CN107301345A - 一种阻止xss攻击的方法、系统及装置 - Google Patents
一种阻止xss攻击的方法、系统及装置 Download PDFInfo
- Publication number
- CN107301345A CN107301345A CN201710416624.5A CN201710416624A CN107301345A CN 107301345 A CN107301345 A CN 107301345A CN 201710416624 A CN201710416624 A CN 201710416624A CN 107301345 A CN107301345 A CN 107301345A
- Authority
- CN
- China
- Prior art keywords
- page data
- attack
- attack protection
- browser
- javascript
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/52—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
- G06F21/54—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by adding security routines or objects to programs
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1466—Active attacks involving interception, injection, modification, spoofing of data unit addresses, e.g. hijacking, packet injection or TCP sequence number attacks
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computing Systems (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Computer And Data Communications (AREA)
Abstract
Description
Claims (10)
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710416624.5A CN107301345B (zh) | 2017-06-06 | 2017-06-06 | 一种阻止xss攻击的方法、系统及装置 |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710416624.5A CN107301345B (zh) | 2017-06-06 | 2017-06-06 | 一种阻止xss攻击的方法、系统及装置 |
Publications (2)
Publication Number | Publication Date |
---|---|
CN107301345A true CN107301345A (zh) | 2017-10-27 |
CN107301345B CN107301345B (zh) | 2019-12-06 |
Family
ID=60134690
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201710416624.5A Active CN107301345B (zh) | 2017-06-06 | 2017-06-06 | 一种阻止xss攻击的方法、系统及装置 |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN107301345B (zh) |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108769081A (zh) * | 2018-07-11 | 2018-11-06 | 中国人民解放军国防科技大学 | 一种检测xss攻击的方法、装置及计算机可读存储介质 |
US10366655B1 (en) | 2017-08-23 | 2019-07-30 | Shenzhen China Star Optoelectronics Semiconductor Display Technology Co., Ltd. | Pixel driver circuit and driving method thereof |
CN115221529A (zh) * | 2022-09-14 | 2022-10-21 | 杭州天谷信息科技有限公司 | 一种前端网页的异常注入方法以及系统 |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20130185350A1 (en) * | 2012-01-12 | 2013-07-18 | International Business Machines Corporation | Instructing web clients to ignore scripts in specified portions of web pages |
WO2015142697A1 (en) * | 2014-03-15 | 2015-09-24 | Belva Kenneth F | Methods for determining cross-site scripting and related vulnerabilities in applications |
CN105282096A (zh) * | 2014-06-18 | 2016-01-27 | 腾讯科技(深圳)有限公司 | Xss 漏洞检测方法和装置 |
CN105512559A (zh) * | 2014-10-17 | 2016-04-20 | 阿里巴巴集团控股有限公司 | 一种用于提供访问页面的方法与设备 |
CN106357668A (zh) * | 2016-10-14 | 2017-01-25 | 福建亿榕信息技术有限公司 | 预防xss攻击的方法 |
-
2017
- 2017-06-06 CN CN201710416624.5A patent/CN107301345B/zh active Active
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20130185350A1 (en) * | 2012-01-12 | 2013-07-18 | International Business Machines Corporation | Instructing web clients to ignore scripts in specified portions of web pages |
WO2015142697A1 (en) * | 2014-03-15 | 2015-09-24 | Belva Kenneth F | Methods for determining cross-site scripting and related vulnerabilities in applications |
CN105282096A (zh) * | 2014-06-18 | 2016-01-27 | 腾讯科技(深圳)有限公司 | Xss 漏洞检测方法和装置 |
CN105512559A (zh) * | 2014-10-17 | 2016-04-20 | 阿里巴巴集团控股有限公司 | 一种用于提供访问页面的方法与设备 |
CN106357668A (zh) * | 2016-10-14 | 2017-01-25 | 福建亿榕信息技术有限公司 | 预防xss攻击的方法 |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US10366655B1 (en) | 2017-08-23 | 2019-07-30 | Shenzhen China Star Optoelectronics Semiconductor Display Technology Co., Ltd. | Pixel driver circuit and driving method thereof |
CN108769081A (zh) * | 2018-07-11 | 2018-11-06 | 中国人民解放军国防科技大学 | 一种检测xss攻击的方法、装置及计算机可读存储介质 |
CN115221529A (zh) * | 2022-09-14 | 2022-10-21 | 杭州天谷信息科技有限公司 | 一种前端网页的异常注入方法以及系统 |
Also Published As
Publication number | Publication date |
---|---|
CN107301345B (zh) | 2019-12-06 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US10841335B1 (en) | Detecting malicious code received from malicious client side injection vectors | |
US8898738B2 (en) | Apparatus, system and method for accessing internet webpage | |
KR101757697B1 (ko) | 실행 가능 텍스트를 갖는 문서의 표시 장치 및 방법 | |
EP2558973B1 (en) | Streaming insertion of tokens into content to protect against csrf | |
US20200356661A1 (en) | Detecting malicious code received from malicious client side injection vectors | |
US9813429B2 (en) | Method for secure web browsing | |
US10614213B1 (en) | Detecting malicious code existing in internet advertisements by ongoing sandbox monitoring | |
Tang et al. | Fortifying web-based applications automatically | |
US9009821B2 (en) | Injection attack mitigation using context sensitive encoding of injected input | |
US8413236B1 (en) | Clickjacking protection | |
CN106161617A (zh) | 基于nodejs的反向代理方法、反向代理服务器及系统 | |
CN104468546B (zh) | 一种网络信息处理方法及防火墙装置、系统 | |
US8931084B1 (en) | Methods and systems for scripting defense | |
CN107301345A (zh) | 一种阻止xss攻击的方法、系统及装置 | |
US10642980B1 (en) | Detecting cross-origin malicious code existing in internet advertisements | |
US10972507B2 (en) | Content policy based notification of application users about malicious browser plugins | |
JP2014534498A (ja) | JavaScriptを保護する装置、方法及びコンピューター可読性記憶媒体 | |
EP3518135B1 (en) | Protection against third party javascript vulnerabilities | |
CN103648049B (zh) | 一种实现安全播放视频的方法和装置 | |
Zhou et al. | Protecting private web content from embedded scripts | |
CN114357457A (zh) | 漏洞检测方法、装置、电子设备和存储介质 | |
US11128639B2 (en) | Dynamic injection or modification of headers to provide intelligence | |
CN112287349A (zh) | 安全漏洞检测方法及服务端 | |
CN105072109A (zh) | 防止跨站脚本攻击的方法及系统 | |
CN103457942B (zh) | 一种对系统文件进行处理的方法及装置 |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant | ||
EE01 | Entry into force of recordation of patent licensing contract | ||
EE01 | Entry into force of recordation of patent licensing contract |
Application publication date: 20171027 Assignee: XINGCHAO SHANYAO MOBILE NETWORK TECHNOLOGY (CHINA) Co.,Ltd. Assignor: SINA.COM TECHNOLOGY (CHINA) Co.,Ltd. Contract record no.: X2021980003903 Denomination of invention: A method, system and device for preventing XSS attack Granted publication date: 20191206 License type: Common License Record date: 20210524 |
|
TR01 | Transfer of patent right | ||
TR01 | Transfer of patent right |
Effective date of registration: 20230427 Address after: Room 501-502, 5/F, Sina Headquarters Scientific Research Building, Block N-1 and N-2, Zhongguancun Software Park, Dongbei Wangxi Road, Haidian District, Beijing, 100193 Patentee after: Sina Technology (China) Co.,Ltd. Address before: 100193 7th floor, scientific research building, Sina headquarters, plot n-1, n-2, Zhongguancun Software Park, Dongbei Wangxi Road, Haidian District, Beijing, 100193 Patentee before: Sina.com Technology (China) Co.,Ltd. |