CN107193667B - Method and device for updating webpage permission - Google Patents

Method and device for updating webpage permission Download PDF

Info

Publication number
CN107193667B
CN107193667B CN201710279267.2A CN201710279267A CN107193667B CN 107193667 B CN107193667 B CN 107193667B CN 201710279267 A CN201710279267 A CN 201710279267A CN 107193667 B CN107193667 B CN 107193667B
Authority
CN
China
Prior art keywords
webpage
configuration information
web page
updating
permission
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201710279267.2A
Other languages
Chinese (zh)
Other versions
CN107193667A (en
Inventor
董红光
吴华
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Xiaomi Mobile Software Co Ltd
Original Assignee
Beijing Xiaomi Mobile Software Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Xiaomi Mobile Software Co Ltd filed Critical Beijing Xiaomi Mobile Software Co Ltd
Priority to CN201710279267.2A priority Critical patent/CN107193667B/en
Publication of CN107193667A publication Critical patent/CN107193667A/en
Application granted granted Critical
Publication of CN107193667B publication Critical patent/CN107193667B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/46Multiprogramming arrangements
    • G06F9/54Interprogram communication
    • G06F9/547Remote procedure calls [RPC]; Web services
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/02Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/34Network arrangements or protocols for supporting network services or applications involving the movement of software or configuration parameters 

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Information Transfer Between Computers (AREA)
  • Storage Device Security (AREA)

Abstract

The disclosure relates to a method and a device for updating webpage permission, wherein the method comprises the following steps: acquiring authority configuration information of a webpage, wherein the authority configuration information is used for limiting terminal local functions which can be called by the webpage; storing the authority configuration information of the webpage in webpage data of the webpage; receiving a webpage request of the webpage, wherein the webpage request is used for requesting webpage data of the webpage; and sending the webpage data of the webpage carrying the permission configuration information. According to the technical scheme, the terminal local functions which can be called by each webpage can be controlled in a finer granularity, the configuration of the authority configuration information can be carried out at the server side, the operation is convenient and fast, the intervention of the application client side is not needed, and the maintenance cost of the application client side is reduced.

Description

Method and device for updating webpage permission
Technical Field
The disclosure relates to the technical field of internet, and in particular, to a method and an apparatus for updating web page permissions.
Background
With the rapid development of the application client in the mobile phone, most of the application clients of the mobile phone can open a large number of mobile phone local functions such as a camera function and a GPS (global positioning System) positioning function, so that the capability of the third-party webpage loaded in the application client can be expanded, the third-party webpage can call the mobile phone local functions through JavaScript, and better user experience is brought.
Disclosure of Invention
The embodiment of the disclosure provides a method and a device for updating webpage permission. The technical scheme is as follows:
according to a first aspect of the embodiments of the present disclosure, there is provided a method for updating a web page permission, including:
acquiring authority configuration information of a webpage, wherein the authority configuration information is used for limiting terminal local functions which can be called by the webpage;
storing the authority configuration information of the webpage in webpage data of the webpage;
receiving a webpage request of the webpage, wherein the webpage request is used for requesting webpage data of the webpage;
and sending the webpage data of the webpage carrying the permission configuration information.
The technical scheme provided by the embodiment of the disclosure can have the following beneficial effects: in the embodiment, the right configuration information can control the webpage to only call the terminal local function which can be called by the webpage and is limited in the right configuration information, other functions cannot be called, the terminal local function which can be called by each webpage is controlled in a finer granularity, the right configuration information is stored in the webpage data of the webpage by the webpage server, the configuration is convenient and quick, and the webpage data of the webpage carrying the right configuration information can be returned to the terminal when the webpage request of the webpage sent by the terminal is received, so that the right configuration information takes effect immediately at the terminal side; since the permission configuration information is configured through the web server, application client intervention is not needed, and the maintenance cost of the application client is reduced.
In one embodiment, the web page data includes a hypertext markup language HTML file, and the storing the right configuration information of the web page in the web page data of the web page includes:
storing the authority configuration information of the webpage in an HTML file of the webpage;
the method further comprises the following steps:
acquiring first updating authority configuration information of the webpage;
and replacing the permission configuration information in the HTML file of the webpage with the first updating permission configuration information of the webpage in a mode of updating the HTML file of the webpage.
The technical scheme provided by the embodiment of the disclosure can have the following beneficial effects: in the embodiment, the permission configuration information of the web page is stored in the HTML file of the web page, the permission configuration information in the HTML file of the web page is replaced by the first updating permission configuration information of the web page in time after the first updating permission configuration information is acquired, and the new permission configuration information is updated to the HTML file of the web page, so that the permission configuration information of the web page can be conveniently and quickly stored in the web page and updated in time.
In one embodiment, the web page data includes a Java Script JS file, and the saving the permission configuration information of the web page in the web page data of the web page includes:
storing the permission configuration information of the webpage in a JS file of the webpage;
the method further comprises the following steps:
acquiring second updating authority configuration information of the webpage;
and replacing the permission configuration information in the JS file of the webpage with the second updating permission configuration information of the webpage in the mode of updating the JS file of the webpage.
The technical scheme provided by the embodiment of the disclosure can have the following beneficial effects: in the embodiment, the right configuration information of the webpage is stored in the JS file of the webpage, the right configuration information in the JS file of the webpage is replaced by the second updating right configuration information of the webpage after the second updating right configuration information is acquired, and the new right configuration information is updated to the JS file of the webpage, so that the right configuration information of the webpage can be conveniently and quickly stored in the webpage and can be updated in time.
In one embodiment, the permission configuration information of the web page includes information in the form of a character string.
The technical scheme provided by the embodiment of the disclosure can have the following beneficial effects: according to the embodiment, the permission configuration information of the webpage can be written into the webpage data of the webpage in a character string mode, and the terminal can conveniently analyze and generate the permission configuration information.
In one embodiment, the authority configuration information further includes signature information for enabling the terminal to verify validity of the authority configuration information.
The technical scheme provided by the embodiment of the disclosure can have the following beneficial effects: the embodiment can set the signature information in the authority configuration information, prevent a third party from forging the authority configuration information, and ensure the safety and the effectiveness of the transmission of the authority configuration information.
According to a second aspect of the embodiments of the present disclosure, there is provided an apparatus for updating a web page permission, including:
the system comprises a first acquisition module, a second acquisition module and a third acquisition module, wherein the first acquisition module is used for acquiring authority configuration information of a webpage, and the authority configuration information is used for limiting terminal local functions which can be called by the webpage;
the storage module is used for storing the authority configuration information of the webpage in the webpage data of the webpage;
a receiving module, configured to receive a web page request of the web page, where the web page request is used to request web page data of the web page;
and the sending module is used for sending the webpage data of the webpage carrying the permission configuration information.
In one embodiment, the web page data includes a hypertext markup language HTML file, and the saving module includes:
the first storage submodule is used for storing the authority configuration information of the webpage in an HTML (hypertext markup language) file of the webpage;
the device further comprises:
the second acquisition module is used for acquiring first updating authority configuration information of the webpage;
and the first replacing module is used for replacing the permission configuration information in the HTML file of the webpage with the first updating permission configuration information of the webpage in a mode of updating the HTML file of the webpage.
In one embodiment, the web page data includes a Java Script JS file, and the saving module includes:
the second storage submodule is used for storing the permission configuration information of the webpage in the JS file of the webpage;
the device further comprises:
the third acquisition module is used for acquiring second updating authority configuration information of the webpage;
and the second replacement module is used for replacing the permission configuration information in the JS file of the webpage by the second updating permission configuration information of the webpage in the form of updating the JS file of the webpage.
In one embodiment, the permission configuration information of the web page includes information in the form of a character string.
In one embodiment, the authority configuration information further includes signature information for enabling the terminal to verify validity of the authority configuration information.
According to a third aspect of the embodiments of the present disclosure, there is provided an apparatus for updating a web page permission, including:
a processor;
a memory for storing processor-executable instructions;
wherein the processor is configured to:
acquiring authority configuration information of a webpage, wherein the authority configuration information is used for limiting terminal local functions which can be called by the webpage;
storing the authority configuration information of the webpage in webpage data of the webpage;
receiving a webpage request of the webpage, wherein the webpage request is used for requesting webpage data of the webpage;
and sending the webpage data of the webpage carrying the permission configuration information.
According to a fourth aspect of embodiments of the present disclosure, there is provided a computer readable storage medium storing computer instructions which, when executed by a processor, implement the steps of:
acquiring authority configuration information of a webpage, wherein the authority configuration information is used for limiting terminal local functions which can be called by the webpage;
storing the authority configuration information of the webpage in webpage data of the webpage;
receiving a webpage request of the webpage, wherein the webpage request is used for requesting webpage data of the webpage;
and sending the webpage data of the webpage carrying the permission configuration information.
It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of the disclosure.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the present disclosure and together with the description, serve to explain the principles of the disclosure.
Fig. 1 is a flowchart illustrating a method of updating web page permissions according to an exemplary embodiment.
Fig. 2 is a flowchart illustrating a method of updating web page permissions, according to an example embodiment.
Fig. 3 is a flowchart illustrating a method of updating web page permissions, according to an example embodiment.
Fig. 4 is a block diagram illustrating an apparatus for updating web page permissions according to an exemplary embodiment.
Fig. 5 is a block diagram illustrating an apparatus for updating web page permissions according to an exemplary embodiment.
Fig. 6 is a block diagram illustrating an apparatus for updating web page permissions according to an exemplary embodiment.
Fig. 7 is a block diagram illustrating an apparatus for updating web page permissions according to an example embodiment.
Detailed Description
Reference will now be made in detail to the exemplary embodiments, examples of which are illustrated in the accompanying drawings. When the following description refers to the accompanying drawings, like numbers in different drawings represent the same or similar elements unless otherwise indicated. The implementations described in the exemplary embodiments below are not intended to represent all implementations consistent with the present disclosure. Rather, they are merely examples of apparatus and methods consistent with certain aspects of the present disclosure, as detailed in the appended claims.
At present, white list control is added to application of an application client, only trusted web pages in a white list are allowed to call local functions of a mobile phone, and unpredictable results caused by the fact that untrusted web pages use the local functions of the mobile phone are prevented. However, in the above method, the untrusted web page cannot invoke any terminal local function opened by the application client, and the trusted web page can invoke all terminal local functions opened by the application client, and cannot perform finer-grained control on the authority of the web page to invoke the terminal local function; if the authority configuration information of each webpage is set in the application client, the terminal local capability which can be called by the webpage is specified by the authority configuration information, the webpage can be controlled to only call the terminal local function which can be called and limited in the authority configuration information, and the authority of calling the terminal local function by the webpage is controlled in a finer granularity; however, the permission configuration information needs to be preset in the application client, and the application client updates the permission configuration information when the permission configuration information changes.
According to the technical scheme provided by the embodiment of the disclosure, a webpage server side can acquire authority configuration information of a webpage, wherein the authority configuration information is used for limiting terminal local functions which can be called by the webpage; then writing the authority configuration information of the webpage into webpage data of the webpage; when a webpage request of the webpage sent by a terminal is received and webpage data of the webpage are requested, returning the webpage data of the webpage carrying the authority configuration information to the terminal, so that the terminal controls the webpage to call an available terminal local function corresponding to the webpage limited in the authority configuration information according to the authority configuration information; because the permission configuration information is configured through the web server, an application client does not need to be involved, and the maintenance cost of the application client is reduced.
Fig. 1 is a flowchart illustrating a method for updating web page permissions according to an exemplary embodiment, where as shown in fig. 1, the method for updating web page permissions is used in a web page server, and includes the following steps 101 to 104:
in step 101, authority configuration information of a web page is obtained, where the authority configuration information is used to define terminal local functions that can be called by the web page.
In step 102, the authority configuration information of the web page is stored in the web page data of the web page.
In step 103, a web page request of the web page is received, where the web page request is used to request web page data of the web page.
In step 104, sending the webpage data of the webpage carrying the permission configuration information.
In this embodiment, the authority configuration information of the web page is applied by a server (e.g., a wechat server) corresponding to an application client, the application client applies for a terminal local function that can be called by the web page for the web page that can be loaded by the application client, the application is usually checked by a manager of the terminal, and after the application is checked, the authority configuration information of the web page can be sent to the web server corresponding to the web page, so that the web server can obtain the authority configuration information of the web page, where the authority configuration information is used to limit the terminal local function that can be called by the web page, and may include the web page of the web page and the terminal local function that can be called by the web page.
After acquiring the authority configuration information of the web page, the web page server can write the authority configuration information of the web page into the web page data of the web page, so that an application client in the terminal sends a web page request to the web page server, when the web page is requested to be loaded, the web page server can return the web page data of the web page carrying the authority configuration information to the terminal, the application client loads the web page according to the web page data, when the web page needs to call a local function of a certain terminal, the application client can acquire the authority configuration information of the web page from the web page data of the web page through a corresponding interface, and then when the local function of the web page needs to be called, the local function of the certain terminal belongs to the terminal local function which can be called by the web page defined by the authority configuration information of the web page and the website of the web page is the website of the web page defined in the authority configuration information, the web page is controlled to call the terminal local function which needs to be called.
Here, the terminal local function may be a function that the terminal has, such as a camera function and a GPS positioning function.
In this embodiment, the web server may write the new permission configuration information of the web page into the web page data of the web page after the permission configuration information of the web page changes, so that, after receiving a web page request of the terminal, the web page data of the web page carrying the new permission configuration information may be returned to the terminal, so that the terminal controls the web page to call a local function of the terminal according to the new permission configuration information, and the new permission configuration information becomes effective immediately.
According to the method and the device, the right configuration information can control the webpage to only call the terminal local function which can be called and is corresponding to the webpage and limited in the right configuration information, other functions cannot be called, the terminal local function which can be called by each webpage is controlled in a finer granularity, the right configuration information is written into webpage data of the webpage by the webpage server, configuration is convenient and fast, the webpage data carrying the right configuration information can be returned to the terminal when the terminal sends a webpage request of the webpage, the right configuration information is enabled to take effect immediately at the terminal side, and as the right configuration information is configured through the webpage server, application client intervention is not needed, and therefore maintenance cost of the application client is reduced. .
In a possible implementation manner, the web page data includes an HTML (HyperText Mark-up Language) file, the step 102 may be implemented as the following step a1, and the above-mentioned method for updating the web page permission may further include the following steps a2 and A3.
In step a1, the permission configuration information of the web page is saved in the HTML file of the web page.
In step a2, first update right configuration information of the web page is obtained.
In step a3, the permission configuration information in the HTML file of the web page is replaced with the first updated permission configuration information of the web page in the form of updating the HTML file of the web page.
In this embodiment, the web page data includes an HTML file. For example, after acquiring the permission configuration information of the web page 1 (e.g., the permission configuration information defines that the terminal local function that can be called by the web page 1 is a camera function), the web page server may write the permission configuration information of the web page 1 into an HTML file of the web page 1. Therefore, the application client in the terminal sends a webpage request to the webpage server, and when the webpage 1 is requested to be loaded, the webpage server can return the webpage data of the webpage 1 carrying the permission configuration information to the terminal. The application client loads the webpage 1 according to the webpage data received by the terminal, when the webpage 1 calls the GPS positioning function through the interface 1 provided by the application client, the application client can acquire the authority configuration information of the webpage 1 from the HTML file of the webpage 1 through the interface 2, then the GPS positioning function to be called of the webpage 1 is determined not to belong to the camera function which is the called terminal local function limited in the authority configuration information of the webpage 1, and the instruction for controlling the webpage 1 to call the GPS positioning function is not executed.
In this embodiment, assuming that the application client applies for the loadable web page 1 to add the web page 1 and can invoke the GPS positioning function successfully, the web server may obtain new permission configuration information of the web page 1, that is, the first update permission configuration information is that the terminal-local-function that can be invoked and corresponds to the web page 1 is the camera function and the GPS positioning function, at this time, the permission configuration information of the web page 1 may be replaced with the first update permission configuration information of the web page 1 in the form of an HTML file that updates the web page 1 (that is, the permission configuration information defines the terminal-local-function that can be invoked and corresponds to the web page 1 as the camera function), so as to obtain the HTML file carrying the first update permission configuration information. Therefore, the application client in the terminal sends a webpage request to the webpage server, and when the webpage 1 is requested to be loaded, the webpage server can return the webpage data of the webpage 1 carrying the first updating permission configuration information to the terminal. The application client loads the webpage 1 according to the webpage data received by the terminal, when the webpage 1 calls the GPS positioning function through the interface 1 provided by the application client, the application client can acquire the authority configuration information of the webpage 1 from the HTML file of the webpage 1 through the interface 2, then the GPS positioning function to be called of the webpage 1 is determined to belong to the terminal local function which can be called and is limited in the first updating authority configuration information of the webpage 1, and the website of the webpage 1 is the website of the webpage 1 which is limited in the authority configuration information of the webpage, the webpage 1 is controlled to call the GPS positioning function, and therefore the updated first updating authority configuration information can be immediately effective.
In the embodiment, the permission configuration information of the web page is stored in the HTML file of the web page, the permission configuration information in the HTML file of the web page is replaced by the first updating permission configuration information of the web page in time after the first updating permission configuration information is acquired, and the new permission configuration information is updated to the HTML file of the web page, so that the permission configuration information of the web page can be conveniently and quickly stored in the web page and updated in time.
In a possible implementation manner, the webpage data includes a js (java script) file, the step 102 may be implemented as the following step B1, and the above method for updating the webpage authority may further include the following steps B2 and B3.
In step B1, the permission configuration information of the web page is saved in the JS file of the web page.
In step B2, second update right configuration information of the web page is obtained.
In step B3, the permission configuration information in the JS file of the web page is replaced with the second update permission configuration information of the web page in the form of updating the JS file of the web page.
In this embodiment, the web page data includes a js (javascript) file. The JS file and the HTML file are both format files in webpage data, JavaScript is stored in the JS file, and is a high-level program language which is a dynamic type object-oriented (prototype-based) transliteration language through interpretation execution.
For example, after acquiring the permission configuration information of the web page 1 (for example, the local function of the callable terminal corresponding to the web page 1 is a camera function), the web page server may write the permission configuration information of the web page 1 into the JS file of the web page 1. Therefore, after the application client in the terminal acquires the webpage data and loads the webpage 1 accordingly, when the webpage 1 calls the GPS positioning function through the interface 1 provided by the application client, the application client may acquire the permission configuration information of the webpage 1 from the JS file of the webpage 1 through the interface 2, and then determine that the to-be-called GPS positioning function of the webpage 1 does not belong to the terminal local function, i.e., the camera function, which is defined in the permission configuration information of the webpage 1 and can be called, and then the instruction for controlling the webpage 1 to call the GPS positioning function is not executed.
Assuming that the application client applies for adding the web page 1 to the loadable web page 1 and the GPS positioning function is successfully invoked, the web server obtains new right configuration information of the web page 1, that is, second updated right configuration information, and the invokable terminal local function corresponding to the web page 1 is the camera function and the GPS positioning function, at this time, the right configuration information of the web page 1 may be replaced with the second updated right configuration information of the web page 1 in the form of a JS file for updating the web page 1 (that is, the right configuration information defines the invokable terminal local function of the web page 1 as the camera function), so as to obtain the JS file carrying the second updated right configuration information. Therefore, the application client in the terminal sends a webpage request to the webpage server, and when the webpage 1 is requested to be loaded, the webpage server can return the webpage data of the webpage 1 carrying the permission configuration information to the terminal, wherein the webpage data comprises the JS file. The application client loads the webpage 1 according to the webpage data, when the webpage 1 calls the GPS positioning function through the interface 1 provided by the application client, the application client can acquire the permission configuration information of the webpage 1 from the JS file of the webpage 1 through the interface 2, then the GPS positioning function to be called of the webpage 1 is determined to belong to the terminal local function which can be called and is limited in the permission configuration information of the webpage 1, and the website of the webpage 1 is the website of the webpage which is limited in the permission configuration information of the webpage, the webpage 1 is controlled to call the GPS positioning function, and therefore the second updated permission configuration information can be immediately effective.
In the embodiment, the right configuration information of the webpage is stored in the JS file of the webpage, the first updating right configuration information of the webpage is used for replacing the right configuration information in the JS file of the webpage after the first updating right configuration information is acquired, the new right configuration information is updated to the JS file of the webpage, and the right configuration information of the webpage can be conveniently and quickly stored in the webpage and timely updated.
In a possible implementation manner, in the method for updating the web page permission, the permission configuration information of the web page includes information in the form of a character string.
Here, the authority configuration information of the web page includes information in a form of a character string, where the form of the character string may be a JSON (JavaScript Object Notation) character string, or may be another character string that can be used in the web page, and the embodiment is not limited herein.
Here, JSON is a lightweight data exchange language, is text-based, and is easy for people to read, and also facilitates machine parsing and generation. In this embodiment, the web server may write the permission configuration information of the web page into an HTML file or a JS file of the web page in the form of a JSON character string.
According to the embodiment, the permission configuration information of the webpage can be written into the webpage data of the webpage in a character string mode, and the machine can conveniently analyze and generate the permission configuration information.
In a possible implementation manner, the authority configuration information further includes signature information, and the signature information is used for enabling the terminal to verify the validity of the authority configuration information.
In this embodiment, the signature information includes a signature, or the signature information includes a signature and a content provider, or the signature information includes a signature and a signature expiration time; alternatively, the signature information includes a content provider, a signature, and a signature expiration time.
In this embodiment, the example is that the signature information includes the content provider, the signature, and the signature expiration time. The server corresponding to the application client applies for the web page 1 loadable by the application client for the terminal local function that can be invoked by the web page 1 within a certain time, the application is usually checked by a manager of the terminal, after the application is checked to pass, the application is sent to the signature server, the signature server calculates according to the website of the web page 1, the terminal local function that can be invoked and the invocation deadline, and generates a signature according to a preset encryption algorithm, wherein the invocation deadline is the signature expiration time in the signature information, so that the signature server can generate the authority configuration information of the web page 1 (the authority configuration information includes content providers such as the server corresponding to the application client, the signature expiration time, the website of the web page 1 and the terminal local function that can be invoked by the web page 1), and then the signature server can send the authority configuration information of the web page 1 to the web page server corresponding to the web page 1, the web page server writes the permission configuration information of the web page 1 into an HTML file or a JS file of the web page 1 in a JSON character string form, wherein the permission configuration information in the JSON character string form can be as follows:
Figure BDA0001279126850000111
Figure BDA0001279126850000121
in this way, when receiving a web page request of the web page 1 sent by an application client of the terminal, the web page server issues the web page data of the web page 1 carrying the authority configuration information of the web page 1 to the terminal, and when the terminal verifies that the signature information is valid, the web page 1 is controlled to call the terminal-local function, which is defined by the authority configuration information of the web page 1, of the web page 1.
The embodiment can set the signature information in the authority configuration information, prevent a third party from forging the authority configuration information, and ensure the safety and the effectiveness of the transmission of the authority configuration information.
The implementation is described in detail below by way of several embodiments.
Fig. 2 is a flowchart illustrating a method for updating web page permissions according to an exemplary embodiment, where the method may be implemented by a device such as a web page server, as shown in fig. 2, and includes steps 201 to 206.
In step 201, authority configuration information of a web page is obtained, where the authority configuration information is used to define terminal local functions that can be called by the web page.
In step 202, the authority configuration information of the web page is stored in an HTML file of the web page, and the authority configuration information of the web page includes information in a character string form.
In step 203, receiving a web page request of the web page, where the web page request is used to request web page data of the web page; and sending the webpage data of the webpage carrying the permission configuration information.
In step 204, first update permission configuration information of the web page is obtained.
In step 205, the first updated permission configuration information of the web page is used to replace the permission configuration information in the HTML file of the web page in the form of updating the HTML file of the web page.
In step 206, receiving a web page request of the web page, where the web page request is used to request web page data of the web page; and sending the webpage data of the webpage carrying the first updating permission configuration information.
Fig. 3 is a flowchart illustrating a method for updating web page permissions according to an exemplary embodiment, where the method may be implemented by a device such as a web page server, as shown in fig. 3, and includes steps 301 to 306.
In step 301, authority configuration information of a web page is obtained, where the authority configuration information is used to define terminal local functions that can be invoked by the web page.
In step 302, storing the permission configuration information of the web page in the JS file of the web page, where the permission configuration information of the web page includes information in the form of a character string.
In step 303, receiving a web page request of the web page, where the web page request is used to request web page data of the web page; and sending the webpage data of the webpage carrying the permission configuration information.
In step 304, first update permission configuration information of the webpage is obtained.
In step 305, the permission configuration information in the JS file of the web page is replaced with the first updated permission configuration information of the web page in the form of updating the JS file of the web page.
In step 306, receiving a web page request of the web page, where the web page request is used to request web page data of the web page; and sending the webpage data of the webpage carrying the first updating permission configuration information.
Fig. 4 is a block diagram illustrating an apparatus for updating web page permissions, which may be implemented as part or all of an electronic device through software, hardware or a combination of both, according to an example embodiment. As shown in fig. 4, the apparatus for calling the local function of the terminal by the web page includes: a first obtaining module 401, a saving module 402, a receiving module 403 and a sending module 404; wherein:
a first obtaining module 401, configured to obtain permission configuration information of a web page, where the permission configuration information is used to limit a terminal local function that can be called by the web page;
a saving module 402, configured to save the permission configuration information of the web page in the web page data of the web page;
a receiving module 403, configured to receive a web page request of the web page, where the web page request is used to request web page data of the web page;
a sending module 404, configured to send the webpage data of the webpage carrying the permission configuration information.
As a possible embodiment, the web page data includes a hypertext markup language HTML file, the above-disclosed apparatus for updating web page permissions may further configure the saving module 402 to include a first saving sub-module 4021, and may also be configured to include a second obtaining module 405 and a first replacing module 406, fig. 5 is a block diagram of the apparatus for updating web page permissions, where:
the first saving sub-module 4021 is configured to save the permission configuration information of the web page in an HTML file of the web page;
a second obtaining module 405, configured to obtain first update permission configuration information of the web page;
a first replacing module 406, configured to replace the permission configuration information in the HTML file of the web page with the first updated permission configuration information of the web page in the form of updating the HTML file of the web page.
As another possible embodiment, the webpage data includes a Java Script JS file, the above-disclosed apparatus for updating webpage permissions may further configure the saving module 402 to include a second saving submodule 4022, and may further be configured to include a third obtaining module 407 and a second replacing module 408, fig. 6 is a block diagram of the apparatus for updating webpage permissions, where:
the second saving sub-module 4022 is configured to save the permission configuration information of the web page in the JS file of the web page;
a third obtaining module 407, configured to obtain second update permission configuration information of the web page;
and the second replacing module 408 is configured to replace the permission configuration information in the JS file of the web page with the second updated permission configuration information of the web page in the form of updating the JS file of the web page.
As another possible embodiment, the authority configuration information of the web page in the above disclosed apparatus for updating web page authority includes information in the form of a character string.
As another possible embodiment, in the above disclosed apparatus for updating web page permissions, the permission configuration information further includes signature information, and the signature information is used to enable the terminal to verify the validity of the permission configuration information.
With regard to the apparatus in the above-described embodiment, the specific manner in which each module performs the operation has been described in detail in the embodiment related to the method, and will not be elaborated here.
Fig. 7 is a block diagram illustrating an apparatus for updating web page permissions according to an exemplary embodiment. For example, the apparatus 700 may be provided as a server. The apparatus 700 includes a processing component 711, which further includes one or more processors, and memory resources, represented by memory 712, for storing instructions, such as application programs, that are executable by the processing component 711. The application programs stored in memory 712 may include one or more modules that each correspond to a set of instructions. Further, the processing component 711 is configured to execute instructions to perform the above-described methods.
The apparatus 700 may also include a power component 713 configured to perform power management of the apparatus 700, a wired or wireless network interface 714 configured to connect the apparatus 700 to a network, and an input/output (I/O) interface 715. The apparatus 700 may operate based on an operating system stored in the memory 712, such as Windows Server, Mac OS XTM, UnixTM, LinuxTM, FreeBSDTM, or the like.
The present embodiment provides a computer readable storage medium, the instructions in which when executed by the processor of the apparatus 700 implement the steps of:
acquiring authority configuration information of a webpage, wherein the authority configuration information is used for limiting terminal local functions which can be called by the webpage;
storing the authority configuration information of the webpage in webpage data of the webpage;
receiving a webpage request of the webpage, wherein the webpage request is used for requesting webpage data of the webpage;
and sending the webpage data of the webpage carrying the permission configuration information.
The instructions in the storage medium when executed by the processor may further implement the steps of:
the web page data includes a hypertext markup language (HTML) file, and the step of storing the authority configuration information of the web page in the web page data of the web page includes:
storing the authority configuration information of the webpage in an HTML file of the webpage;
the method further comprises the following steps:
acquiring first updating authority configuration information of the webpage;
and replacing the permission configuration information in the HTML file of the webpage with the first updating permission configuration information of the webpage in a mode of updating the HTML file of the webpage.
The instructions in the storage medium when executed by the processor may further implement the steps of:
the webpage data include Java Script JS file, will the permission configuration information of webpage is saved in the webpage data of webpage, include:
storing the permission configuration information of the webpage in a JS file of the webpage;
the method further comprises the following steps:
acquiring second updating authority configuration information of the webpage;
and replacing the permission configuration information in the JS file of the webpage with the second updating permission configuration information of the webpage in the mode of updating the JS file of the webpage.
The instructions in the storage medium when executed by the processor may further implement the steps of:
the authority configuration information of the web page comprises information in a character string form.
The instructions in the storage medium when executed by the processor may further implement the steps of:
the authority configuration information also comprises signature information, and the signature information is used for enabling the terminal to verify the validity of the authority configuration information.
This embodiment also provides an update device of webpage authority, includes:
a processor;
a memory for storing processor-executable instructions;
wherein the processor is configured to:
acquiring authority configuration information of a webpage, wherein the authority configuration information is used for limiting terminal local functions which can be called by the webpage;
storing the authority configuration information of the webpage in webpage data of the webpage;
receiving a webpage request of the webpage, wherein the webpage request is used for requesting webpage data of the webpage;
and sending the webpage data of the webpage carrying the permission configuration information.
The processor may be further configured to:
the web page data includes a hypertext markup language (HTML) file, and the step of storing the authority configuration information of the web page in the web page data of the web page includes:
storing the authority configuration information of the webpage in an HTML file of the webpage;
the method further comprises the following steps:
acquiring first updating authority configuration information of the webpage;
and replacing the permission configuration information in the HTML file of the webpage with the first updating permission configuration information of the webpage in a mode of updating the HTML file of the webpage.
The processor may be further configured to:
the webpage data include Java Script JS file, will the permission configuration information of webpage is saved in the webpage data of webpage, include:
storing the permission configuration information of the webpage in a JS file of the webpage;
the method further comprises the following steps:
acquiring second updating authority configuration information of the webpage;
and replacing the permission configuration information in the JS file of the webpage with the second updating permission configuration information of the webpage in the mode of updating the JS file of the webpage.
The processor may be further configured to:
the authority configuration information of the web page comprises information in a character string form.
The processor may be further configured to:
the authority configuration information also comprises signature information, and the signature information is used for enabling the terminal to verify the validity of the authority configuration information.
Other embodiments of the disclosure will be apparent to those skilled in the art from consideration of the specification and practice of the disclosure disclosed herein. This application is intended to cover any variations, uses, or adaptations of the disclosure following, in general, the principles of the disclosure and including such departures from the present disclosure as come within known or customary practice within the art to which the disclosure pertains. It is intended that the specification and examples be considered as exemplary only, with a true scope and spirit of the disclosure being indicated by the following claims.
It will be understood that the present disclosure is not limited to the precise arrangements described above and shown in the drawings and that various modifications and changes may be made without departing from the scope thereof. The scope of the present disclosure is limited only by the appended claims.

Claims (12)

1. A method for updating web page permission is applied to a web page server and comprises the following steps:
acquiring authority configuration information of a webpage which is applied by an application client and is approved by a manager, wherein the authority configuration information is used for limiting terminal local functions which can be called by the webpage;
storing the authority configuration information of the webpage in webpage data of the webpage;
receiving a webpage request of the webpage sent by the application client, wherein the webpage request is used for requesting webpage data of the webpage;
and sending the webpage data of the webpage carrying the permission configuration information to the application client.
2. The method of claim 1, wherein the web page data comprises a hypertext markup language (HTML) file, and wherein the storing the permission configuration information of the web page in the web page data of the web page comprises:
storing the authority configuration information of the webpage in an HTML file of the webpage;
the method further comprises the following steps:
acquiring first updating authority configuration information of the webpage;
and replacing the permission configuration information in the HTML file of the webpage with the first updating permission configuration information of the webpage in a mode of updating the HTML file of the webpage.
3. The method of claim 1, wherein the web page data comprises a Java Script JS file, and wherein saving the permission configuration information for the web page within the web page data for the web page comprises:
storing the permission configuration information of the webpage in a JS file of the webpage;
the method further comprises the following steps:
acquiring second updating authority configuration information of the webpage;
and replacing the permission configuration information in the JS file of the webpage with the second updating permission configuration information of the webpage in the mode of updating the JS file of the webpage.
4. The method of claim 1,
the authority configuration information of the web page comprises information in a character string form.
5. The method according to claim 1, wherein the right configuration information further comprises signature information, and the signature information is used for enabling the terminal to verify the validity of the right configuration information.
6. An apparatus for updating web page permissions, applied to a web page server, comprising:
the first acquisition module is used for acquiring authority configuration information of a webpage which is applied by an application client and is approved by a manager, wherein the authority configuration information is used for limiting terminal local functions which can be called by the webpage;
the storage module is used for storing the authority configuration information of the webpage in the webpage data of the webpage;
a receiving module, configured to receive a web page request of the web page sent by the application client, where the web page request is used to request web page data of the web page;
and the sending module is used for sending the webpage data of the webpage carrying the permission configuration information to the application client.
7. The apparatus of claim 6, wherein the web page data comprises a hypertext markup language (HTML) file, and wherein the saving module comprises:
the first storage submodule is used for storing the authority configuration information of the webpage in an HTML (hypertext markup language) file of the webpage;
the device further comprises:
the second acquisition module is used for acquiring first updating authority configuration information of the webpage;
and the first replacing module is used for replacing the permission configuration information in the HTML file of the webpage with the first updating permission configuration information of the webpage in a mode of updating the HTML file of the webpage.
8. The apparatus of claim 6, wherein the web page data comprises a Java Script JS file, and wherein the save module comprises:
the second storage submodule is used for storing the permission configuration information of the webpage in the JS file of the webpage;
the device further comprises:
the third acquisition module is used for acquiring second updating authority configuration information of the webpage;
and the second replacement module is used for replacing the permission configuration information in the JS file of the webpage by the second updating permission configuration information of the webpage in the form of updating the JS file of the webpage.
9. The apparatus of claim 6,
the authority configuration information of the web page comprises information in a character string form.
10. The apparatus of claim 6, wherein the permission configuration information further comprises signature information, and the signature information is used for enabling the terminal to verify the validity of the permission configuration information.
11. An apparatus for updating web page permissions, applied to a web page server, comprising:
a processor;
a memory for storing processor-executable instructions;
wherein the processor is configured to:
acquiring authority configuration information of a webpage which is applied by an application client and is approved by a manager, wherein the authority configuration information is used for limiting terminal local functions which can be called by the webpage;
storing the authority configuration information of the webpage in webpage data of the webpage;
receiving a webpage request of the webpage sent by the application client, wherein the webpage request is used for requesting webpage data of the webpage;
and sending the webpage data of the webpage carrying the permission configuration information to the application client.
12. A computer readable storage medium storing computer instructions, for application to a web server, the computer instructions when executed by a processor performing the steps of:
acquiring authority configuration information of a webpage which is applied by an application client and is approved by a manager, wherein the authority configuration information is used for limiting terminal local functions which can be called by the webpage;
storing the authority configuration information of the webpage in webpage data of the webpage;
receiving a webpage request of the webpage sent by the application client, wherein the webpage request is used for requesting webpage data of the webpage;
and sending the webpage data of the webpage carrying the permission configuration information to the application client.
CN201710279267.2A 2017-04-25 2017-04-25 Method and device for updating webpage permission Active CN107193667B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710279267.2A CN107193667B (en) 2017-04-25 2017-04-25 Method and device for updating webpage permission

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710279267.2A CN107193667B (en) 2017-04-25 2017-04-25 Method and device for updating webpage permission

Publications (2)

Publication Number Publication Date
CN107193667A CN107193667A (en) 2017-09-22
CN107193667B true CN107193667B (en) 2021-03-09

Family

ID=59872367

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710279267.2A Active CN107193667B (en) 2017-04-25 2017-04-25 Method and device for updating webpage permission

Country Status (1)

Country Link
CN (1) CN107193667B (en)

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108416199B (en) * 2018-03-07 2022-07-15 北京恒华伟业科技股份有限公司 User permission control method and device of application and server
CN109343900B (en) * 2018-08-30 2022-04-08 维沃移动通信有限公司 Permission configuration method and terminal
CN109213947B (en) * 2018-08-31 2021-12-14 北京京东金融科技控股有限公司 Browser page display method and device, electronic equipment and readable medium
CN110971589A (en) * 2019-10-31 2020-04-07 杭州来布科技有限公司 File management method

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102799477A (en) * 2012-07-16 2012-11-28 中兴通讯股份有限公司 Resource access method and apparatus
CN103279373A (en) * 2013-05-31 2013-09-04 广州市动景计算机科技有限公司 Method and device for updating browser shell functions
CN104375831A (en) * 2014-11-06 2015-02-25 北京奇虎科技有限公司 Method, device and system realizing communication between webpage and applications on terminal equipment
CN104838630A (en) * 2012-10-10 2015-08-12 思杰系统有限公司 Policy-based application management

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102799477A (en) * 2012-07-16 2012-11-28 中兴通讯股份有限公司 Resource access method and apparatus
CN104838630A (en) * 2012-10-10 2015-08-12 思杰系统有限公司 Policy-based application management
CN103279373A (en) * 2013-05-31 2013-09-04 广州市动景计算机科技有限公司 Method and device for updating browser shell functions
CN104375831A (en) * 2014-11-06 2015-02-25 北京奇虎科技有限公司 Method, device and system realizing communication between webpage and applications on terminal equipment

Also Published As

Publication number Publication date
CN107193667A (en) 2017-09-22

Similar Documents

Publication Publication Date Title
CN107193667B (en) Method and device for updating webpage permission
US9075663B2 (en) Cloud-based web workers and storages
US8516037B2 (en) Methods for dynamic partitioning of applications in client-server environments
CN111522595B (en) Transient application
CN107491320B (en) Loading method and device based on mixed-mode mobile application
US20180336348A1 (en) Modifying web page code to include code to protect output
CN105718313A (en) Application operation method and device
Shehab et al. Reducing attack surface on cordova-based hybrid mobile apps
US8904492B2 (en) Method of controlling information processing system, computer-readable recording medium storing program for controlling apparatus
US9755844B2 (en) Techniques to transform network resource requests to zero rated network requests
CN111737687A (en) Access control method, system, electronic device and medium for webpage application system
CN111079048A (en) Page loading method and device
WO2020073374A1 (en) Advertisement anti-shielding method and device
US9251362B2 (en) Medium for storing control program, client apparatus, and control method for client apparatus
CN112818270B (en) Data cross-domain transfer method and device and computer equipment
TW201929507A (en) Object uploading method and device
CN112468611A (en) Application program starting method, terminal device and computer storage medium
CN110825373B (en) Mobile terminal dynamic method and device
JP2013122655A (en) Browser execution script conversion system and browser execution script conversion program
CN115811481A (en) Interactive service testing method and device, computer equipment and storage medium
CN113315829B (en) Client offline H5 page loading method and device, computer equipment and medium
Zhang et al. A webpage offloading framework for smart devices
CN108650257B (en) Security detection setting method and device based on website content and storage medium
US10367806B2 (en) Managing and securing manageable resources in stateless web server architecture using servlet filters
CN112000313A (en) Request response method, device, equipment and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant