CN107172029A - Cross-site attack solution, mobile terminal and storage medium - Google Patents
Cross-site attack solution, mobile terminal and storage medium Download PDFInfo
- Publication number
- CN107172029A CN107172029A CN201710321390.6A CN201710321390A CN107172029A CN 107172029 A CN107172029 A CN 107172029A CN 201710321390 A CN201710321390 A CN 201710321390A CN 107172029 A CN107172029 A CN 107172029A
- Authority
- CN
- China
- Prior art keywords
- data
- cross
- escape
- input data
- tag
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 claims abstract description 39
- 230000015654 memory Effects 0.000 claims description 16
- 230000006870 function Effects 0.000 claims description 12
- 238000005516 engineering process Methods 0.000 abstract description 2
- 238000012423 maintenance Methods 0.000 abstract 1
- RWSXRVCMGQZWBV-WDSKDSINSA-N glutathione Chemical compound OC(=O)[C@@H](N)CCC(=O)N[C@@H](CS)C(=O)NCC(O)=O RWSXRVCMGQZWBV-WDSKDSINSA-N 0.000 description 4
- 230000008569 process Effects 0.000 description 4
- 238000010586 diagram Methods 0.000 description 3
- 230000000694 effects Effects 0.000 description 2
- 230000006399 behavior Effects 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 238000013507 mapping Methods 0.000 description 1
- 239000000203 mixture Substances 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 239000007787 solid Substances 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1466—Active attacks involving interception, injection, modification, spoofing of data unit addresses, e.g. hijacking, packet injection or TCP sequence number attacks
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer And Data Communications (AREA)
Abstract
The invention discloses a kind of cross-site attack solution, mobile terminal and storage medium, belong to browser technology field.The method comprising the steps of:Receive the data of input;Judge whether turn-on data escape function;If so, then obtaining the Action Events of mouse;According to the Action Events of label binding, the data to the input carry out escape;Export the data after escape.Cross-site attack solution, mobile terminal and the storage medium of the present invention, by carrying out escape to the input data with malice character, so that malice character is the inexecutable code of browser by escape, the information such as the personal information of user are obtained by malice character avoiding problems people intentionally, efficiently solve the problems, such as cross-site attack, by the way that escape rule is updated and upgraded, so that maintenance and expansion are got up very flexibly and conveniently, the security of browser is improved, the rights and interests of user have been ensured.
Description
Technical Field
The present invention relates to the field of browser technologies, and in particular, to a method for solving a cross-site attack, a mobile terminal, and a storage medium.
Background
Cross Site Scripting (XSS) is a network attack that exploits vulnerabilities of Web pages. The attack terminal sends an access request containing malicious codes to an application program in an application server in a mode of inputting information containing the malicious codes in the Web page, so that the application program generates the Web page containing the malicious codes after receiving the access request, and the malicious codes are inserted into the Web page. When a user terminal opens the Web page, malicious codes in the Web page are executed, and the malicious codes are often used for realizing network attack behaviors such as malicious information stealing from the user terminal, so that the attack terminal completes network attack on the user terminal.
Disclosure of Invention
The invention mainly aims to provide a cross-site attack solution, a mobile terminal and a storage medium, and aims to solve the problem of cross-site scripting attack vulnerability.
In order to achieve the above object, the present invention provides a method for solving a cross-site attack, including the steps of: receiving input data; judging whether a data escape function is started or not; if so, acquiring an operation event of the mouse; performing escape on the input data according to the operation event bound by the label; and outputting the escaped data.
Optionally, before the receiving the input data, the method further comprises: and generating a custom tag.
Optionally, the generating a custom tag includes: setting a custom tag class; creating a label library description file; loading the label library description file; and introducing the label library into the head of the server page.
Optionally, the setting a custom tag class includes: binding at least one event for the tag; and assigning the label attribute.
Optionally, the performing the escaping on the data includes: judging whether the input data contains preset characters or not; if yes, returning the data after escaping; and if not, returning a result corresponding to the input data.
Optionally, when it is determined that the data escape function is not turned on, outputting a result corresponding to the input data.
Optionally, the operation event includes a support mouse event, a get focus event, a lose focus event, and a click event.
Optionally, the method further comprises: displaying the escaped data; or hiding the escaped data and displaying a prompt box.
In addition, in order to achieve the above object, the present invention further provides a mobile terminal, which includes a processor and a memory, wherein the processor is configured to execute a cross-site attack solution program stored in the memory, so as to implement the above method.
In addition, to achieve the above object, the present invention also provides a computer-readable storage medium, wherein the computer-readable storage medium stores one or more programs, and the one or more programs are executable by one or more processors to implement the above method.
According to the cross-site attack solving method, the mobile terminal and the storage medium, the input data is received, when the data escaping function is judged to be started, the operation event of the mouse is obtained, the input data is escaped according to the operation event bound by the label, and the escaped data is output.
Drawings
Fig. 1 is a schematic flowchart of a cross-site attack solution provided in a first embodiment of the present invention;
fig. 2 is a schematic sub-flow diagram of a cross-site attack solution provided in the first embodiment of the present invention;
fig. 3 is a schematic flowchart of a cross-site attack solution provided in a second embodiment of the present invention;
fig. 4 is a sub-flow diagram of a cross-site attack solution provided in a second embodiment of the present invention;
fig. 5 is a schematic flowchart of a cross-site attack solution provided in a third embodiment of the present invention;
fig. 6 is a block diagram of a mobile terminal according to a fourth embodiment of the present invention.
The implementation, functional features and advantages of the objects of the present invention will be further explained with reference to the accompanying drawings.
Detailed Description
It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
An intelligent terminal implementing various embodiments of the present invention will now be described with reference to the accompanying drawings. In the following description, suffixes such as "module", "component", or "unit" used to denote elements are used only for facilitating the explanation of the present invention, and have no specific meaning in themselves. Thus, "module" and "component" may be used in a mixture.
Referring to fig. 1, a method for solving a cross-site attack according to a first embodiment of the present invention includes:
step 110, receiving input data.
Specifically, data input by a user in a text box of a browser is received. Illustratively, the data may be a username, password, domain name, and the like.
Further, the browser in this embodiment is a browser on a terminal. The terminal may be implemented in various forms. For example, the terminal described in the present invention may include a mobile terminal such as a mobile phone, a smart phone, a notebook computer, a digital broadcast receiver, a PDA (personal digital assistant), a PAD (tablet computer), a PMP (portable multimedia player), a navigation device, and the like, and a stationary terminal such as a digital TV, a desktop computer, and the like.
Step 120, judging whether to start a data escape function. If yes, go to step 130, otherwise, go to step 150.
Specifically, first, judging whether to require escaping according to the method parameters, and if so, entering step 130; if escape is not required, step 150 is entered.
And step 130, performing escape on the input data according to the operation event bound by the label.
Specifically, the tag is bound to different operation events according to actual needs, the bound events can be a mouse-supported event, a focus-acquiring event, a focus-losing event, a click event and the like, and the supported events can view a w3 website element event list.
Referring to fig. 2, step 130 further includes:
step 210, determining whether the input data contains a preset character. If yes, go to step 220, otherwise go to step 230.
Specifically, in general, when a user uses a browser, characters such as letters and numbers are input, that is, characters of the characters and numbers are considered to be benevolent characters, so that when preset characters are set, a special character is considered to be a malicious character. For example: <, >, "(space), and the like. When the data input by the user is judged to include the special characters, the input data is considered to include malicious characters, and the step 220 is entered, and if the data does not include the special characters, the step 230 is entered. In this embodiment, the malicious characters are set by using the above method, and in other embodiments, other single characters or combined characters may also be set as the malicious characters, which is not specifically limited herein.
Step 220, return the data after escaping.
Specifically, if it is determined that the data input by the user includes the preset character, the special character is escaped according to the preset escape rule, that is, when it is determined that the input data includes the preset special character, it is determined that a malicious character occurs, and in order to avoid executing an operation result of the malicious character, the input data needs to be escaped, and a code that cannot be executed is generated, so as to achieve an effect of resolving the cross-site attack. The escape mapping table is shown in table 1.
TABLE 1
| Character before escape | Escape character |
| < | < |
| > | > |
| & | & |
| " | " |
| (blank space) |   |
Through the escape rules in table 1, when the input data containing the preset characters is identified, the input data is automatically escaped to the non-executed code and the converted text content is displayed, so that information leakage of the user who executes malicious codes is avoided.
Step 230, return the result corresponding to the input data.
Specifically, if it is determined that there is no preset character in the data input by the user, it is determined that there is no malicious character, and the data input by the user is returned and the corresponding code is executed.
And step 140, outputting the escaped data.
Specifically, according to the escape rule of escape comparison table 1, the part of the input data with malicious characters is output as escape data, the part of the input data with good characters is directly output, and the result corresponding to the input data is executed.
Further, if the input data contains malicious characters, the data after escape is displayed according to the setting.
Further, if the input data contains malicious characters, the data after escape is hidden according to the setting, and a prompt box is displayed to remind the user to input the data again. Therefore, on one hand, the opportunity of revising the user when the user carelessly inputs the data with the malicious characters is prevented, and on the other hand, the consequence of attacking the website by the malicious data input by a conscious person is avoided.
And 150, outputting a result corresponding to the input data.
That is, in this step, since the data escape function is not turned on, even if the input data contains malicious characters, the input data cannot be escaped, and the result corresponding to the input data is directly output and executed.
Illustratively, taking the label binding is the out-of-focus event as an example, the cross-site attack solution of the present invention is further explained:
step 1, receiving data input by user A
<script>window.location.href="XXXX";</script>;
Step 2, after the user inputs the data, detecting a focus losing event;
step 3, judging that the data contains special characters <, >,' and the like, and performing escape on the data according to an escape comparison table in the table 1;
step 4, returning the data after escaping as
<;script>;window.location.href=";http://XXX";<;/script>;
And 5, displaying the text content after the character is escaped in the browser.
According to the cross-site attack solving method, the input data is received, when the data escaping function is judged to be started, the operation event of the mouse is obtained, the input data is escaped according to the operation event bound by the label, and the escaped data is output.
Referring to fig. 3, a second embodiment of the present invention further provides a method for solving a cross-site attack, including the steps of:
step 310, generating a custom tag.
Specifically, referring to fig. 4, step 310 further includes:
step 410, setting a custom tag class.
Specifically, a custom tab class is created first, which is implemented by rewriting the parent class doStartTag or doEndTag. For example, the tag to be generated is < html: input is type ═ true ═ name ═ username ═ id ═ user _ name >, the tag is displayed on the interface in the form of a text box, the tag can be a text box of a user name and a password, wherein the definition class is fully qualified as com.nubia.userdefiniftedtag, and the < input type ═ text/> tag is encapsulated, and the encapsulated tag is generated in the dostatag method.
At step 420, a tag library description file is created.
Specifically, the creation of the tag library file mainly includes specifying the name of the tag, specifying the implementation class of the tag, and the attribute of the tag, where the name of the tag may be defined according to actual needs.
Exemplarily, exemplified by the tag < html: input isetscape ═ true "name ═ username" id ═ user _ name ″. Wherein,
the label name is: inputtext.
The tag implementation classes are: com, nubia, userdefinidtag.
The label attributes are: an isetcape.
Step 430, loading the tag library description file.
Xml files in the database are configured to load the tab library files upon browser startup.
Step 440, introduce the tag library in the header of the server page.
Specifically, a tag library <% @ taglibri ═ tld/web-html "prefix ═ html"% >, may be introduced.
The tag < html: input isetscape ═ true "name ═ username" id ═ user _ name ">, can be used on the page. Wherein, the isetcape is used as a method parameter for escaping the input data. If the input data needs to be escaped, the value of isetcape is set to true, and false can be set without escaping.
Step 320, receiving input data.
Step 330, determine whether to start the data escape function. If yes, go to step 340, otherwise go to step 360.
Step 340, performing escape on the input data according to the operation event bound by the label.
And step 350, outputting the escaped data.
And 360, outputting a result corresponding to the input data.
The contents of steps 320-360 are the same as those of steps 110-150, and the description of the same contents is omitted here.
According to the cross-site attack solution, the custom tag is generated in advance, so that data input by a user is transferred according to an event bound by the custom tag.
Referring to fig. 5, a third embodiment of the invention further provides a solution to cross-site attack. In a third embodiment, the cross-site attack solution is a further improvement on the second embodiment, except that the setting of the custom tag class includes the following steps:
at step 510, at least one event is bound for the tag.
Specifically, the name of "true" name of "user name of" input iset "is exemplified by" html "-. First, give the original label: if the event is a focus lost event, the processed tag is < inputtypet ═ text "onfocusout ═ invokeesacape (isescape)" >.
Step 520, assigning the tag attribute.
Specifically, this is exemplified by < html: input iset is name ═ true ═ name ═ username ═ id ═ user _ name > again.
Generating a tag according to an attribute in an html (html) input isethion (idle) idle tag (true) name (user name id) (user _ name), wherein the attribute name and the id are both the inherent attributes of input type (text), and only setting an attribute value to the attribute of an original tag, so that the processed tag is 'input isethion (text)' name id '(user _ name)' infocusousosuut '(idle) access' >.
The cross-site attack solution of the embodiment binds at least one event for the tag and assigns a value to the tag attribute to set a custom tag. The cross-site attack solution of the embodiment is convenient to use, simple in usage, simple in expansion and simple in implementation, and improves the overall efficiency and safety.
The fourth embodiment of the present application further provides a mobile terminal, as shown in fig. 6, the mobile terminal includes a processor 610 and a memory 620;
the processor 610 is configured to execute a cross-site attack solution program stored in the memory 620 to implement the following steps:
receiving input data;
and judging whether to start a data escape function. And if so, performing escape on the input data according to the operation event bound by the label and outputting the escaped data. And if not, outputting a result corresponding to the input data.
Specifically, data input by a user in a text box of a browser is received. Illustratively, the data may be a username, password, domain name, and the like.
Further, the browser in this embodiment is a browser on a terminal. The terminal may be implemented in various forms. For example, the terminal described in the present invention may include a mobile terminal such as a mobile phone, a smart phone, a notebook computer, a digital broadcast receiver, a PDA (personal digital assistant), a PAD (tablet computer), a PMP (portable multimedia player), a navigation device, and the like, and a stationary terminal such as a digital TV, a desktop computer, and the like.
The tags are bound to different operation events according to actual needs, the bound events can be mouse supporting events, focus acquiring events, focus losing events, click events and the like, and the supported events can view a w3 website element event list.
And outputting the escape data of the part with the malicious characters in the input data according to the escape rule of the escape comparison table, directly outputting the part with the good characters in the input data, and executing the result corresponding to the input data.
Further, if the input data contains malicious characters, the data after escape is displayed according to the setting.
Further, if the input data contains malicious characters, the data after escape is hidden according to the setting, and a prompt box is displayed to remind the user to input the data again. Therefore, on one hand, the opportunity of revising the user when the user carelessly inputs the data with the malicious characters is prevented, and on the other hand, the consequence of attacking the website by the malicious data input by a conscious person is avoided.
Since the data escape function is not turned on, even if the input data contains malicious characters, the input data cannot be escaped, and the result corresponding to the input data is directly output and executed.
Optionally, the processor 610 is further configured to execute the cross-site attack solution program stored in the memory 620, so as to implement the following steps:
and judging whether the input data contains preset characters. If yes, returning the data after the escape, and if not, returning a result corresponding to the input data.
Specifically, in general, when a user uses a browser, characters such as letters and numbers are input, that is, characters of the characters and numbers are considered to be benevolent characters, so that when preset characters are set, a special character is considered to be a malicious character. For example: <, >, "(space), and the like. And when the data input by the user comprises the special characters, considering that the input data comprises the malicious characters, returning the data after the escape, and if the data does not comprise the special characters, returning a result corresponding to the input data. In this embodiment, the malicious characters are set by using the above method, and in other embodiments, other single characters or combined characters may also be set as the malicious characters, which is not specifically limited herein.
That is, if it is determined that the data input by the user includes the predetermined character, the special character is escaped according to the predetermined escape rule, that is: when the input data is judged to contain the preset special characters, the malicious characters are considered to appear, in order to avoid executing the operation result of the malicious characters, the input data needs to be subjected to escape, and codes which cannot be executed are generated, so that the effect of solving the cross-website attack is achieved.
By transferring the escape rule in the comparison table, when the input data containing the preset characters is identified, the input data is automatically escaped into the non-executed code and the converted text content is displayed, so that the information leakage of the user who executes the malicious code is avoided.
And if the data input by the user does not have the preset characters, the malicious characters are not considered to exist, the data input by the user is returned, and the corresponding codes are executed.
Optionally, the processor 610 is further configured to execute the cross-site attack solution program stored in the memory 620, so as to implement the following steps:
generating a custom label, specifically comprising:
setting a custom tag class;
creating a label library description file;
loading the label library description file;
and introducing the label library into the head of the server page.
Specifically, a custom tab class is created first, which is implemented by rewriting the parent class doStartTag or doEndTag. For example, the tag to be generated is < html: input is type ═ true ═ name ═ username ═ id ═ user _ name >, the tag is displayed on the interface in the form of a text box, the tag can be a text box of a user name and a password, wherein the definition class is fully qualified as com.nubia.userdefiniftedtag, and the < input type ═ text/> tag is encapsulated, and the encapsulated tag is generated in the dostatag method.
The creation of the tag library file mainly comprises the name of a specified tag, the implementation class of the specified tag and the attribute of the tag, wherein the name of the tag can be defined according to actual needs.
Exemplarily, exemplified by the tag < html: input isetscape ═ true "name ═ username" id ═ user _ name ″. Wherein,
the label name is: inputtext.
The tag implementation classes are: com, nubia, userdefinidtag.
The label attributes are: an isetcape.
And further, configuring the tab library file in a web.xml file in a database so as to load the tab library file after the browser is started.
The tag library <% @ taglibri ═ tld/web-html "prefix ═ html"% >, can be introduced.
The tag < html: input isetscape ═ true "name ═ username" id ═ user _ name ">, can be used on the page. Wherein, the isetcape is used as a method parameter for escaping the input data. If the input data needs to be escaped, the value of isetcape is set to true, and false can be set without escaping.
Optionally, the processor 610 is further configured to execute the cross-site attack solution program stored in the memory 620, so as to implement the following steps:
binding at least one event for the tag;
and assigning the label attribute.
Specifically, the name of "true" name of "user name of" input iset "is exemplified by" html "-. First, give the original label: if the event is a focus lost event, the processed tag is < inputtypet ═ text "onfocusout ═ invokeesacape (isescape)" >.
Generating a tag according to an attribute in an html (html) input isethion (idle) idle tag (true) name (user name id) (user _ name), wherein the attribute name and the id are both the inherent attributes of input type (text), and only setting an attribute value to the attribute of an original tag, so that the processed tag is 'input isethion (text)' name id '(user _ name)' infocusousosuut '(idle) access' >.
The mobile terminal of the embodiment receives the input data, obtains the operation event of the mouse when judging to start the data escaping function, and escapes the input data according to the operation event bound by the label, so as to output the escaped data.
The embodiment of the application also provides a computer readable storage medium. The computer-readable storage medium herein stores one or more programs. Among other things, computer-readable storage media may include volatile memory, such as random access memory; the memory may also include non-volatile memory, such as read-only memory, flash memory, a hard disk, or a solid state disk; the memory may also comprise a combination of memories of the kind described above. When one or more programs in the computer-readable storage medium are executable by one or more processors, the method for solving a cross-site attack provided in any one of the first to third embodiments described above is implemented.
It should be noted that, in this document, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element.
The above-mentioned serial numbers of the embodiments of the present invention are merely for description and do not represent the merits of the embodiments.
Through the above description of the embodiments, those skilled in the art will clearly understand that the method of the above embodiments can be implemented by software plus a necessary general hardware platform, and certainly can also be implemented by hardware, but in many cases, the former is a better implementation manner. Based on such understanding, the technical solutions of the present invention may be embodied in the form of a software product, which is stored in a storage medium (such as ROM/RAM, magnetic disk, optical disk) and includes instructions for enabling a terminal device (such as a mobile phone, a computer, a server, an air conditioner, or a network device) to execute the method according to the embodiments of the present invention.
The above description is only a preferred embodiment of the present invention, and not intended to limit the scope of the present invention, and all modifications of equivalent structures and equivalent processes, which are made by using the contents of the present specification and the accompanying drawings, or directly or indirectly applied to other related technical fields, are included in the scope of the present invention.
Claims (10)
1. A method for solving a cross-site attack, the method comprising the steps of:
receiving input data;
judging whether a data escape function is started or not;
if so, acquiring an operation event of the mouse;
performing escape on the input data according to the operation event bound by the label;
and outputting the escaped data.
2. The cross-site attack solution of claim 1, wherein prior to the receiving the incoming data, the method further comprises:
and generating a custom tag.
3. The method of claim 2, wherein the generating the custom tag comprises:
setting a custom tag class;
creating a label library description file;
loading the label library description file;
and introducing the label library into the head of the server page.
4. The method for solving the cross-site attack according to claim 3, wherein the setting of the custom tag class comprises:
binding at least one event for the tag;
and assigning the label attribute.
5. The method according to claim 1, wherein said escaping said data comprises:
judging whether the input data contains preset characters or not;
if yes, returning the data after escaping;
and if not, returning a result corresponding to the input data.
6. The method as claimed in claim 1, wherein when it is determined that the data escape function is not turned on, a result corresponding to the input data is outputted.
7. The cross-site attack solution of claim 1, wherein the operational events include a support mouse event, a get focus event, an out of focus event, and a click event.
8. The method of claim 1, further comprising:
displaying the escaped data;
or hiding the escaped data and displaying a prompt box.
9. A mobile terminal, characterized in that the mobile terminal comprises a processor, a memory, the processor being configured to execute a cross-site attack solution program stored in the memory to implement the method according to any of claims 1-8.
10. A computer-readable storage medium, characterized in that the computer-readable storage medium stores one or more programs which are executable by one or more processors to implement the method of any one of claims 1-8.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710321390.6A CN107172029A (en) | 2017-05-09 | 2017-05-09 | Cross-site attack solution, mobile terminal and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710321390.6A CN107172029A (en) | 2017-05-09 | 2017-05-09 | Cross-site attack solution, mobile terminal and storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN107172029A true CN107172029A (en) | 2017-09-15 |
Family
ID=59813680
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201710321390.6A Pending CN107172029A (en) | 2017-05-09 | 2017-05-09 | Cross-site attack solution, mobile terminal and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN107172029A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113612745A (en) * | 2021-07-23 | 2021-11-05 | 苏州浪潮智能科技有限公司 | Vulnerability detection method, system, equipment and medium |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103092917A (en) * | 2012-12-20 | 2013-05-08 | 山东舜德数据管理软件工程有限公司 | Method of achieving query of business dictionary of browser page by custom tag |
| CN103577188A (en) * | 2013-10-24 | 2014-02-12 | 北京奇虎科技有限公司 | Method and device for preventing cross site scripting attack |
| CN104348789A (en) * | 2013-07-30 | 2015-02-11 | 中国银联股份有限公司 | Web server and method for preventing cross-site scripting attack |
| CN104601540A (en) * | 2014-12-05 | 2015-05-06 | 华为技术有限公司 | Cross-site scripting (XSS) attack defense method and Web server |
| US20160110547A1 (en) * | 2014-10-21 | 2016-04-21 | Veracode, Inc. | Systems and methods for analysis of cross-site scripting vulnerabilities |
-
2017
- 2017-05-09 CN CN201710321390.6A patent/CN107172029A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103092917A (en) * | 2012-12-20 | 2013-05-08 | 山东舜德数据管理软件工程有限公司 | Method of achieving query of business dictionary of browser page by custom tag |
| CN104348789A (en) * | 2013-07-30 | 2015-02-11 | 中国银联股份有限公司 | Web server and method for preventing cross-site scripting attack |
| CN103577188A (en) * | 2013-10-24 | 2014-02-12 | 北京奇虎科技有限公司 | Method and device for preventing cross site scripting attack |
| US20160110547A1 (en) * | 2014-10-21 | 2016-04-21 | Veracode, Inc. | Systems and methods for analysis of cross-site scripting vulnerabilities |
| CN104601540A (en) * | 2014-12-05 | 2015-05-06 | 华为技术有限公司 | Cross-site scripting (XSS) attack defense method and Web server |
Non-Patent Citations (1)
| Title |
|---|
| 钱丽等: "《Web应用中XSS漏洞检测与防御研究》", 《哈尔滨师范大学自然科学学报》 * |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113612745A (en) * | 2021-07-23 | 2021-11-05 | 苏州浪潮智能科技有限公司 | Vulnerability detection method, system, equipment and medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10693881B2 (en) | System and method for embedding first party widgets in third-party applications | |
| US8474048B2 (en) | Website content regulation | |
| JP4395178B2 (en) | Content processing system, method and program | |
| CN104091125B (en) | Handle the method and suspended window processing unit of suspended window | |
| US20090125977A1 (en) | Language framework and infrastructure for safe and composable applications | |
| US9032066B1 (en) | Virtual sandboxing for supplemental content | |
| US20100319051A1 (en) | Controlling access to resources by hosted entities | |
| US8375423B2 (en) | Authenticating a source of a scripted code | |
| US20130097713A1 (en) | Generation of a human readable output message in a format that is unreadable by a computer-based device | |
| CN112703496B (en) | Content policy based notification to application users regarding malicious browser plug-ins | |
| GB2517606A (en) | Dynamic rendering of a document object model | |
| US7865828B1 (en) | System, method and computer program product for updating help content via a network | |
| US20090328137A1 (en) | Method for protecting data in mashup websites | |
| EP2642718B1 (en) | Dynamic rendering of a document object model | |
| CN106874315B (en) | Method and apparatus for providing access to content resources | |
| CN111556036A (en) | Detection method, device and equipment for phishing attack | |
| US20130074160A1 (en) | Method of controlling information processing system, computer-readable recording medium storing program for controlling apparatus | |
| CN102981846A (en) | Method for treating password input box element and browser for treating the password input box element | |
| CN106033450A (en) | Method and device for blocking advertisement, and browser | |
| US20050256960A1 (en) | Security restrictions on binary behaviors | |
| CN108156121A (en) | The alarm method and device that the monitoring method and device of flow abduction, flow are kidnapped | |
| CN103023869B (en) | Malicious attack prevention method and browser | |
| CN101300559A (en) | Extensible remote tag markup system and method | |
| CN114006746A (en) | Attack detection method, device, equipment and storage medium | |
| CN107172029A (en) | Cross-site attack solution, mobile terminal and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20170915 |