CN114281452A - Application embedded page processing method and device, electronic equipment and readable storage medium - Google Patents
Application embedded page processing method and device, electronic equipment and readable storage medium Download PDFInfo
- Publication number
- CN114281452A CN114281452A CN202111519929.1A CN202111519929A CN114281452A CN 114281452 A CN114281452 A CN 114281452A CN 202111519929 A CN202111519929 A CN 202111519929A CN 114281452 A CN114281452 A CN 114281452A
- Authority
- CN
- China
- Prior art keywords
- page
- data request
- page data
- code
- request event
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000003672 processing method Methods 0.000 title claims abstract description 9
- 238000012545 processing Methods 0.000 claims abstract description 51
- 230000004044 response Effects 0.000 claims abstract description 41
- 238000000034 method Methods 0.000 claims description 32
- 238000003780 insertion Methods 0.000 claims description 6
- 230000037431 insertion Effects 0.000 claims description 6
- 239000000126 substance Substances 0.000 claims description 2
- 238000013473 artificial intelligence Methods 0.000 abstract description 3
- 238000004891 communication Methods 0.000 description 8
- 238000010586 diagram Methods 0.000 description 8
- 230000008569 process Effects 0.000 description 8
- 238000004590 computer program Methods 0.000 description 7
- 230000006870 function Effects 0.000 description 7
- 238000012544 monitoring process Methods 0.000 description 5
- 230000004048 modification Effects 0.000 description 3
- 238000012986 modification Methods 0.000 description 3
- 230000003287 optical effect Effects 0.000 description 3
- 238000011161 development Methods 0.000 description 2
- 230000000694 effects Effects 0.000 description 2
- 230000003993 interaction Effects 0.000 description 2
- 238000003491 array Methods 0.000 description 1
- 230000008901 benefit Effects 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 238000004422 calculation algorithm Methods 0.000 description 1
- 238000004364 calculation method Methods 0.000 description 1
- 230000001413 cellular effect Effects 0.000 description 1
- 238000010276 construction Methods 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 239000004973 liquid crystal related substance Substances 0.000 description 1
- 238000010801 machine learning Methods 0.000 description 1
- 239000013307 optical fiber Substances 0.000 description 1
- 230000003014 reinforcing effect Effects 0.000 description 1
- 239000004065 semiconductor Substances 0.000 description 1
- 230000001953 sensory effect Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 230000000007 visual effect Effects 0.000 description 1
Images
Landscapes
- Information Transfer Between Computers (AREA)
Abstract
The invention discloses a processing method and device of an application embedded page, electronic equipment and a readable storage medium, and relates to the technical field of data processing, in particular to the technical field of artificial intelligence such as big data and information flow. The specific implementation scheme is as follows: inserting a safety protection code into the page resource of the application embedded page to be loaded of the acquired webpage view control; responding to the webpage resources inserted with the safety protection codes loaded through the webpage view control, and executing the safety protection codes to register the page data request event to be monitored and the response operation of the page data request event; and responding to the monitored page data request event, executing response operation of the page data request event so as to perform dynamic protection processing on the page data request corresponding to the page data request event.
Description
Technical Field
The disclosure relates to the technical field of data processing, in particular to the technical field of artificial intelligence such as big data and information flow.
Background
With the deep development of the internet, Applications (APPs) applied to terminals are in the endlessly. These applications include pages exposed by many web view controls (e.g., WebView, etc.), such as web pages written in the HTML5(H5) language (H5 pages for short). In order to accelerate the starting speed of the application, the page resources of most loaded pages are stored in the application and become embedded pages of the application. These pages may initiate a number of page data requests in order to complete a function. In general, a page data request carries important information such as personal information and sensitive information, and there may be risks of information leakage, man-in-the-middle tampering, replay attack, and the like, which may result in significant loss.
Therefore, how to effectively protect the page data request of the embedded page of the application and prevent the page data request from being maliciously acquired has important significance.
Disclosure of Invention
The disclosure provides a processing method and device for an application embedded page, electronic equipment and a readable storage medium.
According to an aspect of the present disclosure, a method for processing an application embedded page is provided, including:
inserting a safety protection code into the page resource of the application embedded page to be loaded of the acquired webpage view control;
responding to the webpage resources inserted with the safety protection codes loaded through the webpage view control, and executing the safety protection codes to register the page data request event to be monitored and the response operation of the page data request event;
and responding to the monitored page data request event, executing response operation of the page data request event so as to perform dynamic protection processing on the page data request corresponding to the page data request event.
According to another aspect of the present disclosure, there is provided a processing apparatus for applying an inline page, including:
the code inserting unit is used for inserting a safety protection code into the obtained page resource of the application embedded page to be loaded of the webpage view control;
the code execution unit is used for responding to the loading of the page resource inserted with the safety protection code through the webpage view control, and executing the safety protection code so as to register a page data request event to be monitored and response operation of the page data request event;
and the protection operation unit is used for responding to the monitored page data request event, executing response operation of the page data request event and performing dynamic protection processing on the page data request corresponding to the page data request event.
According to still another aspect of the present disclosure, there is provided an electronic device including:
at least one processor; and
a memory communicatively coupled to the at least one processor; wherein the content of the first and second substances,
the memory stores instructions executable by the at least one processor to cause the at least one processor to perform the method of the aspects and any possible implementation described above.
According to yet another aspect of the present disclosure, there is provided a non-transitory computer readable storage medium having stored thereon computer instructions for causing the computer to perform the method of the above-described aspect and any possible implementation.
According to the technical solution, in the embodiment of the present disclosure, a security code is inserted into a page resource of an embedded application page to be loaded by an obtained web view control, and then, in response to the loading of the page resource inserted with the security code by the web view control, the security code is executed to register a page data request event to be monitored and a response operation of the page data request event, so that the response operation of the page data request event can be executed in response to the monitoring of the page data request event, so as to perform a dynamic protection process on a page data request corresponding to the page data request event, and since the security code is inserted into the page resource of the embedded application page to be loaded by the web view control, when the security code monitors the page data request event of the page, the method can intercept the page data request of the embedded page and perform dynamic protection processing on the page data request, can effectively enhance the safety protection on the page data request initiated by the embedded page of the application, and avoids great loss caused by risks such as information leakage, man-in-the-middle tampering, replay attack and the like, thereby improving the safety and reliability of the page data request initiated by the embedded page of the application.
In addition, by adopting the technical scheme provided by the disclosure, the access security of the application embedded page can be effectively improved.
In addition, by adopting the technical scheme provided by the disclosure, the user experience can be effectively improved.
It should be understood that the statements in this section do not necessarily identify key or critical features of the embodiments of the present disclosure, nor do they limit the scope of the present disclosure. Other features of the present disclosure will become apparent from the following description.
Drawings
To more clearly illustrate the technical solutions in the embodiments of the present disclosure, the drawings needed for the embodiments or the prior art descriptions will be briefly introduced below, and it is obvious that the drawings in the following description are some embodiments of the present disclosure, and those skilled in the art can also obtain other drawings according to the drawings without inventive labor. The drawings are included to provide a better understanding of the present solution and are not to be construed as limiting the present disclosure. Wherein:
FIG. 1 is a schematic diagram according to a first embodiment of the present disclosure;
FIG. 2 is a schematic diagram according to a second embodiment of the present disclosure;
FIG. 3 is a schematic diagram according to a third embodiment of the present disclosure;
fig. 4 is a block diagram of an electronic device for implementing a method for processing an application inline page according to an embodiment of the present disclosure.
Detailed Description
Exemplary embodiments of the present disclosure are described below with reference to the accompanying drawings, in which various details of the embodiments of the disclosure are included to assist understanding, and which are to be considered as merely exemplary. Accordingly, those of ordinary skill in the art will recognize that various changes and modifications of the embodiments described herein can be made without departing from the scope and spirit of the present disclosure. Also, descriptions of well-known functions and constructions are omitted in the following description for clarity and conciseness.
It is to be understood that the described embodiments are only a few, and not all, of the disclosed embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments disclosed herein without making any creative effort, shall fall within the protection scope of the present disclosure.
It should be noted that the terminal device involved in the embodiments of the present disclosure may include, but is not limited to, a mobile phone, a Personal Digital Assistant (PDA), a wireless handheld device, a Tablet Computer (Tablet Computer), and other intelligent devices; the display device may include, but is not limited to, a personal computer, a television, and the like having a display function.
In addition, the term "and/or" herein is only one kind of association relationship describing an associated object, and means that there may be three kinds of relationships, for example, a and/or B, which may mean: a exists alone, A and B exist simultaneously, and B exists alone. In addition, the character "/" herein generally indicates that the former and latter related objects are in an "or" relationship.
With the deep development of the internet, Applications (APPs) applied to terminals are in the endlessly. These applications include pages exposed by many web view controls (e.g., WebView, etc.), such as web pages written in the HTML5(H5) language (H5 pages for short).
In order to accelerate the starting speed of the application, most loaded page resources of the pages are stored in the application and become embedded pages of the application, so that the stored page resources of the pages are directly loaded by a webpage view control (such as WebView) of the application, and the rapid display of the pages can be realized. These pages may initiate a number of page data requests in order to complete a function. In general, a page data request carries important information such as personal information and sensitive information, and there may be risks of information leakage, man-in-the-middle tampering, replay attack, and the like, which may result in significant loss.
At present, the security protection technology for the embedded page of the application mainly depends on reinforcing the application to perform security protection on the code logic of the application, so that the benefit of software is further protected from being damaged. For example, the HTML code and the script file are subjected to guard processing to prevent the HyperText markup Language (HTML) code and the script file (e.g., JS file, etc.) from being tampered with.
However, these techniques primarily protect HTML code and script files and cannot protect against page data requests initiated by embedded pages.
Therefore, it is desirable to provide a protection method, which can effectively protect the page data request of the application embedded page from being maliciously acquired.
Fig. 1 is a schematic diagram according to a first embodiment of the present disclosure, as shown in fig. 1.
101. And inserting a safety protection code into the page resource of the application embedded page to be loaded of the acquired webpage view control.
The page resources of the page embedded by the application can include a page main resource and a page sub resource. The page main resource is a page source code, and the page sub-resource is other resources except the page main resource in the Web page, for example, a picture, a streaming media, a JavaScript script file, a Cascading Style Sheets (CSS) resource, and the like.
The security protection code may be code written by using a scripting language, such as JavaScript code.
102. And responding to the webpage resources inserted with the safety protection codes loaded through the webpage view control, and executing the safety protection codes to register the page data request event to be monitored and the response operation of the page data request event.
103. And responding to the monitored page data request event, executing response operation of the page data request event so as to perform dynamic protection processing on the page data request corresponding to the page data request event.
And performing dynamic protection processing on the page data request corresponding to the page data request event, wherein the dynamic protection processing is realized for the application by executing response operation of the page data request event.
Therefore, the page data request initiated by the application embedded page is intercepted by monitoring the page data request event based on the webpage embedded page, and the dynamic protection processing is carried out on the page data request, so that the risks of information leakage, man-in-the-middle tampering, replay attack and the like in the transmission process of the page data request are prevented.
It should be noted that part or all of the execution subjects 101 to 103 may be an application located in the local terminal, or may also be a functional unit such as a plug-in or Software Development Kit (SDK) provided in the application located in the local terminal, which is not particularly limited in this embodiment.
It is to be understood that the application may be a native application (native app) installed on the local terminal, or may also be a web page program (webApp) of a browser on the local terminal, which is not limited in this embodiment.
In this way, by inserting the security protection code into the page resource of the embedded page of the application to be loaded by the obtained web view control, and further, in response to loading the page resource inserted with the security protection code through the web view control, executing the security protection code to register the page data request event to be monitored and the response operation of the page data request event, so that in response to monitoring the page data request event, the response operation of the page data request event can be executed to perform dynamic protection processing on the page data request corresponding to the page data request event, and because the security protection code is inserted into the page resource of the embedded page of the application to be loaded by the web view control, when the security protection code monitors the page data request event of the embedded page, the page data request of the page can be intercepted and dynamically protected, the security protection of the page data request initiated by the application embedded page can be effectively enhanced, and the major loss caused by risks such as information leakage, man-in-the-middle tampering, replay attack and the like is avoided, so that the security and the reliability of the page data request initiated by the application embedded page are improved.
Optionally, in a possible implementation manner of this embodiment, before 101, a Native (Native) layer may be further used to intercept a loading interface of the web view control, so as to obtain a page resource of an application embedded page to be loaded by the web view control.
Therefore, the webpage view control can be ensured to intercept the loaded data content through the interface when the data is loaded.
Specifically, in different operating systems, the application can specifically intercept the loading interface of the web page view control through different codes of a Native layer.
For example, in an Android operating system, an application may specifically intercept the following loading interface of a web view control through Java code of a Native layer. Wherein the intercepted load interface may include, but is not limited to, at least one of the following:
load URL (Uniform Resource Locator) (loadUrl), load basic URL data (loadDataWithBaseURL), URL reload (shouldoverurrlloading), and data request intercept (shouldentreptrequest).
Or, for another example, in a mobile operating system (IOS) developed by apple inc, the application may specifically intercept the loading interface of the web view control through Objective-C code of a Native layer. Wherein the intercepted load interface may include, but is not limited to, at least one of the following:
load data request (loadRequest), load HTML data stream (loadHTMLString), load data stream of a specific type (loadData: MIMEType:), and load a specified file (loadFileURL: allowingReadAccesToURL).
Optionally, in a possible implementation manner of this embodiment, in 101, a dynamically changing security protection code may be inserted into a page resource of an application embedded page to be loaded by a web view control intercepted by a loading interface intercepting the web view control.
Therefore, different safety protection codes are inserted into each page embedded in the application, so that the protection effect of the safety protection codes is more reliable and stable, the technical problem that the protection of the page data request initiated by the application embedded page is invalid due to the fact that the safety protection codes are illegally obtained can be effectively solved, and the protection strength of the page data request initiated by the application embedded page is further enhanced.
In a specific implementation process, the security code inserted by the application may have a validity period of a specific time, for example, a validity period of 10 minutes, and only within the validity period, the application will execute the security code during the process of loading the page resource inserted by the security code through the web view control. Beyond the validity period, the security code will not be in effect and the application will not execute the security code.
In this implementation, the security protection code may be specifically inserted into the foremost of the page resource of the page embedded in the application, for example, the foremost of the page main resource. In this way, the inserted safety protection code can be executed in preference to the page source code of the page itself when the page is loaded, and any function of the page is not influenced by the insertion of the safety protection code.
In particular, the inserted security protection code may be compatible with specified system versions of various operating systems, e.g., may be compatible with system versions of android4.0+ and ios8.0 +.
Optionally, in a possible implementation manner of this embodiment, in 102, as a response to load, by the web page view control, the page resource into which the security code is inserted, before executing the page resource, the security code may be preferentially executed to register a page data request event to be listened to and a response operation of the page data request event.
And if the response operation of the page data request event can be the occurrence of the page data request event, performing dynamic protection processing on the page data request corresponding to the page data request event.
Specifically, executing the security protection code may monitor and intercept a data interface that sends a page data request, to monitor whether a page data request event occurs, and intercept a page data request initiated by a page embedded in an application by executing a response operation of the page data request event. Wherein, the intercepted data interface may include but is not limited to at least one of the following:
JavaScript send data interface (xmlhttprequest. open), hyperlink interface (a.href), form data request interface (window.fetch), form click interface (target.click), form submit interface (target.submit), and form data request interface (window.request).
Optionally, in a possible implementation manner of this embodiment, in 103, as a response to monitor the page data request event, the page data request may be specifically intercepted, and then, the encapsulated security protection interface is called to obtain the dynamic protection information of the dynamic protection processing, so that the dynamic protection processing can be performed on the page data request by using the dynamic protection information. Therefore, the dynamic protection processing of the page data request corresponding to the page data request event is realized.
The dynamic protection information may include, but is not limited to, a dynamic token and a dynamic obfuscation policy, which is not particularly limited in this embodiment.
Specifically, the intercepted page data request may be specifically passed to a secure interface encapsulated by a Native layer, the obtained dynamic token is added to the page data request by the secure interface, and the message body (body) of the page data request is dynamically obfuscated using the obtained dynamic obfuscation policy.
In a specific implementation process, a Native (Native) layer may be further utilized to encapsulate the security protection interface in advance, and then the security protection interface may be bridged to the web page view control.
Specifically, before, simultaneously with, or after the execution of 101, a security interface for acquiring the dynamic protection information may be further implemented by using a C/C + + code of a Native layer, and the security interface is bridged to the web page view control, so as to be called by a response operation for executing the page data request event registered by the execution security code.
After the dynamic protection processing is carried out on the page data request initiated by the page embedded in the application, the page data request after the dynamic protection processing is sent out, so that the risks of information leakage, man-in-the-middle tampering, replay attack and the like can be effectively prevented, and the reliability and the safety of the page data request initiated by the page embedded in the application are improved.
The following describes the technical solution of the present disclosure in detail by taking a Webview control of an Application (APP) to load an embedded H5 page as an example, as shown in fig. 2.
201. And the Webview control reads the page resource of the embedded H5 page cached by the APP through the loading interface of the Webview control.
202. The APP intercepts page resources of an embedded H5 page to be loaded by the Webview control through intercepting a loading interface of the Webview control, inserts a dynamically-changed JS code into the intercepted page resources of the embedded H5 page, and transmits the JS code to the Webview control.
203. The Webview control executes the JS code inserted in the embedded H5 page in the process of loading the page resource of the embedded H5 page into which the dynamically-changing JS code is inserted, so as to register a page data request event to be monitored and response operation of the page data request event.
The response operation of the page data request event may specifically be that the page data request event occurs, the page data request corresponding to the page data request event is intercepted, the encapsulated security protection interface is called to obtain dynamic protection information of the dynamic protection processing, the dynamic protection processing is performed on the page data request by using the dynamic protection information, and the page data request after the dynamic protection processing is sent to an application server.
204. The embedded H5 page loaded by the Webview control sends a page data request to the application server.
205. The APP monitors a page data request event of an embedded H5 page, intercepts the page data request corresponding to the page data request event, transmits the intercepted page data request to a packaged safety protection interface, acquires dynamic protection information of dynamic protection processing through the safety protection interface, and performs dynamic protection processing on the page data request by using the acquired dynamic protection information.
206. And the APP sends the page data request subjected to the dynamic protection processing to an application server.
Therefore, after the dynamic protection processing is carried out on the page data request initiated by the H5 page embedded in the APP, the page data request after the dynamic protection processing is sent out, so that risks of information leakage, man-in-the-middle tampering, replay attack and the like can be effectively prevented, and the reliability and the safety of the page data request initiated by the H5 page embedded in the APP are improved.
In the embodiment, a security protection code is inserted into a page resource of an embedded page of an application to be loaded by an acquired web view control, and then, in response to the loading of the page resource inserted with the security protection code by the web view control, the security protection code is executed to register a page data request event to be monitored and a response operation of the page data request event, so that in response to the monitoring of the page data request event, the response operation of the page data request event is executed to perform dynamic protection processing on a page data request corresponding to the page data request event, and since the security protection code is inserted into the page resource of the embedded page of the application to be loaded by the web view control, when the security protection code monitors the page data request event of the embedded page, the page data request of the embedded page can be intercepted and dynamically protected, the security protection of the page data request initiated by the application embedded page can be effectively enhanced, and the major loss caused by risks such as information leakage, man-in-the-middle tampering, replay attack and the like is avoided, so that the security and the reliability of the page data request initiated by the application embedded page are improved.
In addition, by adopting the technical scheme provided by the disclosure, the access security of the application embedded page can be effectively improved.
In addition, by adopting the technical scheme provided by the disclosure, the user experience can be effectively improved.
It is noted that while for simplicity of explanation, the foregoing method embodiments have been described as a series of acts or combination of acts, it will be appreciated by those skilled in the art that the present disclosure is not limited by the order of acts, as some steps may, in accordance with the present disclosure, occur in other orders and concurrently. Further, those skilled in the art should also appreciate that the embodiments described in the specification are preferred embodiments and that the acts and modules referred to are not necessarily required for the disclosure.
In the foregoing embodiments, the descriptions of the respective embodiments have respective emphasis, and for parts that are not described in detail in a certain embodiment, reference may be made to related descriptions of other embodiments.
Fig. 3 is a schematic diagram according to a third embodiment of the present disclosure, as shown in fig. 3. The processing apparatus 300 of the application inline page of the present embodiment may include a code insertion unit 301, a code execution unit 302, and a guard operation unit 303. The code inserting unit 301 is configured to insert a security protection code into a page resource of an application embedded page to be loaded by the acquired web view control; a code execution unit 302, configured to execute the security code in response to loading, through the web page view control, a page resource into which the security code is inserted, so as to register a page data request event to be monitored and a response operation of the page data request event; a protection operation unit 303, configured to, in response to monitoring the page data request event, execute a response operation of the page data request event, so as to perform dynamic protection processing on a page data request corresponding to the page data request event.
It should be noted that, part or all of the processing apparatus of the application embedded page in this embodiment may be an application located in the local terminal, or may also be a functional unit such as a plug-in or Software Development Kit (SDK) set in the application located in the local terminal, which is not particularly limited in this embodiment.
It is to be understood that the application may be a native application (native app) installed on the local terminal, or may also be a web page program (webApp) of a browser on the local terminal, which is not limited in this embodiment.
Optionally, in a possible implementation manner of this embodiment, the protection operation unit 303 may be specifically configured to intercept the page data request; calling the packaged safety protection interface to acquire dynamic protection information of the dynamic protection processing; and carrying out dynamic protection processing on the page data request by utilizing the dynamic protection information.
The dynamic protection information may include, but is not limited to, a dynamic token and a dynamic obfuscation policy, which is not particularly limited in this embodiment.
Specifically, the guard operation unit 303 may specifically pass the intercepted page data request to a security interface encapsulated by a Native (Native) layer, add the obtained dynamic token to the page data request by the security interface, and perform dynamic obfuscation processing on a message body (body) of the page data request by using the obtained dynamic obfuscation policy.
In a specific implementation process, the code inserting unit 301 may further be configured to encapsulate the security protection interface by using a Native layer in advance, and further bridge the security protection interface to the web page view control.
Optionally, in a possible implementation manner of this embodiment, the code insertion unit 301 may further be configured to perform, by using a native layer, an interception process on a loading interface of the web view control, so as to obtain a page resource of an application embedded page to be loaded by the web view control.
It should be noted that the method in the embodiment corresponding to fig. 1 and the method executed by the APP in the embodiment corresponding to fig. 2 may be implemented by the processing apparatus for applying the embedded page provided in this embodiment. For a detailed description, reference may be made to relevant contents in the embodiments corresponding to fig. 1 and fig. 2, and details are not described here.
In this embodiment, a code insertion unit inserts a security code into a page resource of an embedded application page to be loaded by an acquired web view control, and a code execution unit, in response to the web view control loading the page resource inserted with the security code, executes the security code to register a page data request event to be monitored and a response operation of the page data request event, so that a protection operation unit can respond to the monitored page data request event and execute the response operation of the page data request event to perform dynamic protection processing on a page data request corresponding to the page data request event, and when the security code monitors the page data request event of the page due to the fact that the security code is inserted into the embedded page resource of the embedded application page to be loaded by the web view control, the method can intercept the page data request of the embedded page and perform dynamic protection processing on the page data request, can effectively enhance the safety protection on the page data request initiated by the embedded page of the application, and avoids great loss caused by risks such as information leakage, man-in-the-middle tampering, replay attack and the like, thereby improving the safety and reliability of the page data request initiated by the embedded page of the application.
In addition, by adopting the technical scheme provided by the disclosure, the access security of the application embedded page can be effectively improved.
In addition, by adopting the technical scheme provided by the disclosure, the user experience can be effectively improved.
According to the technical scheme, the page resources of the embedded page of the related application, the acquisition, the storage, the application and the like of the page data request all accord with the regulations of related laws and regulations, and the official customs is not violated.
The present disclosure also provides an electronic device, a readable storage medium, and a computer program product according to embodiments of the present disclosure.
FIG. 4 shows a schematic block diagram of an example electronic device 400 that may be used to implement embodiments of the present disclosure. Electronic devices are intended to represent various forms of digital computers, such as laptops, desktops, workstations, servers, blade servers, mainframes, and other appropriate computers. The electronic device may also represent various forms of mobile devices, such as personal digital assistants, cellular telephones, smart phones, wearable devices, and other similar computing devices. The components shown herein, their connections and relationships, and their functions, are meant to be examples only, and are not meant to limit implementations of the disclosure described and/or claimed herein.
As shown in fig. 4, the electronic device 400 includes a computing unit 401 that can perform various appropriate actions and processes according to a computer program stored in a Read Only Memory (ROM)402 or a computer program loaded from a storage unit 408 into a Random Access Memory (RAM) 403. In the RAM 403, various programs and data required for the operation of the electronic device 400 can also be stored. The computing unit 401, ROM 402, and RAM 403 are connected to each other via a bus 404. An input/output (I/O) interface 405 is also connected to bus 404.
A number of components in the electronic device 400 are connected to the I/O interface 405, including: an input unit 406 such as a keyboard, a mouse, or the like; an output unit 407 such as various types of displays, speakers, and the like; a storage unit 408 such as a magnetic disk, optical disk, or the like; and a communication unit 409 such as a network card, modem, wireless communication transceiver, etc. The communication unit 409 allows the electronic device 400 to exchange information/data with other devices via a computer network such as the internet and/or various telecommunication networks.
Various implementations of the systems and techniques described here above may be implemented in digital electronic circuitry, integrated circuitry, Field Programmable Gate Arrays (FPGAs), Application Specific Integrated Circuits (ASICs), Application Specific Standard Products (ASSPs), system on a chip (SOCs), Complex Programmable Logic Devices (CPLDs), computer hardware, firmware, software, and/or combinations thereof. These various embodiments may include: implemented in one or more computer programs that are executable and/or interpretable on a programmable system including at least one programmable processor, which may be special or general purpose, receiving data and instructions from, and transmitting data and instructions to, a storage system, at least one input device, and at least one output device.
Program code for implementing the methods of the present disclosure may be written in any combination of one or more programming languages. These program codes may be provided to a processor or controller of a general purpose computer, special purpose computer, or other programmable data processing apparatus, such that the program codes, when executed by the processor or controller, cause the functions/operations specified in the flowchart and/or block diagram to be performed. The program code may execute entirely on the machine, partly on the machine, as a stand-alone software package partly on the machine and partly on a remote machine or entirely on the remote machine or server.
In the context of this disclosure, a machine-readable medium may be a tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. The machine-readable medium may be a machine-readable signal medium or a machine-readable storage medium. A machine-readable medium may include, but is not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any suitable combination of the foregoing. More specific examples of a machine-readable storage medium would include an electrical connection based on one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.
To provide for interaction with a user, the systems and techniques described here can be implemented on a computer having: a display device (e.g., a CRT (cathode ray tube) or LCD (liquid crystal display) monitor) for displaying information to a user; and a keyboard and a pointing device (e.g., a mouse or a trackball) by which a user can provide input to the computer. Other kinds of devices may also be used to provide for interaction with a user; for example, feedback provided to the user can be any form of sensory feedback (e.g., visual feedback, auditory feedback, or tactile feedback); and input from the user may be received in any form, including acoustic, speech, or tactile input.
The systems and techniques described here can be implemented in a computing system that includes a back-end component (e.g., as a data server), or that includes a middleware component (e.g., an application server), or that includes a front-end component (e.g., a user computer having a graphical user interface or a web browser through which a user can interact with an implementation of the systems and techniques described here), or any combination of such back-end, middleware, or front-end components. The components of the system can be interconnected by any form or medium of digital data communication (e.g., a communication network). Examples of communication networks include: local Area Networks (LANs), Wide Area Networks (WANs), the internet, and blockchain networks.
The computer system may include clients and servers. A client and server are generally remote from each other and typically interact through a communication network. The relationship of client and server arises by virtue of computer programs running on the respective computers and having a client-server relationship to each other. The Server can be a cloud Server, also called a cloud computing Server or a cloud host, and is a host product in a cloud computing service system, so as to solve the defects of high management difficulty and weak service expansibility in the traditional physical host and VPS service ("Virtual Private Server", or simply "VPS"). The server may also be a server of a distributed system, or a server incorporating a blockchain.
It should be understood that various forms of the flows shown above may be used, with steps reordered, added, or deleted. For example, the steps described in the present disclosure may be executed in parallel, sequentially, or in different orders, as long as the desired results of the technical solutions disclosed in the present disclosure can be achieved, and the present disclosure is not limited herein.
The above detailed description should not be construed as limiting the scope of the disclosure. It should be understood by those skilled in the art that various modifications, combinations, sub-combinations and substitutions may be made in accordance with design requirements and other factors. Any modification, equivalent replacement, and improvement made within the spirit and principle of the present disclosure should be included in the scope of protection of the present disclosure.
Claims (12)
1. A processing method for an application embedded page is characterized by comprising the following steps:
inserting a safety protection code into the page resource of the application embedded page to be loaded of the acquired webpage view control;
responding to the webpage resources inserted with the safety protection codes loaded through the webpage view control, and executing the safety protection codes to register the page data request event to be monitored and the response operation of the page data request event;
and responding to the monitored page data request event, executing response operation of the page data request event so as to perform dynamic protection processing on the page data request corresponding to the page data request event.
2. The method of claim 1, wherein the performing the response operation of the page data request event comprises:
intercepting the page data request;
calling the packaged safety protection interface to acquire dynamic protection information of the dynamic protection processing;
and carrying out dynamic protection processing on the page data request by utilizing the dynamic protection information.
3. The method of claim 2, wherein the dynamic protection information comprises a dynamic token and a dynamic obfuscation policy.
4. The method of claim 2, further comprising:
encapsulating the security protection interface with a native layer;
and bridging the safety protection interface to the webpage view control.
5. The method according to any one of claims 1-4, wherein before inserting security protection code into the page resource of the application embedded page to be loaded by the acquired web page view control, the method further comprises:
and intercepting a loading interface of the webpage view control by using a native layer to obtain page resources of an application embedded page to be loaded by the webpage view control.
6. A device for processing an inline page, comprising:
the code inserting unit is used for inserting a safety protection code into the obtained page resource of the application embedded page to be loaded of the webpage view control;
the code execution unit is used for responding to the loading of the page resource inserted with the safety protection code through the webpage view control, and executing the safety protection code so as to register a page data request event to be monitored and response operation of the page data request event;
and the protection operation unit is used for responding to the monitored page data request event, executing response operation of the page data request event and performing dynamic protection processing on the page data request corresponding to the page data request event.
7. Device according to claim 6, characterized in that the guard operating unit, in particular for
Intercepting the page data request;
calling the packaged safety protection interface to acquire dynamic protection information of the dynamic protection processing; and
and carrying out dynamic protection processing on the page data request by utilizing the dynamic protection information.
8. The apparatus of claim 7, wherein the dynamic protection information comprises a dynamic token and a dynamic obfuscation policy.
9. The apparatus of claim 7, wherein the code insertion unit is further configured to insert the code
Encapsulating the security protection interface with a native layer; and
and bridging the safety protection interface to the webpage view control.
10. The apparatus according to any of claims 6-4, wherein the code insertion unit is further configured to insert the code
And intercepting a loading interface of the webpage view control by using a native layer to obtain page resources of an application embedded page to be loaded by the webpage view control.
11. An electronic device, comprising:
at least one processor; and
a memory communicatively coupled to the at least one processor; wherein the content of the first and second substances,
the memory stores instructions executable by the at least one processor to enable the at least one processor to perform the method of any one of claims 1-5.
12. A non-transitory computer readable storage medium having stored thereon computer instructions for causing the computer to perform the method of any one of claims 1-5.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111519929.1A CN114281452A (en) | 2021-12-13 | 2021-12-13 | Application embedded page processing method and device, electronic equipment and readable storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111519929.1A CN114281452A (en) | 2021-12-13 | 2021-12-13 | Application embedded page processing method and device, electronic equipment and readable storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN114281452A true CN114281452A (en) | 2022-04-05 |
Family
ID=80871783
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111519929.1A Pending CN114281452A (en) | 2021-12-13 | 2021-12-13 | Application embedded page processing method and device, electronic equipment and readable storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114281452A (en) |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105956480A (en) * | 2016-05-10 | 2016-09-21 | 上海交通大学 | Android platform sensor data protection system |
| CN109857479A (en) * | 2018-12-14 | 2019-06-07 | 平安科技(深圳)有限公司 | Interface data processing method, device, computer equipment and storage medium |
| CN110881044A (en) * | 2019-12-05 | 2020-03-13 | 北京宏达隆和科技有限公司 | Computer firewall dynamic defense security platform |
| CN111198998A (en) * | 2019-12-31 | 2020-05-26 | 北京指掌易科技有限公司 | Network page loading method, device and system based on Ajax request |
-
2021
- 2021-12-13 CN CN202111519929.1A patent/CN114281452A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105956480A (en) * | 2016-05-10 | 2016-09-21 | 上海交通大学 | Android platform sensor data protection system |
| CN109857479A (en) * | 2018-12-14 | 2019-06-07 | 平安科技(深圳)有限公司 | Interface data processing method, device, computer equipment and storage medium |
| CN110881044A (en) * | 2019-12-05 | 2020-03-13 | 北京宏达隆和科技有限公司 | Computer firewall dynamic defense security platform |
| CN111198998A (en) * | 2019-12-31 | 2020-05-26 | 北京指掌易科技有限公司 | Network page loading method, device and system based on Ajax request |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10701030B2 (en) | Real-time monitoring of web page code | |
| US8898796B2 (en) | Managing network data | |
| US8910277B1 (en) | Process-based domain isolation | |
| US9208235B1 (en) | Systems and methods for profiling web applications | |
| ES2882125T3 (en) | System and procedure to identify attacks on the Internet | |
| CN106874519B (en) | Page display method and device | |
| CN109873735B (en) | Performance test method and device for H5 page and computer equipment | |
| CN106815524B (en) | Malicious script file detection method and device | |
| CN115470432A (en) | Page rendering method and device, electronic equipment and computer readable medium | |
| CN109325192B (en) | Advertisement anti-shielding method and device | |
| US9436669B1 (en) | Systems and methods for interfacing with dynamic web forms | |
| CN113132400B (en) | Business processing method, device, computer system and storage medium | |
| CN108509228B (en) | Page loading method, terminal equipment and computer readable storage medium | |
| US9916391B2 (en) | Method, apparatus and terminal for webpage content browsing | |
| CN114281452A (en) | Application embedded page processing method and device, electronic equipment and readable storage medium | |
| US20240031166A1 (en) | Web-side data signature method and apparatus and computer device | |
| CN111262842B (en) | Webpage tamper-proofing method and device, electronic equipment and storage medium | |
| CN113377376A (en) | Data packet generation method, data packet generation device, electronic device, and storage medium | |
| CN107450946B (en) | Chrome webpage and terminal software communication method, equipment and storage medium | |
| CN107220543B (en) | Method and device for processing service request of mobile terminal | |
| CN108509329B (en) | Method and device for verifying operation executed on client | |
| CN112596838B (en) | Method, device, equipment and storage medium for displaying universal Web page | |
| CN111885152B (en) | Promotion information processing method, electronic device and computer-readable storage medium | |
| CN114675906B (en) | Multi-window management method, device, electronic device and storage medium | |
| CN109669737B (en) | Application processing method, device, equipment and medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |