CN104182685A - XSS (cross site script) defense method and component for JAVA WEB applications - Google Patents
XSS (cross site script) defense method and component for JAVA WEB applications Download PDFInfo
- Publication number
- CN104182685A CN104182685A CN201410409134.9A CN201410409134A CN104182685A CN 104182685 A CN104182685 A CN 104182685A CN 201410409134 A CN201410409134 A CN 201410409134A CN 104182685 A CN104182685 A CN 104182685A
- Authority
- CN
- China
- Prior art keywords
- xss
- filtered
- parameter
- filtering policy
- regular expression
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- General Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Computing Systems (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Stored Programmes (AREA)
- Computer And Data Communications (AREA)
Abstract
The invention discloses an XSS (cross site script) defense method and component for JAVA WEB applications. The XSS defense method includes: acquiring at least one XSS filtering strategy and storing the same in an XSS filter unit; receiving application requests including a uniform resource locator and sent by a client, and preprocessing the uniform resource locator to acquire parameter lists, wherein the parameter lists include at least one parameter keyword and at least one parameter value corresponding to the parameter keyword; acquiring at least one XSS filter strategy form the XSS filter unit and filtering the parameter lists to acquire the filtered parameter list; executing the JAVA WEB applications requested by application requests according to the filtered parameter list. Independent XSS filter strategies can be compiled for different XSS loopholes, and when new XSS loopholes appear, the XSS filter strategies need to be updated as well. Since business execution codes are not involved, a server is capable of providing long-term service online without being updated offline.
Description
Technical field
The present invention relates to JAVA WEB application and correlative technology field thereof, particularly a kind of XSS defence method and assembly for JAVAWEB application.
Background technology
JAVA WEB application be one group by Servlet/JSP, html file, relevant JAVA class, and network (WEB) application that forms of the resource that other can be bound, the application request of submitting to by browser according to user, provides asked service.It has stronger in linearity, need to provide the server of JAVA WEB application that online service steady in a long-term is provided.
XSS is again CSS (Cross Site Script), cross-site scripting attack.Malicious attacker is toward inserting malice html code in the Web page, and when user browses in this page, the html code embedding inside Web wherein can be performed, thereby reaches malicious attack user's specific purposes.
Malicious user, in some public domains, (for example, the input list of suggestion submission form or message common board) inputs some texts, and these texts are seen by other user, but these texts are not only the text that they will input, also comprise that some can be at the script of client executing simultaneously.As:
<script>
this.document="*********";
</script>
When malicious user is maliciously submitted to after this list, other users see this page that comprises malicious script execution, and malicious user will obtain user's the sensitive informations such as cookie.
Existing XSS defence method is mainly to writing code, XSS to be attacked and tackled in business run time version.
Yet, in business run time version, XSS is tackled, easily affect the flow process of business run time version, simultaneously, defend the XSS leak of various parametric forms to write the high expensive of code, when having new XSS leak, need to again to business run time version, compile packing, and need server to roll off the production line to load new business to carry out that code, then again reach the standard grade and could solve XSS leak.
Summary of the invention
Based on this, be necessary for prior art dumbly to emerging XSS leak defense mechanism, and the technical matters that needs server again to reach the standard grade, provides a kind of XSS defence method and assembly for JAVA WEB application.
An XSS defence method for JAVA WEB application, comprising:
Obtain at least one XSS filtering policy and be saved in XSS filter element;
Receive the application request that comprises URL(uniform resource locator) that client sends, described URL(uniform resource locator) is carried out to pre-service and obtain parameter list, described parameter list comprises at least one Param keyword and the parameter value that at least one is corresponding with described Param keyword;
From described XSS filter element, obtain at least one XSS filtering policy, described parameter list is filtered, the parameter list after being filtered;
According to the parameter list after described filtration, carry out the JAVA WEB application that described application request is asked.
An XSS defence assembly for JAVA WEB application, comprising:
Filtering policy acquisition module, for obtaining at least one XSS filtering policy and being saved in XSS filter element;
Request of access receiver module, the application request that comprises URL(uniform resource locator) sending for receiving client, described URL(uniform resource locator) is carried out to pre-service and obtain parameter list, described parameter list comprises at least one Param keyword and the parameter value that at least one is corresponding with described Param keyword;
Filtering module, for obtaining at least one XSS filtering policy from described XSS filter element, filters the parameter list after being filtered to described parameter list;
Execution module, for according to the parameter list after described filtration, carries out the JAVA WEB application that described application request is asked.
The present invention, by filtering through pretreated parameter list, separates XSS defence from business run time version, thus can adopt one independently XSS filter element obtain XSS filtering policy.Therefore, for different XSS leaks, independently XSS filtering policy can be write, therefore, when there is new XSS leak, also only XSS filtering policy need to be upgraded.Owing to not relating to business run time version, server, without the renewal of rolling off the production line, can provide long-term online service.
Accompanying drawing explanation
Fig. 1 is the workflow diagram of a kind of XSS defence method for JAVA WEB application of the present invention;
Fig. 2 is the work schematic diagram of an example of the present invention;
Fig. 3 is the construction module figure of a kind of defence of the XSS for JAVA WEB application of the present invention assembly.
Embodiment
Below in conjunction with the drawings and specific embodiments, the present invention will be further described in detail.
The workflow diagram that is illustrated in figure 1 a kind of XSS defence method for JAVA WEB application of the present invention, comprising:
Step S101, obtains at least one XSS filtering policy and is saved in XSS filter element;
Step S102, receive the application request that comprises URL(uniform resource locator) that client sends, described URL(uniform resource locator) is carried out to pre-service and obtain parameter list, described parameter list comprises at least one Param keyword and the parameter value that at least one is corresponding with described Param keyword;
Step S103, obtains at least one XSS filtering policy from described XSS filter element, described parameter list is filtered to the parameter list after being filtered;
Step S104, according to the parameter list after described filtration, carries out the JAVA WEB application that described application request is asked.
Step S102 of the present invention carries out pre-service to the URL(uniform resource locator) receiving (URL), obtain parameter list, then parameter list is filtered, XSS defence is separated from business run time version, thereby can be in step S101, adopt one independently XSS filter element obtain XSS filtering policy.Therefore,, for different XSS leaks, only need to upgrade XSS filtering policy.Due to XSS filter element is independent, therefore, during program development, introduce framework and configure relevant documentation to complete XSS defence, need be at any XSS defence of the inner interpolation of program code.
Step S104 sends to the business execution module of server to carry out the parameter list after filtering.Therefore, business is carried out completely separated with the defence of XSS leak, mutually can not affect, and when there is new XSS leak, also only need to upgrade XSS filtering policy.The program runtime, if find XSS leak, do not need to repack or restart application.Only need to use interface to upgrade the example of filtering policy, can complete defence.Owing to upgrading, do not relate to business run time version, therefore, while upgrading XSS filtering policy, server still can provide service to the application request receiving, and without rolling off the production line, thereby can provide online service steady in a long-term.
As an example, the application request that client sends can be encapsulated into a HttpServletRequest object in JAVA.All information comprises the address of request, pretreated parameter list, and the data of submission, the ip of the file client of uploading even client operating system is included in it.
Then, the Filter class providing by JAVA, before arriving servlet, intercepts and captures HttpServletRequest object, list gets parms from HttpServletRequest object, carry out above-mentioned steps S102 and carry out XSS filtration, by the parameter list after filtering, adopt HttpServletRequestWrapper class again to write in the obtaining value method of above-mentioned HttpServletRequest object.Then send to servlet and carry out subsequent treatment, serverlet is that server carries out the object of business processing to the application request of client.
Therein in an embodiment, described XSS filtering policy comprise at least one regular expression, the filtration parameter corresponding with described regular expression, with filtration character corresponding to described regular expression and the filter action corresponding with described regular expression, described described parameter list is filtered, specifically comprises:
Adopt described regular expression to mate described URL(uniform resource locator), if the match is successful, obtain the filtration parameter corresponding with described regular expression as parameter to be filtered, obtain the filtration character corresponding with described regular expression as character to be filtered, obtain the filter action corresponding with described regular expression as action to be filtered;
From described parameter list, search with described current filtration parameter parameter of consistency keyword as Param keyword to be filtered, the parameter value corresponding with described Param keyword to be filtered is as parameter value to be filtered;
If include described character to be filtered in described parameter value to be filtered, described parameter value to be filtered is carried out to described action to be filtered.
Different its filtration parameter of XSS filtering policy and filter action are all different, the present embodiment mates URL by regular expression, thereby rapidly URL is mated with XSS filtering policy, then adopt corresponding filtration parameter and carry out corresponding filter action.The mode of the present embodiment is very flexible, can not affect other XSS filtering policy in the time will increasing or revise XSS filtering policy.
In an embodiment, described action to be filtered comprises therein:
By the character deletion described to be filtered comprising in described parameter value to be filtered, or;
By the character replacement described to be filtered comprising in described parameter value to be filtered, it is default substitute character.
In an embodiment, described XSS filtering policy is kept in configuration file therein, described in obtain at least one XSS filtering policy and be saved in XSS filter element, specifically comprise:
From described configuration file, obtain described at least one XSS filtering policy and be saved in described XSS filter element.
The following is the example of a configuration file:
While including " UserDefine.action " in URL, match in self-defined tactful XSS filtering policy, now, UserDefineParameter in parameter list is Param keyword to be filtered, the parameter value that UserDefineParameter is corresponding is parameter value to be filtered, it is filtered, if parameter value corresponding to UserDefineParameter includes! During any one or more combination of # $ %^, will carry out filter action " Remove ", be about to its deletion.
And while including " whiteList.action " in URL, match in white list XSS filtering policy, now, whiteParameter in parameter list is Param keyword to be filtered, the parameter value that whiteParameter is corresponding is parameter value to be filtered, it is filtered, if when parameter value corresponding to whiteParameter includes null value, will carry out filter action " Remove ", be about to its deletion.
And when URL coupling regular expression " (?! Login) .* " time, all parameter values except login are filtered, if wherein include $ lt; $ gt; $ guot; $ apos; , delete.
The core of rewriting ParameterMap method is achieved as follows:
In getValue () function; when filtration protection switch is opened; the Param keyword getting parms in list by getKey () function; by getValue (), obtain corresponding parameter value; and import in cleanXSS () function, in cleanXSS () function, the Param keyword importing into and parameter value are filtered according to configuration file.
In an embodiment, described method also comprises therein:
Receive online updating request;
From described configuration file, obtain XSS filtering policy as XSS filtering policy to be updated;
XSS filtering policy in described XSS filter element is updated to described XSS filtering policy to be updated.
The present embodiment, provides a kind of method of online updating, realizes the online updating to XSS filtering policy, due to XSS filtering policy is independent, therefore can not exert an influence to business run time version, business is carried out filter to realize with XSS well to separate coupling.
Be illustrated in figure 2 the work schematic diagram of an example of the present invention, wherein:
Step S201, assembly 21 of the present invention obtains XSS filtering policy and preserves from configuration file, and related data is initialised to filtering policy class;
Step S202, when client browser 1 is submitted requeset to server 2, assembly 21 of the present invention is intercepted and captured request by Filter, uses requestWrapper class to rewrite value getParameterMap method;
Step S203, the ParameterMap of initialization request, now can be used new getParameterMap method.Filter method can travel through filtering policy class according to URL and the parameter of request, finds the strategy of coupling, filters.Then pack the parameter after filtering into ParameterMap;
Step S204, Request arrives business processing end (servlet) 22, and the data that now servlet gets from ParameterMap have all completed XSS and have filtered;
Step S205, and when user needs online reparation, first Reconfigurations file, then sends and upgrades filtering policy to server 2, assembly 21 is intercepted and captured by Filter and from configuration file, is obtained new XSS filtering policy and upgrade.
The construction module figure that is illustrated in figure 3 a kind of defence of the XSS for JAVA WEB application of the present invention assembly, comprising:
Filtering policy acquisition module 310, for obtaining at least one XSS filtering policy and being saved in XSS filter element;
Request of access receiver module 320, the application request that comprises URL(uniform resource locator) sending for receiving client, described URL(uniform resource locator) is carried out to pre-service and obtain parameter list, described parameter list comprises at least one Param keyword and the parameter value that at least one is corresponding with described Param keyword;
Filtering module 330, for obtaining at least one XSS filtering policy from described XSS filter element, filters the parameter list after being filtered to described parameter list;
Execution module 340, for according to the parameter list after described filtration, carries out the JAVA WEB application that described application request is asked.
Therein in an embodiment, described XSS filtering policy comprise at least one regular expression, the filtration parameter corresponding with described regular expression, with filtration character corresponding to described regular expression and the filter action corresponding with described regular expression, described described parameter list is filtered, specifically for:
Adopt described regular expression to mate described URL(uniform resource locator), if the match is successful, obtain the filtration parameter corresponding with described regular expression as parameter to be filtered, obtain the filtration character corresponding with described regular expression as character to be filtered, obtain the filter action corresponding with described regular expression as action to be filtered;
From described parameter list, search with described current filtration parameter parameter of consistency keyword as Param keyword to be filtered, the parameter value corresponding with described Param keyword to be filtered is as parameter value to be filtered;
If include described character to be filtered in described parameter value to be filtered, described parameter value to be filtered is carried out to described action to be filtered.
In an embodiment, described action to be filtered comprises therein:
By the character deletion described to be filtered comprising in described parameter value to be filtered, or;
By the character replacement described to be filtered comprising in described parameter value to be filtered, it is default substitute character.
In an embodiment, described XSS filtering policy is kept in configuration file therein, described filtering policy acquisition module 310, specifically for:
From described configuration file, obtain described at least one XSS filtering policy and be saved in described XSS filter element.
In an embodiment, described assembly also comprises update module therein, specifically for:
Receive online updating request;
From described configuration file, obtain XSS filtering policy as XSS filtering policy to be updated;
XSS filtering policy in described XSS filter element is updated to described XSS filtering policy to be updated.
The above embodiment has only expressed several embodiment of the present invention, and it describes comparatively concrete and detailed, but can not therefore be interpreted as the restriction to the scope of the claims of the present invention.It should be pointed out that for the person of ordinary skill of the art, without departing from the inventive concept of the premise, can also make some distortion and improvement, these all belong to protection scope of the present invention.Therefore, the protection domain of patent of the present invention should be as the criterion with claims.
Claims (10)
1. for an XSS defence method for JAVA WEB application, it is characterized in that, comprising:
Obtain at least one XSS filtering policy and be saved in XSS filter element;
Receive the application request that comprises URL(uniform resource locator) that client sends, described URL(uniform resource locator) is carried out to pre-service and obtain parameter list, described parameter list comprises at least one Param keyword and the parameter value that at least one is corresponding with described Param keyword;
From described XSS filter element, obtain at least one XSS filtering policy, described parameter list is filtered, the parameter list after being filtered;
According to the parameter list after described filtration, carry out the JAVA WEB application that described application request is asked.
2. the XSS defence method for JAVA WEB application according to claim 1, it is characterized in that, described XSS filtering policy comprise at least one regular expression, the filtration parameter corresponding with described regular expression, with filtration character corresponding to described regular expression and the filter action corresponding with described regular expression, described described parameter list is filtered, specifically comprises:
Adopt described regular expression to mate described URL(uniform resource locator), if the match is successful, obtain the filtration parameter corresponding with described regular expression as parameter to be filtered, obtain the filtration character corresponding with described regular expression as character to be filtered, obtain the filter action corresponding with described regular expression as action to be filtered;
From described parameter list, search with described current filtration parameter parameter of consistency keyword as Param keyword to be filtered, the parameter value corresponding with described Param keyword to be filtered is as parameter value to be filtered;
If include described character to be filtered in described parameter value to be filtered, described parameter value to be filtered is carried out to described action to be filtered.
3. the XSS defence method for JAVA WEB application according to claim 2, is characterized in that, described action to be filtered comprises:
By the character deletion described to be filtered comprising in described parameter value to be filtered, or;
By the character replacement described to be filtered comprising in described parameter value to be filtered, it is default substitute character.
4. the XSS defence method for JAVA WEB application according to claim 1, is characterized in that, described XSS filtering policy is kept in configuration file, described in obtain at least one XSS filtering policy and be saved in XSS filter element, specifically comprise:
From described configuration file, obtain described at least one XSS filtering policy and be saved in described XSS filter element.
5. the XSS defence method for JAVA WEB application according to claim 4, is characterized in that, described method also comprises:
Receive online updating request;
From described configuration file, obtain XSS filtering policy as XSS filtering policy to be updated;
XSS filtering policy in described XSS filter element is updated to described XSS filtering policy to be updated.
6. for an XSS defence assembly for JAVA WEB application, it is characterized in that, comprising:
Filtering policy acquisition module, for obtaining at least one XSS filtering policy and being saved in XSS filter element;
Request of access receiver module, the application request that comprises URL(uniform resource locator) sending for receiving client, described URL(uniform resource locator) is carried out to pre-service and obtain parameter list, described parameter list comprises at least one Param keyword and the parameter value that at least one is corresponding with described Param keyword;
Filtering module, for obtaining at least one XSS filtering policy from described XSS filter element, filters the parameter list after being filtered to described parameter list;
Execution module, for according to the parameter list after described filtration, carries out the JAVA WEB application that described application request is asked.
7. the XSS for JAVA WEB application according to claim 6 defends assembly, it is characterized in that, described XSS filtering policy comprise at least one regular expression, the filtration parameter corresponding with described regular expression, with filtration character corresponding to described regular expression and the filter action corresponding with described regular expression, described described parameter list is filtered, specifically for:
Adopt described regular expression to mate described URL(uniform resource locator), if the match is successful, obtain the filtration parameter corresponding with described regular expression as parameter to be filtered, obtain the filtration character corresponding with described regular expression as character to be filtered, obtain the filter action corresponding with described regular expression as action to be filtered;
From described parameter list, search with described current filtration parameter parameter of consistency keyword as Param keyword to be filtered, the parameter value corresponding with described Param keyword to be filtered is as parameter value to be filtered;
If include described character to be filtered in described parameter value to be filtered, described parameter value to be filtered is carried out to described action to be filtered.
8. the defence of the XSS for JAVA WEB application assembly according to claim 7, is characterized in that, described action to be filtered comprises:
By the character deletion described to be filtered comprising in described parameter value to be filtered, or;
By the character replacement described to be filtered comprising in described parameter value to be filtered, it is default substitute character.
9. the defence of the XSS for JAVA WEB application assembly according to claim 6, is characterized in that, described XSS filtering policy is kept in configuration file, described filtering policy acquisition module, specifically for:
From described configuration file, obtain described at least one XSS filtering policy and be saved in described XSS filter element.
10. the defence of the XSS for JAVA WEB application assembly according to claim 9, is characterized in that, described assembly also comprises update module, specifically for:
Receive online updating request;
From described configuration file, obtain XSS filtering policy as XSS filtering policy to be updated;
XSS filtering policy in described XSS filter element is updated to described XSS filtering policy to be updated.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410409134.9A CN104182685B (en) | 2014-08-19 | 2014-08-19 | A kind of XSS defence methods and component for JAVA WEB applications |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410409134.9A CN104182685B (en) | 2014-08-19 | 2014-08-19 | A kind of XSS defence methods and component for JAVA WEB applications |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN104182685A true CN104182685A (en) | 2014-12-03 |
| CN104182685B CN104182685B (en) | 2018-01-05 |
Family
ID=51963717
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410409134.9A Active CN104182685B (en) | 2014-08-19 | 2014-08-19 | A kind of XSS defence methods and component for JAVA WEB applications |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104182685B (en) |
Cited By (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104601540A (en) * | 2014-12-05 | 2015-05-06 | 华为技术有限公司 | Cross-site scripting (XSS) attack defense method and Web server |
| CN105138912A (en) * | 2015-09-25 | 2015-12-09 | 北京奇虎科技有限公司 | Method and device for generating phishing website detection rules automatically |
| CN105187439A (en) * | 2015-09-25 | 2015-12-23 | 北京奇虎科技有限公司 | Phishing website detection method and device |
| CN106357668A (en) * | 2016-10-14 | 2017-01-25 | 福建亿榕信息技术有限公司 | Method for preventing attack of xss |
| CN106547799A (en) * | 2015-09-23 | 2017-03-29 | 北京国双科技有限公司 | The introduction method and device of data |
| CN108234453A (en) * | 2017-12-12 | 2018-06-29 | 杭州安恒信息技术有限公司 | A kind of web safety defense methods of rule-based Java |
| CN109491647A (en) * | 2018-10-25 | 2019-03-19 | 深圳点猫科技有限公司 | A kind of online pre- anti-attack method and electronic equipment of language based on programming |
| CN110135132A (en) * | 2019-05-13 | 2019-08-16 | 重庆八戒传媒有限公司 | A kind of quick method, apparatus for solving the problems, such as project convention security and storage medium |
| CN111338969A (en) * | 2020-03-23 | 2020-06-26 | 深圳开源互联网安全技术有限公司 | Method and system for dynamically matching and modifying request parameters based on regular pattern |
| CN112068875A (en) * | 2020-08-04 | 2020-12-11 | 广州太平洋电脑信息咨询有限公司 | System and method for realizing thread filtering strategy based on java dynamic loading |
| CN113364815A (en) * | 2021-08-11 | 2021-09-07 | 飞狐信息技术(天津)有限公司 | Cross-site scripting vulnerability attack defense method and device |
| CN118075031A (en) * | 2024-04-19 | 2024-05-24 | 三峡高科信息技术有限责任公司 | System and method for realizing system XSS protection in modularized manner |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101849283A (en) * | 2007-11-01 | 2010-09-29 | 株式会社Eugene科技 | Apparatus for surface-treating wafer using high-frequency inductively-coupled plasma |
| KR101042226B1 (en) * | 2009-08-13 | 2011-06-16 | 이니텍(주) | The method of counteracting distributed denial of service attack using network filter monitoring white list and dummy web server |
| CN101631108B (en) * | 2008-07-16 | 2012-12-12 | 国际商业机器公司 | Method and system for generating regular file for firewall of network server |
-
2014
- 2014-08-19 CN CN201410409134.9A patent/CN104182685B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101849283A (en) * | 2007-11-01 | 2010-09-29 | 株式会社Eugene科技 | Apparatus for surface-treating wafer using high-frequency inductively-coupled plasma |
| CN101631108B (en) * | 2008-07-16 | 2012-12-12 | 国际商业机器公司 | Method and system for generating regular file for firewall of network server |
| KR101042226B1 (en) * | 2009-08-13 | 2011-06-16 | 이니텍(주) | The method of counteracting distributed denial of service attack using network filter monitoring white list and dummy web server |
Cited By (17)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104601540B (en) * | 2014-12-05 | 2018-11-16 | 华为技术有限公司 | A kind of cross site scripting XSS attack defence method and Web server |
| CN104601540A (en) * | 2014-12-05 | 2015-05-06 | 华为技术有限公司 | Cross-site scripting (XSS) attack defense method and Web server |
| CN106547799B (en) * | 2015-09-23 | 2019-11-12 | 北京国双科技有限公司 | The introduction method and device of data |
| CN106547799A (en) * | 2015-09-23 | 2017-03-29 | 北京国双科技有限公司 | The introduction method and device of data |
| CN105138912A (en) * | 2015-09-25 | 2015-12-09 | 北京奇虎科技有限公司 | Method and device for generating phishing website detection rules automatically |
| CN105187439A (en) * | 2015-09-25 | 2015-12-23 | 北京奇虎科技有限公司 | Phishing website detection method and device |
| CN106357668A (en) * | 2016-10-14 | 2017-01-25 | 福建亿榕信息技术有限公司 | Method for preventing attack of xss |
| WO2018068366A1 (en) * | 2016-10-14 | 2018-04-19 | 福建亿榕信息技术有限公司 | Method for preventing xss attack |
| CN108234453A (en) * | 2017-12-12 | 2018-06-29 | 杭州安恒信息技术有限公司 | A kind of web safety defense methods of rule-based Java |
| CN109491647A (en) * | 2018-10-25 | 2019-03-19 | 深圳点猫科技有限公司 | A kind of online pre- anti-attack method and electronic equipment of language based on programming |
| CN110135132A (en) * | 2019-05-13 | 2019-08-16 | 重庆八戒传媒有限公司 | A kind of quick method, apparatus for solving the problems, such as project convention security and storage medium |
| CN111338969A (en) * | 2020-03-23 | 2020-06-26 | 深圳开源互联网安全技术有限公司 | Method and system for dynamically matching and modifying request parameters based on regular pattern |
| CN112068875A (en) * | 2020-08-04 | 2020-12-11 | 广州太平洋电脑信息咨询有限公司 | System and method for realizing thread filtering strategy based on java dynamic loading |
| CN112068875B (en) * | 2020-08-04 | 2024-05-17 | 广州太平洋电脑信息咨询有限公司 | System and method for realizing thread filtering strategy based on java dynamic loading |
| CN113364815A (en) * | 2021-08-11 | 2021-09-07 | 飞狐信息技术(天津)有限公司 | Cross-site scripting vulnerability attack defense method and device |
| CN113364815B (en) * | 2021-08-11 | 2021-11-23 | 飞狐信息技术(天津)有限公司 | Cross-site scripting vulnerability attack defense method and device |
| CN118075031A (en) * | 2024-04-19 | 2024-05-24 | 三峡高科信息技术有限责任公司 | System and method for realizing system XSS protection in modularized manner |
Also Published As
| Publication number | Publication date |
|---|---|
| CN104182685B (en) | 2018-01-05 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN104182685A (en) | XSS (cross site script) defense method and component for JAVA WEB applications | |
| US10693943B2 (en) | Configuring tags to monitor other webpage tags in a tag management system | |
| US10320940B1 (en) | Managing generic data | |
| CN109981595B (en) | Resource acquisition method, resource return method, server and storage medium | |
| CN107809383B (en) | MVC-based path mapping method and device | |
| CN103716295B (en) | A kind of network system | |
| KR101680509B1 (en) | System and method to enable web property access to a native application | |
| CN104243214B (en) | Data processing method, device and system | |
| CN104021017B (en) | The treating method and apparatus of startup item | |
| CN108574709B (en) | Method and device for realizing cross-domain operation | |
| CN102932391A (en) | Method and device for processing data in peer to server/peer (P2SP) system, and P2SP system | |
| CN104301311A (en) | Method and device for filtering network data content through DNS | |
| US20140157436A1 (en) | Information processing apparatus and method of controlling same | |
| CN102136049A (en) | Terminal application safety management method and system | |
| US9942267B1 (en) | Endpoint segregation to prevent scripting attacks | |
| CN104361004B (en) | The processing method and browser of browser collection folder data | |
| RU2010122351A (en) | SYSTEM AND METHOD FOR EFFECTIVE IMPLEMENTATION OF AN IMPROVED ROUTER DEVICE | |
| CN114416396A (en) | Interface version control method and device, electronic equipment and storage medium | |
| EP3518135A1 (en) | Protection against third party javascript vulnerabilities | |
| US10951682B2 (en) | Systems and methods for accessing multiple resources via one identifier | |
| CN103685274A (en) | Method and device for protecting websites | |
| JP2014132443A (en) | Collection server and collection method | |
| JP2013246474A (en) | Relay server and proxy access method | |
| CN102842006A (en) | Access control method of expanding script object as well as access control system and terminal of expanding script object | |
| JP5765185B2 (en) | Control program, client apparatus, control system control method, and client apparatus control method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |