in browser master routine, have been added, expansion and/or plug-in security engine are when browser side loads expansion and/or plug-in unit, invoke extensions and/or plug-in security configuration file, and according to the expansion that will be loaded described in the security descriptor information judgement of expansion and/or plug-in unit and/or the security of plug-in unit; By being judged as safe expansion and/or plug-in unit, in browser side, load, be convenient to security audit and the control and management of browser for the increasing browser extension of quantity and/or plug-in unit, effectively improve the efficiency of the security audit of browser extension and/or plug-in unit.
Above-mentioned explanation is only the general introduction of technical solution of the present invention, in order to better understand technological means of the present invention, and can be implemented according to the content of instructions, and for above and other objects of the present invention, feature and advantage can be become apparent, below especially exemplified by the specific embodiment of the present invention.
Accompanying drawing explanation
By reading below detailed description of the preferred embodiment, various other advantage and benefits will become cheer and bright for those of ordinary skills.Accompanying drawing is only for the object of preferred implementation is shown, and do not think limitation of the present invention.And in whole accompanying drawing, represent identical parts by identical reference symbol.In the accompanying drawings:
Fig. 1 shows the process flow diagram that loads the method for expansion and/or plug-in unit according to browser side in embodiments of the invention;
Fig. 2 shows the example of the plug-in unit that browser will load;
Fig. 3 shows according to an embodiment of the invention expansion and/or plug-in security engine and judges a kind of implementation of the security of the expansion that will be loaded and/or plug-in unit;
Fig. 4 shows the block diagram of the system of browser side loading expansion according to an embodiment of the invention and/or plug-in unit; And
Fig. 5 shows the block diagram of the device of browser side loading expansion according to an embodiment of the invention and/or plug-in unit.
Embodiment
For fully understanding goal of the invention of the present invention, feature and effect, by following concrete embodiment, the present invention is elaborated, but the present invention is not restricted to this.
Fig. 1 shows according to the process flow diagram of the method l00 of browser side loading expansion and/or plug-in unit in embodiments of the invention as shown in Figure 1, the method 100 starts from step mule S110, in step S110, in browser side, expansion and/or plug-in security engine are set and supply expansion and/or the plug-in security configuration file of this engine calling, wherein expansion and/or plug-in security configuration file comprise the security descriptor information of browser extension and/or plug-in unit.
In an embodiment of the present invention, above-mentioned browser can be red fox browser (Firefox), Google's browser (GoogleChrome), 360 secure browsers etc., certainly can understand, do not limit in an embodiment of the present invention the particular type of browser.
In an embodiment of the present invention, the function of plug-in unit (Plugins) is exactly that the function that third party is provided should use in the page by embed, object label, such as Flash plug-in unit, and Silverlight plug-in unit, Quicktime plug-in unit.Expansion (Extensions) is the Add-ons that can increase some new functions to browser.In browser, such as meagre extender, mail extension program, cloud dish extender, game extender etc., these extenders can be window or the buttons increasing on some browsers, expand the function of browser.
Alternatively, in an embodiment of the present invention, the expansion that expansion and/or plug-in security configuration file comprise and/or the security descriptor information of plug-in unit comprise: the information of expansion and/or the self information of plug-in unit and the level of security of expansion and/or plug-in unit;
Wherein, the self information of above-mentioned expansion and/or plug-in unit comprises: No. ID of source, expansion and/or the plug-in unit of version information, expansion and/or the plug-in unit of expansion and/or title, expansion and/or the plug-in unit of plug-in unit, expansion and/or the descriptor of plug-in unit and the date issued of expansion and/or plug-in unit.
Here, the descriptor of expansion and/or plug-in unit as shown in Figure 2, it has provided the diagram of the plug-in unit " 360 mails are logical " on 360 secure browsers, the title that wherein shows plug-in unit is " 360 mails are logical ", the version number " 2.2.1.1125 " of this plug-in unit, be on June 3rd, 2011 date issued (being uplink time) of plug-in unit, the source of plug-in unit is 360CN, the descriptor of plug-in unit comprises the picture in the upper left corner and text description " while having new mail, remind in time, support 163,126, the mailbox such as Gmail, Sina, Sohu "
The information of the level of security of above-mentioned expansion and/or plug-in unit comprises: blacklist, gray list and white list, and wherein, the expansion that level of security is blacklist and/or plug-in unit are confirmed as existing potential safety hazard; Level of security is that expansion and/or the plug-in unit of gray list is confirmed as existing potential potential safety hazard; Level of security is security extension and/or the plug-in unit that the expansion of white list and/or plug-in unit are confirmed as not having risk.
Illustrate, in expansion and/or plug-in security configuration file, can record following content:
Above-mentioned expansion and/or plug-in security configuration file have recorded the expansion/plug-in unit of 2 white lists, the expansion/plug-in unit of the expansion/plug-in unit of 1 gray list and 1 blacklist.
Subsequently, in step S130, when browser side loads expansion and/or plug-in unit, described expansion and/or plug-in security engine are activated and invoke extensions and/or plug-in security configuration file, and judge the expansion that will be loaded and/or the security of plug-in unit according to the security descriptor information of expansion and/or plug-in unit.
Alternatively, expansion and/or the plug-in unit that in browser side, will be loaded in an embodiment of the present invention, comprise: the expansion of having installed in current browser that will load when browser starts and/or plug-in unit, in the use procedure of browser, user initiates at the expansion center by browser the expansion of installing and/or plug-in unit, in browser side, expands and/or the expansion of the renewal that loads during update of plug-in and/or plug-in unit and one or more in the expansion when account is synchronous and/or plug-in unit for the user who has logined browser account.
Fig. 3 shows expansion and/or plug-in security engine and judges a kind of implementation of the security of the expansion that will be loaded and/or plug-in unit.
As shown in Figure 3, at step S1310, when browser side loads expansion and/or plug-in unit, described expansion and/or plug-in security engine are activated.
Then, at step S1320, expansion and/or plug-in security configuration file described in described expansion and/or plug-in security engine calling.The security descriptor information of described expansion and/or plug-in unit as previously described, occurrence used when the security of the described expansion that will be loaded and/or plug-in unit is judged as described expansion and/or plug-in security engine.
Then,, at step S1330, described expansion and/or plug-in security engine are according to the expansion that will be loaded described in the security descriptor information judgement of expansion and/or plug-in unit and/or the security of plug-in unit.
In step S1330, for the expansion that will be loaded in browser side and/or the plug-in unit of different situations, described expansion and/or plug-in security engine carry out security judgement and provide different judged results.
Situation one, for the expansion of having installed in current browser that will load when browser starts and/plug-in unit
When browser starts, expansion and/or plug-in security engine expansion and/or the plug-in unit to start-up loading examined coupling (such as fit version information, expansion/plugin name, safety level information etc.) according to expansion and/or plug-in security configuration file, to expansion and/or the plug-in unit of coupling, allow browser to load; When there is unmatched occurrence, judge that this expansion and/or plug-in unit, as unsafe expansion and/or plug-in unit, will not load.
Situation two, expansion and/or the plug-in unit of for user in the use procedure of browser, by the expansion center of browser, initiating installation
In the use of browser, newly expand and/or during the installation of new plug-in unit, expansion and/or plug-in security engine need according to expansion and/or plug-in security configuration file, described new expansion and/or new plug-in unit to be examined to coupling in time, and the occurrence mating is the information of the self information of foregoing expansion and/or plug-in unit and the level of security of expansion and/or plug-in unit.For expansion and/or the plug-in unit of coupling, be judged to be safe expansion and/or plug-in unit, allow browser to load; When there is unmatched occurrence, judge that this expansion and/or plug-in unit, as unsafe expansion and/or plug-in unit, will not load.
Situation three, for expansion and/or the plug-in unit of the renewal of expanding in browser side and/or load during update of plug-in
When browser starts the renewal of expansion and/or plug-in unit, expansion and/or plug-in security engine are examined coupling to the expansion being updated and/or plug-in unit according to the expansion of this renewal and/or plug-in security configuration file, for expansion and/or the plug-in unit of the renewal of mating, be judged to be safe expansion and/or plug-in unit, allow browser to load and upgrade; When there is unmatched occurrence, judge that the expansion of this renewal and/or plug-in unit are unsafe expansion and/or plug-in unit, will not load.
Situation four, expansion and/or plug-in unit for the user who has logined browser account when account is synchronous
For the user who has logined browser account, when account is synchronous, exist some at the synchronous expansion of browser side and/or plug-in unit, expansion and/or plug-in security engine are examined coupling in the synchronous expansion of browser side and/or plug-in unit according to the secure configuration file of this expansion and/or plug-in unit to this, for expansion and/or the plug-in unit of coupling, be judged to be safe expansion and/or plug-in unit, allow synchronous in browser side; When there is unmatched occurrence, judge that this expansion and/or plug-in unit, as unsafe expansion and/or plug-in unit, do not carry out synchronously in browser side.
Alternatively, for above-mentioned any situation, when expansion and/or plug-in security engine, judging will be at the expansion of browser loading and/or plug-in unit during as unsafe expansion and/or plug-in unit, in expansion after browser starts and/or plug-in management interface, described in prompting, be judged as unsafe expansion and/or plug-in unit is dangerous, for example, icon and the descriptive text of this unsafe expansion and/or plug-in unit be made as to grey.In addition, alternatively, with red word clearly point out this expansion and/or plug-in unit dangerous, suggestion user unloading.Again alternatively, the expansion of secure match and/or plug-in unit being recommended to user installs.Above-mentioned functions can realize by expansion and/or plug-in security engine,, expansion and/or plug-in security engine can have the function of expanding and/or plug-in unit is controlled, particularly, be mainly manifested in: for expansion and/or the plug-in unit of unsafe blacklist, forbid automatically or unloading operation, and point out user, for example eject a window, point out with prompting message.For white list expansion and/or the plug-in unit of safety, allow its installation and upgrade, and allow it to use extra expansion and/or card i/f function.In addition, for examining expansion and/or the plug-in unit of the safety that there is no risk through expansion and/or plug-in security engine, this expansion and/or plug-in unit can be put into white list; For the expansion and/or the plug-in unit that define potential safety hazard through audit, put into blacklist.
Alternatively, at embodiments of the invention, in step S130, by this expansion profit of recording in the security descriptor information of the self information of the expansion that will be loaded in browser side and/or plug-in unit and expansion and/or plug-in unit/or the self information of plug-in unit mate, and obtain the information of the level of security of this expansion and/or plug-in unit, with the information of described level of security, indicated the level of security of expansion and/or plug-in unit, the expansion that can intuitive judgment will be loaded and/or the security of plug-in unit.
Alternatively, in an embodiment of the present invention, above-mentioned, this expansion of recording in the security descriptor information of the self information of the expansion that will be loaded in browser side and/or plug-in unit and expansion and/or plug-in unit and/or the self information of plug-in unit are mated, and can also comprise before obtaining the step of level of security information of this expansion and/or plug-in unit:
According to the source of the expansion that will be loaded recorded and/or plug-in unit in expansion and/or plug-in security configuration file, judge whether safety of the expansion that will be loaded and/or plug-in unit; Wherein, when recording the source of the expansion that will be loaded and/or plug-in unit in expansion and/or plug-in security configuration file and be the exploitation side of browser, expansion and/or plug-in security engine judge that expansion and/or the plug-in unit that will be loaded are safe;
For example, when recording the source of the expansion that will be loaded and/or plug-in unit in expansion and/or plug-in security configuration file and be exploitation side's (being third party) of non-browser, carry out by the expansion profit that will be loaded in browser side/or the self information of plug-in unit and the corresponding informance of recording in expansion and/or plug-in security configuration file mate and obtain the level of security information of this expansion and/or plug-in unit, according to matching result and level of security information, judge whether safety of expansion that this will be loaded and/or plug-in unit.
When judging that in step S130 expansion and/or plug-in unit are safe expansion and/or plug-in unit, enter into step S150.In step S150, by being judged as safe expansion and/or plug-in unit, in browser side, load.
Alternatively, for being judged as safety or existing the expansion of potential safety problem and/or plug-in unit to allow installation and upgrade.
According to embodiments of the invention, the method 100 that described browser side loads expansion and/or plug-in unit can also comprise one or more optional step, to realize extra or additional function, but these optional steps are not indispensable for realizing object of the present invention, the method 100 of browser side loading expansion and/or plug-in unit can, in the situation that there is no these optional steps, realize object of the present invention completely according to an embodiment of the invention.These optional steps are not shown in Figure 1, but priority between they and above steps is carried out and can according to following instruction, easily be drawn by those skilled in the art.It is pointed out that unless otherwise specified, these optional steps can be selected according to actual needs together with the execution sequence of above-mentioned steps.
Alternatively, when judging that in step S130 expansion and/or plug-in unit are unsafe expansion and/or plug-in unit, enter into step S170.In step S170, for being judged as unsafe expansion and/or plug-in unit, in the expansion after browser starts and/or plug-in management interface, this expansion and/or plug-in unit are carried out to mark and/or prompting.
Alternatively, if be judged as unsafe expansion and/or plug-in unit, be expansion and/or the plug-in unit of having installed, expansion and/or plug-in management interface in the scheme of the icon of this expansion and/or plug-in unit and description is made as to grey, and/or with red word clearly point out this expansion and/or plug-in unit dangerous.
Alternatively, if be judged as unsafe expansion and/or plug-in unit, be expansion and/or the plug-in unit of having installed, expansion and/or plug-in security engine are forbidden or unloading operation automatically for being judged as unsafe expansion and/or plug-in unit, and carry out the demonstration of prompting message, such as prompting message can be " dangerous " etc., and prompting this expansion of user and/or plug-in unit are dangerous.
Alternatively, if the expansion that will load in browser side and/or plug-in unit are judged as unsafe expansion and/or plug-in unit, safe expansion and/or the installation link of plug-in unit are provided, for example, by a pop-up window, demonstrate the installation link of this safe expansion and/or plug-in unit.
Fig. 4 shows the block diagram of the system of browser side loading expansion according to an embodiment of the invention and/or plug-in unit.As shown in Figure 4, it shows the mutual relationship between browser side and server side.Abnormal or the crash info that the browser side that server reception browser is uploaded produces, or request browser is uploaded the abnormal or crash info that browser side produces, the collapse packet of the browser that when crash reason that after the wherein said abnormal or crash info of being uploaded generally includes collapse and occurs, user manually fills in and collapse, operating system is obtained, here, the collapse field data that this collapse packet comprises which plug-in unit and/or expansion, the operating system of browser or browser can be by carrying out initial analysis to described abnormal or crash info, analyze collapse plug-in unit and/or expansion after report server, also can be directly described abnormal or crash info be uploaded onto the server, by server side analysis, it is which plug-in unit, expansion is collapsed.The expansion here and/or plug-in unit normally third party provide.
Then, expansion and/or plug-in security configuration file or its version number that the current browser side that server reception browser extension and/or plug-in security engine are uploaded is used; The expansion that the abnormal or crash info that server produces according to browser side and current browser side are used and/or plug-in security configuration file or its version number analyze; acquisition is definite causes described abnormal or the expansion of collapse and/or the analysis result of plug-in unit, and analysis result is stored in the configuration file storehouse of server side.As shown in Figure 3, the title that comprised expansion and/or plug-in unit in configuration file storehouse, level of security etc.
Alternatively, when browser starts or termly, synchronizeed with expansion and/or the plug-in security configuration file of browser side in the configuration file storehouse of server side.As shown in Figure 3, in expansion and/or plug-in security configuration file, for each expansion and/or plug-in unit, comprise the occurrences such as expansion and/or No. ID of plug-in unit, level of security, descriptor.
Alternatively, before and the expansion of browser side and/or plug-in security configuration file of the configuration file storehouse of server side is synchronizeed, can also be encrypted the data in the configuration file storehouse of server side, for example, use Base64 (for transmitting one of coded system of 8Bit syllabified code) to be encrypted.
According to a second aspect of the invention, the method 100 that loads expansion and/or plug-in unit with the side of browser according to an embodiment of the invention as above is corresponding, and the present invention also provides a kind of browser side to load the device 500 of expansion and/or plug-in unit.
Fig. 5 shows the structural representation of the device 500 of browser side loading expansion according to an embodiment of the invention and/or plug-in unit.As shown in Figure 5, this device 500 comprises: module 510, security judge module 530 and load-on module 550 are set.
In an embodiment of the present invention, module 510 is set and is suitable for expansion and/or plug-in security engine being set and supplying expansion and/or the plug-in security configuration file of this engine calling in browser side, wherein said expansion and/or plug-in security configuration file comprise the security descriptor information of browser extension and/or plug-in unit.
In an embodiment of the present invention, above-mentioned browser can be red fox browser (Firefox), Google's browser (GoogleChrome), 360 secure browsers etc., certainly can understand, do not limit in an embodiment of the present invention the particular type of browser.The function of plug-in unit (plugins) is exactly that the function that third party is provided should use in the page by embed, object label, such as Flash plug-in unit, and Silverlight plug-in unit, Quicktime plug-in unit.Expansion (Extensions) is the Add-ons that can increase some new functions to browser.In browser, such as meagre extender, mail extension program, cloud dish extender, game extender etc., these extenders can be window or the buttons increasing on some browsers, expand the function of browser.In an embodiment of the present invention, security judge module 530 is suitable for when browser side loads expansion and/or plug-in unit, described expansion and/or plug-in security engine are activated and call described expansion and/or plug-in security configuration file, and according to the expansion that will be loaded described in the security descriptor information judgement of expansion and/or plug-in unit and/or the security of plug-in unit.
Alternatively, security judge module 530, for the expansion that will be loaded in browser side and/or the plug-in unit of different situations, carries out security judgement and provides different judged results.
Situation one, for the expansion of having installed in current browser that will load when browser starts and/plug-in unit
When browser starts, expansion and/or the plug-in unit of security judge module 530 to start-up loading examined coupling (such as fit version information, expansion/plugin name, safety level information etc.) according to expansion and/or plug-in security configuration file, to expansion and/or the plug-in unit of coupling, allow browser to load; When there is unmatched occurrence, judge that this expansion and/or plug-in unit, as unsafe expansion and/or plug-in unit, will not load.
Situation two, expansion and/or the plug-in unit of for user in the use procedure of browser, by the expansion center of browser, initiating installation
In the use of browser, newly expand and/or during the installation of new plug-in unit, security judge module 530 needs according to expansion and/or plug-in security configuration file, described new expansion and/or new plug-in unit to be examined to coupling in time, and the occurrence mating is the information of the self information of foregoing expansion and/or plug-in unit and the level of security of expansion and/or plug-in unit.For expansion and/or the plug-in unit of coupling, be judged to be safe expansion and/or plug-in unit, allow browser to load; When there is unmatched occurrence, judge that this expansion and/or plug-in unit, as unsafe expansion and/or plug-in unit, will not load.
Situation three, for expansion and/or the plug-in unit of the renewal of expanding in browser side and/or load during update of plug-in
When browser starts the renewal of expansion and/or plug-in unit, security judge module 530 is examined coupling to the expansion being updated and/or plug-in unit according to the expansion of this renewal and/or plug-in security configuration file, for expansion and/or the plug-in unit of the renewal of mating, be judged to be safe expansion and/or plug-in unit, allow browser to load and upgrade; When there is unmatched occurrence, judge that the expansion of this renewal and/or plug-in unit, as unsafe expansion profit/or plug-in unit, will not load.
Situation four, expansion and/or plug-in unit for the user who has logined browser account when account is synchronous
For the user who has logined browser account, when account is synchronous, exist some at the synchronous expansion of browser side and/or plug-in unit, security judge module 530 is examined coupling in the synchronous expansion of browser side and/or plug-in unit according to the secure configuration file of this expansion and/or plug-in unit to this, for expansion and/or the plug-in unit of coupling, be judged to be safe expansion and/or plug-in unit, allow synchronous in browser side; When there is unmatched occurrence, judge that this expansion and/or plug-in unit, as unsafe expansion and/or plug-in unit, do not carry out synchronously in browser side.
In an embodiment of the present invention, load-on module 550 is suitable for loading in browser side being judged as safe expansion and/or plug-in unit.
Alternatively, in an embodiment of the present invention, the described expansion that will be loaded in browser side and/or plug-in unit comprise: the expansion of having installed in current browser that will load when browser starts and/or plug-in unit, in the use procedure of browser, user initiates at the expansion center by browser the expansion of installing and/or plug-in unit, in browser side, expands and/or the expansion of the renewal that loads during update of plug-in and/or plug-in unit and one or more in the expansion when account is synchronous and/or plug-in unit for the user who has logined browser account.
Alternatively, in an embodiment of the present invention, the expansion that described expansion and/or plug-in security configuration file comprise and/or the security descriptor information of plug-in unit comprise: the information of expansion and/or the self information of plug-in unit and the level of security of expansion and/or plug-in unit; Wherein, the self information of described expansion and/or plug-in unit comprises: expansion profit/or source, expansion and/or the plug-in unit of version information, expansion and/or the plug-in unit of title, expansion and/or the plug-in unit of plug-in unit No. ID, expansion and/or the descriptor of plug-in unit and the date issued of expansion and/or plug-in unit.
Alternatively, in an embodiment of the present invention, described security judge module 530 is further adapted for this expansion of recording in the security descriptor information of the self information of the expansion that will be loaded in browser side and/or plug-in unit and expansion and/or plug-in unit and/or the self information of plug-in unit is mated, and obtains the information of the level of security of this expansion and/or plug-in unit.
Alternatively, in an embodiment of the present invention, described security judge module is also suitable for according to whether safety of the expansion that will be loaded described in the source judgement of the described expansion that will be loaded of recording in described expansion and/or plug-in security configuration file and/or plug-in unit and/or plug-in unit; Wherein, when the source of the expansion that will be loaded described in recording in described expansion and/or plug-in security configuration file and/or plug-in unit is the exploitation side of described browser, expansion and/or the plug-in unit that described in described expansion and/or plug-in security engine judge, will be loaded are safe; When the exploitation side of browser described in the source right and wrong of the expansion that will be loaded and/or plug-in unit described in recording in described expansion and/or plug-in security configuration file, carry out the level of security information of the self information of the described expansion that will be loaded in browser side and/or plug-in unit and the corresponding informance of recording in described expansion and/or plug-in security configuration file being mated and obtained this expansion and/or plug-in unit, according to matching result and described level of security information, judge whether safety of expansion that this will be loaded and/or plug-in unit.
Alternatively, in an embodiment of the present invention, the information of described level of security comprises blacklist, gray list and white list, wherein, level of security is that expansion and/or the plug-in unit of blacklist is confirmed as existing potential safety hazard, level of security is that expansion and/or the plug-in unit of gray list is confirmed as existing potential potential safety hazard, and the expansion that level of security is white list and/or plug-in unit are confirmed as not having security extension and/or the plug-in unit of risk.
Alternatively, security judge module 530 can also have following function: judging that the expansion that will load at browser and/or plug-in unit are during as unsafe expansion and/or plug-in unit, in expansion after browser starts and/or plug-in management interface, described in prompting, be judged as unsafe expansion and/or plug-in unit is dangerous, for example, icon and the descriptive text of this unsafe expansion and/or plug-in unit be made as to grey.In addition, alternatively, with red word clearly point out this expansion and/or plug-in unit dangerous, suggestion user unloading.Again alternatively, the expansion of secure match and/or plug-in unit being recommended to user installs.
Alternatively, security judge module 530 can be by expanding and/or plug-in security engine is realized.At this moment, expansion and/or plug-in security engine can have the function of expanding and/or plug-in unit is controlled, control for expansion and/or plug-in unit mainly comprises: (1) is for expansion and/or the plug-in unit of unsafe blacklist, forbid automatically or unloading operation, and point out user, for example eject a window, point out with prompting message.(2) for white list expansion and/or the plug-in unit of safety, allow its installation and upgrade, and allow it to use extra expansion and/or card i/f function.(3), for the expansion and/or the plug-in unit that there is no the safety of risk through expansion and/or plug-in security engine audit, this expansion and/or plug-in unit can be added and put into white list; (4) for the expansion and/or the plug-in unit that define safe hidden danger through audit, put into blacklist.
Alternatively, security judge module 530 also can comprise disabled module, upgrading module, the first prompting module, the second prompting module and link is installed provides module.When security judge module 530 is by expanding and/or when plug-in security engine realizes, described disabled module, upgrading module, the first prompting module, the second prompting module and installation link provide module can be contained in expansion and/or plug-in security engine, also can be independent of expansion and/or plug-in security engine and collaborative work together with expansion and/or plug-in security engine.Again alternatively, disabled module, upgrading module, the first prompting module, the second prompting module and installation link provide module also can be independent of security judge module 530.
Wherein, disabled module is suitable for for described expansion and/or plug-in security engine is judged as unsafe expansion and/or plug-in unit is forbidden or unloading operation automatically, and carry out the demonstration user of prompting message, such as prompting message can be " dangerous " etc., and prompting this expansion of user and/or plug-in unit are dangerous.
Upgrading module is suitable for for being judged as safety or existing the expansion of potential safety problem and/or plug-in unit to allow installation and upgrade.
The first prompting module is suitable for for being judged as unsafe expansion and/or plug-in unit, in the expansion after browser starts and/or plug-in management interface, this expansion and/or plug-in unit is carried out to mark and/or prompting.
The second prompting module is suitable for when judging that the expansion of having installed and/or plug-in unit are unsafe expansion and/or plug-in unit, expansion and/or plug-in management interface in the scheme of the icon of this expansion and/or plug-in unit and description is made as to grey, and/or with red word clearly point out this expansion and/or plug-in unit dangerous.
Link is installed provides module to be suitable for when the described expansion that will load in browser side and/or plug-in unit are judged as unsafe expansion and/or plug-in unit, safe expansion and/or the installation link of plug-in unit are provided, for example, by a pop-up window, demonstrate the installation link of this safe expansion and/or plug-in unit.
In the instructions that provided herein, a large amount of details have been described.But, can understand, embodiments of the invention can be put into practice in the situation that there is no these details.In some instances, be not shown specifically known method, structure and technology, so that not fuzzy understanding of this description.
Similarly, be to be understood that, in order to simplify the disclosure and to help to understand one or more in each inventive aspect, in the above in the description of exemplary embodiment of the present invention, each feature of the present invention is grouped together into single embodiment, figure or sometimes in its description.But, the method for the disclosure should be construed to the following intention of reflection: the present invention for required protection requires than the more feature of feature of clearly recording in each claim.Or rather, as reflected in claims below, inventive aspect is to be less than all features of disclosed single embodiment above.Therefore, claims of following embodiment are incorporated to this embodiment thus clearly, and wherein each claim itself is as independent embodiment of the present invention.
Those skilled in the art are appreciated that and can the module in the equipment in embodiment are adaptively changed and they are arranged in one or more equipment different from this embodiment.Module in embodiment or unit or assembly can be combined into a module or unit or assembly, and can put them in addition multiple submodules or subelement or sub-component.At least some in such feature and/or process or unit are mutually repelling, and can adopt any combination to combine all processes or the unit of disclosed all features in this instructions (comprising claim, summary and the accompanying drawing followed) and disclosed any method like this or equipment.Unless clearly statement in addition, in this instructions (comprising claim, summary and the accompanying drawing followed) disclosed each feature can be by providing identical, be equal to or the alternative features of similar object replaces.
In addition, those skilled in the art can understand, although embodiment more described herein comprise some feature rather than further feature included in other embodiment, the combination of the feature of different embodiment means within scope of the present invention and forms different embodiment.For example, in claims, the one of any of embodiment required for protection can be used with array mode arbitrarily.
All parts embodiment of the present invention can, so that part is realized, or realize with the software module moved on one or more processor, or realize with their combination.It will be understood by those of skill in the art that and can use in practice microprocessor or digital signal processor (DSP) to realize the some or all functions according to the some or all parts in the browser client of the embodiment of the present invention.The present invention can also be embodied as part or all equipment or the device program (for example, computer program and computer program) for carrying out method as described herein.Realizing program of the present invention and can be stored on computer-readable medium like this, or can there is the form of one or more signal.Such signal can be downloaded and obtain from internet website, or provides on carrier signal, or provides with any other form.
It should be noted above-described embodiment the present invention will be described rather than limit the invention, and those skilled in the art can design alternative embodiment in the case of not departing from the scope of claims.Word " comprises " not to be got rid of existence and is not listed as element or step in the claims.Being positioned at word " " before element or " one " does not get rid of and has multiple such elements.The present invention can be by means of including the hardware of some different elements and realizing by means of the computing machine of suitably programming.In the unit claim of having enumerated some devices, several in these devices can be to carry out imbody by same hardware branch.The use of word first, second and C grade does not represent any order.Can be title by these word explanations.
The above is only the specific embodiment of the present invention; it should be noted that; for the person of ordinary skill of the art; do not departing under the prerequisite of spirit of the present invention; can make some improvement, modification and distortion, these improve, revise and distortion all should be considered as dropping in the application's protection domain.
The embodiment of the present invention has also disclosed:
A1. browser side loads a method for expansion and/or plug-in unit, comprising:
In browser side, expansion and/or plug-in security engine are set and supply expansion and/or the plug-in security configuration file of this engine calling, wherein said expansion and/or plug-in security configuration file comprise the security descriptor information of browser extension and/or plug-in unit;
When browser side loads expansion and/or plug-in unit, described expansion and/or plug-in security engine are activated and call described expansion and/or plug-in security configuration file, and according to the expansion that will be loaded described in the security descriptor information judgement of expansion and/or plug-in unit and/or the security of plug-in unit;
By being judged as safe expansion and/or plug-in unit, in browser side, load.
A2. according to the method described in A1, it is characterized in that,
The described expansion that will be loaded in browser side and/or plug-in unit are included in the expansion of having installed in current browser and/or the plug-in unit that when browser starts, will load, in the use procedure of browser, user initiates by the expansion center of browser expansion and/or the plug-in unit installed, in browser side, expand and/or expansion and/or the plug-in unit of the renewal that loads during update of plug-in, one or more in expansion with user for having logined browser account when account is synchronous and/or plug-in unit.
A3. according to the method described in A1 or A2, it is characterized in that,
The expansion that described expansion and/or plug-in security configuration file comprise and/or the security descriptor information of plug-in unit comprise: the information of expansion and/or the self information of plug-in unit and the level of security of expansion and/or plug-in unit;
Wherein, the self information of described expansion and/or plug-in unit comprises: No. ID of source, expansion and/or the plug-in unit of version information, expansion and/or the plug-in unit of expansion and/or title, expansion and/or the plug-in unit of plug-in unit, expansion and/or the descriptor of plug-in unit and the date issued of expansion and/or plug-in unit.
A4. according to the method described in A3, it is characterized in that,
Described expansion and/or plug-in security engine comprise according to the step of the security of the expansion that will be loaded described in the security descriptor information judgement of expansion and/or plug-in unit and/or plug-in unit:
This expansion of recording in the security descriptor information of the self information of the expansion that will be loaded in browser side and/or plug-in unit and expansion and/or plug-in unit and/or the self information of plug-in unit are mated, and obtain the information of the level of security of this expansion and/or plug-in unit.
A5. according to the method described in A4, it is characterized in that,
This expansion of recording in the security descriptor information of the self information of the expansion that will be loaded in browser side and/or plug-in unit and expansion and/or plug-in unit and/or the self information of plug-in unit are being mated, and are also comprising before obtaining the step of level of security information of this expansion and/or plug-in unit:
According to whether safety of the expansion that will be loaded described in the source judgement of the described expansion that will be loaded of recording in described expansion and/or plug-in security configuration file and/or plug-in unit and/or plug-in unit;
Wherein, when the source of the expansion that will be loaded described in recording in described expansion and/or plug-in security configuration file and/or plug-in unit is the exploitation side of described browser, expansion and/or the plug-in unit that described in described expansion and/or plug-in security engine judge, will be loaded are safe;
When the exploitation side of browser described in the source right and wrong of the expansion that will be loaded and/or plug-in unit described in recording in described expansion and/or plug-in security configuration file, carry out the level of security information of the self information of the described expansion that will be loaded in browser side and/or plug-in unit and the corresponding informance of recording in described expansion and/or plug-in security configuration file being mated and obtained this expansion and/or plug-in unit, according to matching result and described level of security information, judge whether safety of expansion that this will be loaded and/or plug-in unit.
A6. according to the method described in A3, it is characterized in that,
The information of described level of security comprises blacklist, gray list and white list, wherein,
Level of security is that expansion and/or the plug-in unit of blacklist is confirmed as existing potential safety hazard,
Level of security is that expansion and/or the plug-in unit of gray list is confirmed as existing potential potential safety hazard,
Level of security is security extension and/or the plug-in unit that the expansion of white list and/or plug-in unit are confirmed as not having risk.
A7. according to the method described in any one in A1 ~ A6, it is characterized in that, described method also comprises:
Described expansion and/or plug-in security engine are forbidden or unloading operation automatically for being judged as unsafe expansion and/or plug-in unit, and carry out the demonstration of prompting message;
For being judged as safety or existing the expansion of potential safety problem and/or plug-in unit to allow installation and upgrade.
A8. according to the method described in any one in A1 ~ A7, it is characterized in that, described method also comprises:
For being judged as unsafe expansion and/or plug-in unit, in the expansion after browser starts and/or plug-in management interface, this expansion and/or plug-in unit are carried out to mark and/or prompting.
A9. according to the method described in A8, it is characterized in that, described method also comprises:
If be judged as unsafe expansion and/or plug-in unit, be expansion and/or the plug-in unit of having installed, expansion and/or plug-in management interface in the scheme of the icon of this expansion and/or plug-in unit and description is made as to grey, and/or with red word clearly point out this expansion and/or plug-in unit dangerous.
Al0. according to the method described in any one in A1 ~ A9, it is characterized in that, described method also comprises:
If judge that expansion and/or plug-in unit that browser side will load are unsafe expansion and/or plug-in unit, provide safe expansion and/or the installation link of plug-in unit.
The embodiment of the present invention has also disclosed the device of B11. browser side loading expansion and/or plug-in unit, comprising:
Module is set, be suitable for expansion and/or plug-in security engine being set and supplying expansion and/or the plug-in security configuration file of this engine calling in browser side, wherein said expansion and/or plug-in security configuration file comprise the security descriptor information of browser extension and/or plug-in unit;
Security judge module, be suitable for when browser side loads expansion and/or plug-in unit, described expansion and/or plug-in security engine start also call described expansion and/or plug-in security configuration file, and according to the expansion that will be loaded described in the security descriptor information judgement of expansion and/or plug-in unit and/or the security of plug-in unit;
Load-on module, is suitable for loading in browser side being judged as safe expansion and/or plug-in unit.
B12. according to the device described in B11, it is characterized in that,
The described expansion that will be loaded in browser side and/or plug-in unit comprise: the expansion of having installed in current browser and/or the plug-in unit that when browser starts, will load, in the use procedure of browser, user initiates by the expansion center of browser expansion and/or the plug-in unit installed, in browser side, expand and/or expansion and/or the plug-in unit of the renewal that loads during update of plug-in, one or more in expansion with user for having logined browser account when account is synchronous and/or plug-in unit.
B13. according to the device described in B11 or B12, it is characterized in that,
The expansion that described expansion and/or plug-in security configuration file comprise and/or the security descriptor information of plug-in unit comprise: the information of expansion and/or the self information of plug-in unit and the level of security of expansion and/or plug-in unit;
Wherein, the self information of described expansion and/or plug-in unit comprises: No. ID of source, expansion and/or the plug-in unit of version information, expansion and/or the plug-in unit of expansion and/or title, expansion and/or the plug-in unit of plug-in unit, expansion and/or the descriptor of plug-in unit and the date issued of expansion and/or plug-in unit.
B14. according to the device described in B13, it is characterized in that,
Described security judge module is further adapted for this expansion of recording in the security descriptor information of the self information of the expansion that will be loaded in browser side and/or plug-in unit and expansion and/or plug-in unit and/or the self information of plug-in unit is mated, and obtains the information of the level of security of this expansion and/or plug-in unit.
B15. according to the device described in B14, it is characterized in that, described security judge module is also suitable for according to whether safety of the expansion that will be loaded described in the source judgement of the described expansion that will be loaded of recording in described expansion and/or plug-in security configuration file and/or plug-in unit and/or plug-in unit;
Wherein, when the source of the expansion that will be loaded described in recording in described expansion and/or plug-in security configuration file and/or plug-in unit is the exploitation side of described browser, expansion and/or the plug-in unit that described in described expansion and/or plug-in security engine judge, will be loaded are safe;
When the exploitation side of browser described in the source right and wrong of the expansion that will be loaded and/or plug-in unit described in recording in described expansion and/or plug-in security configuration file, carry out the level of security information of the self information of the described expansion that will be loaded in browser side and/or plug-in unit and the corresponding informance of recording in described expansion and/or plug-in security configuration file being mated and obtained this expansion and/or plug-in unit, according to matching result and described level of security information, judge whether safety of expansion that this will be loaded and/or plug-in unit.
B16. according to the device described in B13, it is characterized in that,
The information of described level of security comprises blacklist, gray list and white list, wherein,
Level of security is that expansion and/or the plug-in unit of blacklist is confirmed as existing potential safety hazard,
Level of security is that expansion and/or the plug-in unit of gray list is confirmed as existing potential potential safety hazard,
Level of security is security extension and/or the plug-in unit that the expansion of white list and/or plug-in unit are confirmed as not having risk.
B17. according to the device described in any one in B11 ~ B16, it is characterized in that, described device also comprises:
Disabled module, is suitable for described expansion and/or plug-in security engine and automatically forbids or unloading operation for being judged as unsafe expansion and/or plug-in unit, and carry out the demonstration user of prompting message;
Upgrading module, is suitable for for being judged as safety or existing the expansion of potential safety problem and/or plug-in unit to allow installation and upgrade.
B18. according to the device described in any one in B11 ~ B17, it is characterized in that, described device also comprises:
The first prompting module, is suitable for for being judged as unsafe expansion and/or plug-in unit, in the expansion after browser starts and/or plug-in management interface, this expansion and/or plug-in unit is carried out to mark and/or prompting.
B19. according to the device described in any one in B11 ~ B18, it is characterized in that, described device also comprises:
The second prompting module, if be suitable for judging that expansion and/or plug-in unit that browser side will load are unsafe expansion and/or plug-in unit, expansion and/or plug-in management interface in the scheme of the icon of this expansion and/or plug-in unit and description is made as to grey, and/or with red word clearly point out this expansion and/or plug-in unit dangerous.
B20. according to the device described in any one in B11 ~ B19, it is characterized in that, described device also comprises,
Link is installed module is provided, be suitable for when the described expansion that will load in browser side and/or plug-in unit are judged as unsafe expansion and/or plug-in unit, provide safe expansion and/or the installation of plug-in unit to link.
Claims (10)
1. browser side loads a method for expansion and/or plug-in unit, comprising:
In browser side, expansion and/or plug-in security engine are set and supply expansion and/or the plug-in security configuration file of this engine calling, wherein said expansion and/or plug-in security configuration file comprise the security descriptor information of browser extension and/or plug-in unit;
When browser side loads expansion and/or plug-in unit, described expansion and/or plug-in security engine are activated and call described expansion and/or plug-in security configuration file, and according to the expansion that will be loaded described in the security descriptor information judgement of expansion and/or plug-in unit and/or the security of plug-in unit;
By being judged as safe expansion and/or plug-in unit, in browser side, load.
2. method according to claim 1, is characterized in that,
The described expansion that will be loaded in browser side and/or plug-in unit are included in the expansion of having installed in current browser and/or the plug-in unit that when browser starts, will load, in the use procedure of browser, user initiates by the expansion center of browser expansion and/or the plug-in unit installed, in browser side, expand and/or expansion and/or the plug-in unit of the renewal that loads during update of plug-in, one or more in expansion with user for having logined browser account when account is synchronous and/or plug-in unit.
3. method according to claim 1 and 2, is characterized in that,
The expansion that described expansion and/or plug-in security configuration file comprise and/or the security descriptor information of plug-in unit comprise: the information of expansion and/or the self information of plug-in unit and the level of security of expansion and/or plug-in unit;
Wherein, the self information of described expansion and/or plug-in unit comprises: No. ID of source, expansion and/or the plug-in unit of version information, expansion and/or the plug-in unit of expansion and/or title, expansion and/or the plug-in unit of plug-in unit, expansion and/or the descriptor of plug-in unit and the date issued of expansion and/or plug-in unit.
4. method according to claim 3, is characterized in that,
Described expansion and/or plug-in security engine comprise according to the step of the security of the expansion that will be loaded described in the security descriptor information judgement of expansion and/or plug-in unit and/or plug-in unit:
This expansion of recording in the security descriptor information of the self information of the expansion that will be loaded in browser side and/or plug-in unit and expansion and/or plug-in unit and/or the self information of plug-in unit are mated, and obtain the information of the level of security of this expansion and/or plug-in unit.
5. method according to claim 4, is characterized in that,
This expansion of recording in the security descriptor information of the self information of the expansion that will be loaded in browser side and/or plug-in unit and expansion and/or plug-in unit and/or the self information of plug-in unit are being mated, and are also comprising before obtaining the step of level of security information of this expansion and/or plug-in unit:
According to whether safety of the expansion that will be loaded described in the source judgement of the described expansion that will be loaded of recording in described expansion and/or plug-in security configuration file and/or plug-in unit and/or plug-in unit;
Wherein, when the source of the expansion that will be loaded described in recording in described expansion and/or plug-in security configuration file and/or plug-in unit is the exploitation side of described browser, expansion and/or the plug-in unit that described in described expansion and/or plug-in security engine judge, will be loaded are safe;
When the exploitation side of browser described in the source right and wrong of the expansion that will be loaded and/or plug-in unit described in recording in described expansion and/or plug-in security configuration file, carry out the level of security information of the self information of the described expansion that will be loaded in browser side and/or plug-in unit and the corresponding informance of recording in described expansion and/or plug-in security configuration file being mated and obtained this expansion and/or plug-in unit, according to matching result and described level of security information, judge whether safety of expansion that this will be loaded and/or plug-in unit.
6. method according to claim 3, is characterized in that,
The information of described level of security comprises blacklist, gray list and white list, wherein,
Level of security is that expansion and/or the plug-in unit of blacklist is confirmed as existing potential safety hazard,
Level of security is that expansion and/or the plug-in unit of gray list is confirmed as existing potential potential safety hazard,
Level of security is security extension and/or the plug-in unit that the expansion of white list and/or plug-in unit are confirmed as not having risk.
7. browser side loads a device for expansion and/or plug-in unit, comprising:
Module is set, be suitable for expansion and/or plug-in security engine being set and supplying expansion and/or the plug-in security configuration file of this engine calling in browser side, wherein said expansion and/or plug-in security configuration file comprise the security descriptor information of browser extension and/or plug-in unit;
Security judge module, be suitable for when browser side loads expansion and/or plug-in unit, described expansion and/or plug-in security engine start also call described expansion and/or plug-in security configuration file, and according to the expansion that will be loaded described in the security descriptor information judgement of expansion and/or plug-in unit and/or the security of plug-in unit;
Load-on module, is suitable for loading in browser side being judged as safe expansion and/or plug-in unit.
8. device according to claim 7, is characterized in that,
The described expansion that will be loaded in browser side and/or plug-in unit comprise: the expansion of having installed in current browser and/or the plug-in unit that when browser starts, will load, in the use procedure of browser, user initiates by the expansion center of browser expansion and/or the plug-in unit installed, in browser side, expand and/or expansion and/or the plug-in unit of the renewal that loads during update of plug-in, one or more in expansion with user for having logined browser account when account is synchronous and/or plug-in unit.
9. according to the device described in claim 7 or 8, it is characterized in that,
The expansion that described expansion and/or plug-in security configuration file comprise and/or the security descriptor information of plug-in unit comprise: the information of expansion and/or the self information of plug-in unit and the level of security of expansion and/or plug-in unit;
Wherein, the self information of described expansion and/or plug-in unit comprises: No. ID of source, expansion and/or the plug-in unit of version information, expansion and/or the plug-in unit of expansion and/or title, expansion and/or the plug-in unit of plug-in unit, expansion and/or the descriptor of plug-in unit and the date issued of expansion and/or plug-in unit.
10. device according to claim 9, is characterized in that,
Described security judge module is further adapted for this expansion of recording in the security descriptor information of the self information of the expansion that will be loaded in browser side and/or plug-in unit and expansion and/or plug-in unit and/or the self information of plug-in unit is mated, and obtains the information of the level of security of this expansion and/or plug-in unit.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310493213.8A CN103761114B (en) | 2013-10-18 | 2013-10-18 | A kind of browser side loading extension and/or the method and device of plug-in unit |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310493213.8A CN103761114B (en) | 2013-10-18 | 2013-10-18 | A kind of browser side loading extension and/or the method and device of plug-in unit |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN103761114A true CN103761114A (en) | 2014-04-30 |
| CN103761114B CN103761114B (en) | 2017-10-17 |
Family
ID=50528358
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201310493213.8A Active CN103761114B (en) | 2013-10-18 | 2013-10-18 | A kind of browser side loading extension and/or the method and device of plug-in unit |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103761114B (en) |
Cited By (14)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103677898A (en) * | 2013-11-08 | 2014-03-26 | 北京奇虎科技有限公司 | Method for checking loaded extension and/or plug-in on server side and server |
| CN104156235A (en) * | 2014-07-22 | 2014-11-19 | 北京奇虎科技有限公司 | Browser plugin and/or extension updating method and device |
| CN105260206A (en) * | 2015-10-10 | 2016-01-20 | 北京京东尚科信息技术有限公司 | Data source plug-in implementation method and server |
| CN105430001A (en) * | 2015-12-18 | 2016-03-23 | 北京奇虎科技有限公司 | Detecting method, terminal device, server and system of APT (Advanced Persistent Threat) attack |
| CN105511909A (en) * | 2015-11-26 | 2016-04-20 | 北京奇虎科技有限公司 | Plug-in processing method and device |
| CN105631328A (en) * | 2015-12-18 | 2016-06-01 | 北京奇虎科技有限公司 | Detection method and device of unknown risks of browser plugin |
| CN106919581A (en) * | 2015-12-24 | 2017-07-04 | 北京奇虎科技有限公司 | The means of defence and device of a kind of browser |
| CN106919830A (en) * | 2015-12-24 | 2017-07-04 | 北京奇虎科技有限公司 | The generation method and device of a kind of expanding library |
| CN106919832A (en) * | 2015-12-24 | 2017-07-04 | 北京奇虎科技有限公司 | A kind of browser side extension element management method and device |
| CN108427884A (en) * | 2018-03-16 | 2018-08-21 | 北京奇虎科技有限公司 | Webpage digs the alarming method for power and device of mine script |
| CN108959937A (en) * | 2018-06-29 | 2018-12-07 | 北京奇虎科技有限公司 | Plug-in unit processing method, device and equipment |
| CN112068899A (en) * | 2020-09-01 | 2020-12-11 | 北京五八信息技术有限公司 | Plug-in loading method and device, electronic equipment and storage medium |
| CN113590179A (en) * | 2021-08-02 | 2021-11-02 | 上海米哈游璃月科技有限公司 | Plug-in detection method and device, electronic equipment and storage medium |
| CN113709154A (en) * | 2021-08-25 | 2021-11-26 | 平安国际智慧城市科技股份有限公司 | Browser security processing method and device, computer equipment and storage medium |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111367577A (en) * | 2018-12-25 | 2020-07-03 | 中兴通讯股份有限公司 | Method, device and terminal for loading plug-in of application |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101510167A (en) * | 2009-03-31 | 2009-08-19 | 阿里巴巴集团控股有限公司 | Plug-in component operation method, apparatus and system |
| CN101960446A (en) * | 2008-03-02 | 2011-01-26 | 雅虎公司 | Application based on the safety browser |
| CN102682014A (en) * | 2011-03-14 | 2012-09-19 | 腾讯科技(深圳)有限公司 | Open-type plug-in module management platform implemented on browser and open-type plug-in module management method |
| CN102883324A (en) * | 2012-10-19 | 2013-01-16 | 广州市动景计算机科技有限公司 | Security verification method, security verification device and mobile terminal for plugin call in mobile terminal |
| US20130247030A1 (en) * | 2012-03-19 | 2013-09-19 | Google Inc. | Providing information about a web application or extension offered by website based on information about the application or extension gathered from a trusted site |
-
2013
- 2013-10-18 CN CN201310493213.8A patent/CN103761114B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101960446A (en) * | 2008-03-02 | 2011-01-26 | 雅虎公司 | Application based on the safety browser |
| CN101510167A (en) * | 2009-03-31 | 2009-08-19 | 阿里巴巴集团控股有限公司 | Plug-in component operation method, apparatus and system |
| CN102682014A (en) * | 2011-03-14 | 2012-09-19 | 腾讯科技(深圳)有限公司 | Open-type plug-in module management platform implemented on browser and open-type plug-in module management method |
| US20130247030A1 (en) * | 2012-03-19 | 2013-09-19 | Google Inc. | Providing information about a web application or extension offered by website based on information about the application or extension gathered from a trusted site |
| CN102883324A (en) * | 2012-10-19 | 2013-01-16 | 广州市动景计算机科技有限公司 | Security verification method, security verification device and mobile terminal for plugin call in mobile terminal |
Non-Patent Citations (1)
| Title |
|---|
| 震震有词: "检测浏览器插件是否安全", 《网友世界》 * |
Cited By (20)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103677898B (en) * | 2013-11-08 | 2017-11-03 | 北京奇虎科技有限公司 | The extension of server side examination & verification loading and/or the method and server of plug-in unit |
| CN103677898A (en) * | 2013-11-08 | 2014-03-26 | 北京奇虎科技有限公司 | Method for checking loaded extension and/or plug-in on server side and server |
| CN104156235A (en) * | 2014-07-22 | 2014-11-19 | 北京奇虎科技有限公司 | Browser plugin and/or extension updating method and device |
| CN105260206B (en) * | 2015-10-10 | 2018-10-16 | 北京京东尚科信息技术有限公司 | Data source plug-in implementation method and server |
| CN105260206A (en) * | 2015-10-10 | 2016-01-20 | 北京京东尚科信息技术有限公司 | Data source plug-in implementation method and server |
| CN105511909A (en) * | 2015-11-26 | 2016-04-20 | 北京奇虎科技有限公司 | Plug-in processing method and device |
| CN105511909B (en) * | 2015-11-26 | 2018-09-11 | 北京奇虎科技有限公司 | Handle the method and device of plug-in unit |
| CN105430001A (en) * | 2015-12-18 | 2016-03-23 | 北京奇虎科技有限公司 | Detecting method, terminal device, server and system of APT (Advanced Persistent Threat) attack |
| CN105631328A (en) * | 2015-12-18 | 2016-06-01 | 北京奇虎科技有限公司 | Detection method and device of unknown risks of browser plugin |
| CN106919581A (en) * | 2015-12-24 | 2017-07-04 | 北京奇虎科技有限公司 | The means of defence and device of a kind of browser |
| CN106919830A (en) * | 2015-12-24 | 2017-07-04 | 北京奇虎科技有限公司 | The generation method and device of a kind of expanding library |
| CN106919832A (en) * | 2015-12-24 | 2017-07-04 | 北京奇虎科技有限公司 | A kind of browser side extension element management method and device |
| CN108427884A (en) * | 2018-03-16 | 2018-08-21 | 北京奇虎科技有限公司 | Webpage digs the alarming method for power and device of mine script |
| CN108427884B (en) * | 2018-03-16 | 2021-09-10 | 北京奇虎科技有限公司 | Warning method and device for webpage ore mining script |
| CN108959937A (en) * | 2018-06-29 | 2018-12-07 | 北京奇虎科技有限公司 | Plug-in unit processing method, device and equipment |
| CN112068899A (en) * | 2020-09-01 | 2020-12-11 | 北京五八信息技术有限公司 | Plug-in loading method and device, electronic equipment and storage medium |
| CN113590179A (en) * | 2021-08-02 | 2021-11-02 | 上海米哈游璃月科技有限公司 | Plug-in detection method and device, electronic equipment and storage medium |
| CN113590179B (en) * | 2021-08-02 | 2024-03-12 | 上海米哈游璃月科技有限公司 | Plug-in detection method and device, electronic equipment and storage medium |
| CN113709154A (en) * | 2021-08-25 | 2021-11-26 | 平安国际智慧城市科技股份有限公司 | Browser security processing method and device, computer equipment and storage medium |
| CN113709154B (en) * | 2021-08-25 | 2023-08-15 | 平安国际智慧城市科技股份有限公司 | Browser security processing method and device, computer equipment and storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN103761114B (en) | 2017-10-17 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103761114A (en) | Method and device for loading extensions and/or plugins on browser side | |
| CN103279706B (en) | Intercept the method and apparatus installing Android application program in the terminal | |
| CN105335184B (en) | Application installation method and device | |
| CN105427096B (en) | Payment security sandbox implementation method and system and application program monitoring method and system | |
| CN102236764B (en) | Method and monitoring system for Android system to defend against desktop information attack | |
| CN103677898A (en) | Method for checking loaded extension and/or plug-in on server side and server | |
| CN103595766B (en) | Realize the method and device of the sending out notice of extension application | |
| CN103761471A (en) | Application program installation method and device based on intelligent terminal | |
| CN105912353B (en) | Application program packaging method and device | |
| CN103870306A (en) | Method and device for installing application program on basis of intelligent terminal equipment | |
| CN103839000A (en) | Application program installation method and device based on intelligent terminal equipment | |
| US9747449B2 (en) | Method and device for preventing application in an operating system from being uninstalled | |
| CN103067392A (en) | Security access control method based on Android terminal | |
| CN105843653A (en) | TA (trusted application) configuration method and device | |
| CN110209416A (en) | Application software update method, device, terminal and storage medium | |
| CN104036194B (en) | Vulnerability detection method and device for revealing private data in application program | |
| CN105631312A (en) | Method and system for processing rogue programs | |
| CN102970346A (en) | Method for software downloading of browser and browser | |
| CN104539584A (en) | Anti-injection method for browser, browser client and device | |
| US20150039515A1 (en) | Interactive product improvement through the use of variants and data gathering reports in a system that can be updated on the fly | |
| CN108563472B (en) | Service plug-in loading method and device based on multi-open application | |
| CN104915594A (en) | Application running method and device | |
| CN107479874A (en) | A kind of DLL method for implanting and system based on windows platform | |
| CN103067246A (en) | Method and apparatus used for processing file received based on instant communication service | |
| CN106203111A (en) | Method and device for preventing clipboard data from being modified and terminal equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20220726 Address after: Room 801, 8th floor, No. 104, floors 1-19, building 2, yard 6, Jiuxianqiao Road, Chaoyang District, Beijing 100015 Patentee after: BEIJING QIHOO TECHNOLOGY Co.,Ltd. Address before: 100088 room 112, block D, 28 new street, new street, Xicheng District, Beijing (Desheng Park) Patentee before: BEIJING QIHOO TECHNOLOGY Co.,Ltd. Patentee before: Qizhi software (Beijing) Co.,Ltd. |
|
| TR01 | Transfer of patent right |