CN107547487B - Method and device for preventing script attack - Google Patents
Method and device for preventing script attack Download PDFInfo
- Publication number
- CN107547487B CN107547487B CN201610497347.0A CN201610497347A CN107547487B CN 107547487 B CN107547487 B CN 107547487B CN 201610497347 A CN201610497347 A CN 201610497347A CN 107547487 B CN107547487 B CN 107547487B
- Authority
- CN
- China
- Prior art keywords
- node
- dynamic content
- filtering
- page
- event
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000013515 script Methods 0.000 title claims abstract description 60
- 238000000034 method Methods 0.000 title claims abstract description 43
- 238000001914 filtration Methods 0.000 claims abstract description 135
- 238000012545 processing Methods 0.000 claims abstract description 31
- 238000012544 monitoring process Methods 0.000 claims abstract description 21
- 230000001960 triggered effect Effects 0.000 claims description 9
- 230000008569 process Effects 0.000 claims description 7
- 238000013461 design Methods 0.000 abstract description 6
- 238000012795 verification Methods 0.000 abstract description 4
- 238000005516 engineering process Methods 0.000 description 9
- 230000007246 mechanism Effects 0.000 description 5
- 230000003068 static effect Effects 0.000 description 5
- 238000010276 construction Methods 0.000 description 3
- 238000010586 diagram Methods 0.000 description 3
- 230000008859 change Effects 0.000 description 2
- 239000003550 marker Substances 0.000 description 2
- 239000000126 substance Substances 0.000 description 2
- 241000700605 Viruses Species 0.000 description 1
- 230000009471 action Effects 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 238000003780 insertion Methods 0.000 description 1
- 230000037431 insertion Effects 0.000 description 1
- 238000013507 mapping Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000004044 response Effects 0.000 description 1
- 230000001052 transient effect Effects 0.000 description 1
Images
Landscapes
- Computer And Data Communications (AREA)
- Information Transfer Between Computers (AREA)
Abstract
The application discloses a method and a device for preventing script attack, wherein the method comprises the following steps: when a client loads a page, monitoring the dynamic content marked in the page; the client filters the monitored dynamic content to intercept scripting attacks. According to the technical scheme for preventing script attacks, security verification of user input contents is not depended on a website server, only security limitation is carried out on output contents displayed by a client after the user inputs the output contents, the whole filtering processing is realized at the client, filtering rules are dispersed in the client page body nodes and can be flexibly configured, the problem that the design of a Web browser is unsafe is solved, protection of script attacks is perfected, and meanwhile computing resources of the server are saved.
Description
Technical Field
The present application relates to computer technologies, and more particularly, to a method and an apparatus for preventing script attacks.
Background
The script attack means that an attacker utilizes a website program to filter the input of a user insufficiently and inputs a hypertext markup language (HTML) code which can be displayed on a page and influences other users; even further based on this, there is an attack of stealing user data, performing some action with the user identity, or performing virus attack on visitors. In brief, information is maliciously stolen from users by using website vulnerabilities.
The script attack is to inject illegal scripts such as Javascript and Vbscript into a webpage browsed by a user for execution, and in the related technology, a Web browser is only responsible for interpreting and executing scripting languages such as Javascript, but does not judge whether a code is harmful to the user, so that the design of the Web browser is unsafe.
In order to prevent the script attack, the website may analyze the content input by the user at the server or analyze the content input by the user before outputting the content to the page for presentation, so as to filter out malicious script codes.
The existing technology for filtering malicious script codes is mainly carried out at a server and seriously depends on the server for processing; the filtering technology of the existing client is too simple, the flexibility is not high, and the requirements under complex scenes are difficult to satisfy. That is, on one hand, if the filtering rule is not complete enough, it is easy for an attacker to bypass the security check mechanism, so that the purpose of protecting the script attack cannot be achieved; on the other hand, the processing mode of the server is relied on, which wastes the computing resources of the server.
Disclosure of Invention
In order to solve the technical problem, the application provides a method and a device for preventing script attacks, which can perfect protection on the script attacks and save computing resources of a server.
In order to achieve the object of the present application, the present application provides a method for preventing script attacks, comprising:
when a client loads a page, monitoring the dynamic content marked in the page;
the client filters the monitored dynamic content to intercept script attack;
the mark of the dynamic content is used for identifying the range of the dynamic content and the type of filtering processing of the dynamic content.
Optionally, before loading the page, the method further includes:
when responding to a page application request from the client, the server generates a page comprising at least one dynamic content and adds a mark to at least one dynamic content;
the mark of the dynamic content is used for identifying the range of the dynamic content and the type of filtering processing of the dynamic content.
Optionally, the method further comprises: corresponding to the filtering treatment of different types, the client is preset with corresponding filtering rules;
the client filtering the monitored dynamic content to intercept script attacks includes: and when the monitored dynamic content does not meet the corresponding filtering rule, intercepting the dynamic content.
Optionally, the monitored dynamic content flag indicates that the type of filtering processing is a node and its attribute type;
when the monitored dynamic content does not meet the corresponding filtering rule, intercepting the dynamic content specifically comprises:
when a node is inserted into the page document object tree, traversing from the inserted node to a father node in sequence to check whether the newly inserted node is the node meeting the filtering rule or whether the inserted page document object tree meets the range meeting the mark;
if not, removing the inserted node or converting the node content into a safe form and then outputting the node content; if so, the node is inserted normally.
Optionally, the monitored dynamic content is marked to indicate that the type of filtering processing is event;
when the monitored dynamic content does not meet the corresponding filtering rule, intercepting the dynamic content specifically comprises:
when an event is triggered in the page, traversing from the event source node to the father node in sequence to check whether a filtering rule exists or not;
if the legal filtering rule corresponding to the event is found, the event is released, and if the corresponding filtering rule is not found until the root node is found, the event is intercepted.
Optionally, the monitored dynamic content flag indicates that the type of filtering processing is a node and its attribute type; when the monitored dynamic content does not meet the corresponding filtering rule, intercepting the dynamic content specifically comprises:
when a node is inserted into the page document object tree, traversing from the inserted node to a father node in sequence to check whether the newly inserted node is the node meeting the filtering rule or whether the inserted page document object tree meets the range meeting the mark; if not, removing the inserted node or converting the node content into a safe form and then outputting the node content; if yes, the node is normally inserted;
the monitored dynamic content mark indicates that the type of filtering processing is an event; when the monitored dynamic content does not meet the corresponding filtering rule, intercepting the dynamic content specifically comprises:
when an event is triggered in the page, traversing from an event source node to a father node in sequence to check whether a legal filtering rule of the event exists in the filtering rules; if a legal filtering rule is found, the event is released, and if the corresponding filtering rule is not found until the root node is found, the event is intercepted.
Optionally, the method further comprises: and displaying the page after the filtering processing.
The application also provides a method for preventing script attack, which comprises the following steps:
the server receives a page application request from the client and generates a page comprising at least one piece of dynamic content;
at least one dynamic content in the server page is marked; the dynamic content mark is used for identifying the range of the dynamic content and the type of the dynamic content for filtering processing, so that the client can process the dynamic content.
The application further provides a device for preventing script attack, which is arranged at the client; comprises a monitoring module and a filtering module, wherein,
the monitoring module is used for monitoring the dynamic content marked in the page when the page is loaded;
the filtering module is used for filtering the monitored dynamic content to intercept script attacks;
the mark of the dynamic content is used for identifying the range of the dynamic content and the type of filtering processing of the dynamic content.
Optionally, the filter module is specifically configured to: corresponding filtering rules are preset corresponding to different types of filtering treatment; and intercepting the dynamic content when the monitored dynamic content does not meet the corresponding filtering rule.
Optionally, the filter module is specifically configured to:
when the monitored dynamic content mark indicates that the type of filtering processing is a node and the attribute type thereof, when a page document object tree inserts a node, traversing from the inserted node to a father node in sequence to check whether the newly inserted node meets the node of a legal rule or whether the inserted page document object tree meets the range which meets the mark; if not, removing the inserted node or converting the node content into a safe form and then outputting the node content; if yes, the node is normally inserted;
and/or the presence of a gas in the gas,
when the monitored dynamic content mark indicates that the type of filtering processing is an event, when the event is triggered in the page, traversing from the event source node to the father node in sequence to check whether the filtering rule has a legal filtering rule of the event; if a legal filtering rule is found, the event is released, and if the corresponding filtering rule is not found until the root node is found, the event is intercepted.
The scheme provided by the application comprises the following steps: when a client loads a page, monitoring the dynamic content marked in the page; the client filters the monitored dynamic content to intercept scripting attacks. According to the technical scheme for preventing script attacks, security verification of user input contents is not depended on a website server, only security limitation is carried out on output contents displayed by a client after the user inputs the output contents, the whole filtering processing is realized at the client, filtering rules are dispersed in the client page body nodes and can be flexibly configured, the problem that the design of a Web browser is unsafe is solved, protection of script attacks is perfected, and meanwhile computing resources of the server are saved.
Additional features and advantages of the application will be set forth in the description which follows, and in part will be obvious from the description, or may be learned by the practice of the application. The objectives and other advantages of the application may be realized and attained by the structure particularly pointed out in the written description and claims hereof as well as the appended drawings.
Drawings
The accompanying drawings are included to provide a further understanding of the claimed subject matter and are incorporated in and constitute a part of this specification, illustrate embodiments of the subject matter and together with the description serve to explain the principles of the subject matter and not to limit the subject matter.
FIG. 1 is a flow chart of a method for preventing script attacks according to the present application;
FIG. 2 is a schematic diagram of a component structure of the device for preventing script attacks according to the present application;
fig. 3 is a flowchart illustrating an embodiment of the method for preventing script attacks according to the present application.
Detailed Description
To make the objects, technical solutions and advantages of the present application more apparent, embodiments of the present application will be described in detail below with reference to the accompanying drawings. It should be noted that the embodiments and features of the embodiments in the present application may be arbitrarily combined with each other without conflict.
In one exemplary configuration of the present application, a computing device includes one or more processors (CPUs), input/output interfaces, a network interface, and memory.
The memory may include forms of volatile memory in a computer readable medium, Random Access Memory (RAM) and/or non-volatile memory, such as Read Only Memory (ROM) or flash memory (flash RAM). Memory is an example of a computer-readable medium.
Computer-readable media, including both non-transitory and non-transitory, removable and non-removable media, may implement information storage by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of computer storage media include, but are not limited to, phase change memory (PRAM), Static Random Access Memory (SRAM), Dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), Read Only Memory (ROM), Electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, compact disc read only memory (CD-ROM), Digital Versatile Discs (DVD) or other optical storage, magnetic cassettes, magnetic tape magnetic disk storage or other magnetic storage devices, or any other non-transmission medium that can be used to store information that can be accessed by a computing device. As defined herein, computer readable media does not include non-transitory computer readable media (transient media), such as modulated data signals and carrier waves.
The steps illustrated in the flow charts of the figures may be performed in a computer system such as a set of computer-executable instructions. Also, while a logical order is shown in the flow diagrams, in some cases, the steps shown or described may be performed in an order different than here.
Fig. 1 is a flowchart of a method for preventing a script attack according to the present application, as shown in fig. 1, including:
step 100: when the client loads the page, the client monitors the marked dynamic content in the page.
The page presentation portion at the client site is also referred to herein as the front end.
The dynamic content in the page has a mark for identifying the range of the dynamic content and the type of filtering the dynamic content.
In this step, when a page starts to be loaded, a control script of a cross-domain script intercepting mechanism is loaded preferentially at the head, and after the control script is loaded, dynamic changes of the page from loading to closing of the whole life cycle, such as construction of a document object node tree and/or events at all existing page nodes, can be monitored immediately. In the monitoring process, if the newly inserted node of the page object tree or the event source of the executed event is in the range of a certain dynamic content mark, the filtering operation is executed on the node content or the event according to the node contained in the mark and the attribute or the event rule thereof.
Taking a Web page structure as an example, the Web page structure generally includes two parts, namely a < head > < body >, and the head refers to the < head > part, so that after the head preferentially loads a control file, the control right of the whole page object tree can be obtained to control the subsequent change of the object tree.
The control script is a common script, can be directly output as script content at the head of a page, and can also be an independent script file introduced through a script tag.
The method also comprises the following steps: when the server side responds to the page application request, a complete markup language document (page) comprising at least one dynamic content is generated, and the page also comprises a static content; meanwhile, the server adds a mark to at least one of the dynamic contents, that is, adds a static mark to the beginning and the end of the parent node of the node output by the dynamic content generated by the user. On one hand, the tag is used for identifying the scope of the dynamic content, and on the other hand, the tag includes filtering type information of what type of filtering processing is subsequently performed on the dynamic content, such as a node and an attribute type thereof, and/or an event. Here, the dynamic content includes: dynamic content that may present a security risk is derived from user input through the client.
The dynamic content is added with marks according to actual needs. For dynamic content, some are generated by the server side and are not necessarily risk-free, for example, the publication time of a comment is dynamically generated by the server side, but no malicious content is embedded; if there is content derived from user input, there may be a risk, such as particular content of a comment. Therefore, the dynamic content added with the mark in the application is mainly the input content generated by the user. If a page is completely free of dynamic content from user input, no marking is required. The number of marks is greater than or equal to 0.
It should be noted that how the server generates a complete markup language document belongs to the well-known technology of those skilled in the art, and the specific implementation thereof is not used to limit the scope of the present application, and is not described herein again. Wherein, the dynamic content is: and according to the user environment and the requirement, the corresponding content can be output by the Web application program. Dynamic sites are threatened by XSS, while static sites are completely unaffected.
The implementation of the markup is described here by way of example only with reference to a simple page source code, but is not limited to this representation and implementation form, and is not intended to limit the scope of the present application.
Wherein, xss-default.js is a control script that must be loaded preferentially at the head of the page, the content displayed in h2 and dd tags is the display area of the content input by the user, the data-dynamic attribute in the tags is the dynamic content start range mark, the attribute content includes the dynamic content label (id part), the node and its attribute rule (content part of rule) and event rule (event part of rule), <! -data-dynamic: 1-is an end marker, the number in the end marker corresponding to the label of the dynamic content.
Step 101: the client filters the monitored dynamic content to intercept scripting attacks.
Corresponding filtering rules are preset corresponding to different types of filtering treatment. The mapping relation between the rule name and the corresponding filtering method and the specific implementation of the filtering method are specified in the filtering rule in advance. It should be emphasized that, in the present application, the whole filtering process is implemented at the client, and the filtering rules are dispersed in the specific nodes of the client page and can be flexibly configured, so that the problem of insecurity in the design of the Web browser itself is solved, and the protection against script attacks is perfected.
The method specifically comprises the following steps: and intercepting the dynamic content when the monitored dynamic content does not meet the corresponding filtering rule. Wherein the content of the first and second substances,
when the monitored dynamic content flag indicates that the type of filtering processing is a node and an attribute type thereof, and the monitored dynamic content does not satisfy the corresponding filtering rule, intercepting the dynamic content specifically includes:
when a node is inserted into the page document object tree, traversing from the inserted node to a father node in sequence to check whether the newly inserted node is a node meeting the filtering rule or whether the inserted page document object tree meets the range meeting the mark; if not, removing the inserted node or converting the node content into a safe form and then outputting the node content; if so, the node is inserted normally.
When the monitored dynamic content mark indicates that the type of the filtering processing is an event, and the monitored dynamic content does not meet the corresponding filtering rule, intercepting the dynamic content comprises the following steps:
when an event is triggered in the page, sequentially traversing from the event source node to the parent node to check whether configuration information of a filtering rule exists, such as a data-dynamic attribute in the code example of step 100; if a legal filtering rule is found in the event, releasing the event and exiting the traversal; and if the corresponding filtering rule is not found until the root node is found, intercepting the event.
Still taking the code example of step 100 as an example, the specific implementation example of step 101 is as follows:
in the dynamic content with id 1, the content rule is pure text (pure-text), and when a script node in the page loading process tries to be inserted below the h2 node, because the content does not meet the pure text rule, the content rule is removed or the label is output after being converted into the pure text. In the dynamic content with id 2, the content rule is bold-text (strong-text) and picture (img), when a b-tag node is inserted, the content rule is passed, but an onclick event in the b-tag is removed in each parent layer node due to a rule that the passed-up is not met, a child node br tag of the b-tag firstly searches for a parent node b-tag during insertion, no passing rule is found, when the img tag node is inserted, the event that the img rule exists in the parent layer node and is passed, and the event rule allows a click-type signature to be window.
In the step, the method for filtering illegal node contents by monitoring the document object node tree prevents interception script and document structure damage attack; the method for filtering the illegal script execution by monitoring the page event realizes intercepting the script; the method for filtering illegal node contents by monitoring the document object node tree and the method for filtering illegal script execution by monitoring page events completely realize the interception of the script.
The method of the present application further comprises: and displaying the filtered page.
It should be noted that, according to the corresponding technical specification of the Web client, the present application may be implemented by using HTML and Javascript at present. However, as technology advances, the present application may support other forms of implementation as well. Because the current implementation uses some of the features of the HTML5 specification, the best implementation is achieved in browser software that supports better HTML5 technology.
According to the technical scheme for preventing script attacks, security verification of user input contents is not depended on a website server, only security limitation is carried out on output contents displayed by a client after the user inputs the output contents, the whole filtering processing is realized at the client, filtering rules are dispersed in the client page body nodes and can be flexibly configured, the problem that the design of a Web browser is unsafe is solved, protection of script attacks is perfected, and meanwhile computing resources of the server are saved.
Fig. 2 is a schematic diagram of a component structure of the apparatus for preventing script attacks provided by the present application, which is disposed at a client, specifically, disposed in a client page source code and driven and executed by a browser, as shown in fig. 2, and includes at least a monitoring module and a filtering module, wherein,
the monitoring module is used for monitoring the dynamic content marked in the page when the page is loaded;
and the filtering module is used for filtering the monitored dynamic content to intercept point script attacks.
Wherein the content of the first and second substances,
the monitoring module is specifically configured to: when a Web page starts to be loaded, a control file of a cross-domain script intercepting mechanism is loaded at the head, and dynamic changes of the page from loading to closing in the whole life cycle, such as the construction of a document object node tree, and/or events of all existing page nodes and the like, can be monitored immediately after the control file is loaded. In the monitoring process, if the newly inserted node of the page object tree or the event source of the executed event is in the range of a certain dynamic content mark, the filtering operation is executed on the node content or the event according to the node contained in the mark and the attribute or the event rule thereof.
The filter module is specifically configured to: corresponding filtering rules are preset corresponding to different types of filtering treatment; and intercepting the dynamic content when the monitored dynamic content does not meet the corresponding filtering rule. More specifically, the present invention is to provide a novel,
when the monitored dynamic content mark indicates that the type of filtering processing is a node and the attribute type thereof, when a page document object tree inserts a node, traversing from the inserted node to a father node in sequence so as to check whether the newly inserted node meets the node of a legal rule or whether the inserted page document object tree meets the range meeting the mark; if not, removing the inserted node or converting the node content into a safe form and then outputting the node content; if yes, the node is normally inserted; and/or the presence of a gas in the gas,
when the monitored dynamic content mark indicates that the type of filtering processing is an event, when the event is triggered in the page, traversing from the event source node to the father node in sequence to check whether a legal rule of the event exists; if a legal filtering rule is found, the event is released, and if the corresponding filtering rule is not found until the root node is found, the event is intercepted.
The device of the present application further includes a display module (not shown in fig. 2) for displaying the filtered page.
According to the technical scheme for preventing script attacks, the device is arranged at the client, safety verification is carried out on input contents of a user without depending on a website server, safety limitation is carried out on output contents displayed by the client after the input of the user only depending on the client, the whole filtering process is realized at the client, the filtering rules are dispersed in page body nodes of the client and can be flexibly configured, the problem that the design of a Web browser is unsafe is solved, protection on script attacks is perfected, and meanwhile computing resources of the server are saved.
Fig. 3 is a flowchart illustrating an embodiment of the method for preventing a script attack according to the present application, and in the embodiment, a Cross Site script attack (XSS) in the script attack is taken as an example for detailed description. It is assumed that in the page returned by the server response, a static flag is already added to the beginning and end of the parent node of the node output by the dynamic content generated by the user, where the flag includes filtering type information of what type of filtering processing is subsequently performed on the dynamic content, such as node type, and/or event. In this embodiment, assuming that the monitored types include node and attribute types thereof, and event, as shown in fig. 3, the processing for the client includes the following steps:
step 300: when a Web page starts to be loaded, a control file of a cross-domain script intercepting mechanism is loaded at the head, the construction of a document object node tree is monitored immediately after the control file is loaded, and events of all existing page nodes are monitored at a root node.
Step 301: the type of filtering process is determined. In this embodiment, it is assumed that there are two scenarios of script execution that may pose cross-site risks, and that will be subject to filtering checks by the interception mechanism. When the type of the filtering processing is determined to be the node type, the step 3021 is entered; when it is determined that the type of filtering processing is an event, step 3022 is entered.
Step 3041: the node is inserted normally. The flow is ended.
Step 3051: and removing the inserted node or converting the node content into a safe form and outputting. The flow is ended.
Step 3042: the event is cleared. The flow is ended.
Step 3052: the event is intercepted. The flow is ended.
The present application further provides an apparatus for preventing scripting attacks, comprising at least a memory and a processor, wherein,
the memory has stored therein the following executable instructions: monitoring the marked dynamic content when the page is loaded; and filtering the monitored dynamic content to intercept script attacks.
The processor is configured to execute executable instructions stored in the memory.
It will be appreciated by those skilled in the art that the components of the apparatus and steps of the method provided in the embodiments of the present application described above may be centralized on a single computing device or distributed across a network of multiple computing devices. Alternatively, they may be implemented in program code executable by a computing device. Thus, they may be stored in a memory device for execution by a computing device, or they may be separately fabricated as individual integrated circuit modules, or multiple modules or steps thereof may be fabricated as a single integrated circuit module for implementation. Thus, the present application is not limited to any specific combination of hardware and software.
Although the embodiments disclosed in the present application are described above, the descriptions are only for the convenience of understanding the present application, and are not intended to limit the present application. It will be understood by those skilled in the art that various changes in form and details may be made therein without departing from the spirit and scope of the disclosure as defined by the appended claims.
Claims (11)
1. A method of preventing scripting attacks, comprising:
when a client loads a page, monitoring the dynamic content marked in the page;
the client filters the monitored dynamic content to intercept script attack;
the mark of the dynamic content is used for identifying the range of the dynamic content and the type of filtering the dynamic content;
and corresponding filtering rules are preset in the client side corresponding to different types of filtering processing.
2. The method of claim 1, wherein loading the page is preceded by:
and when responding to a page application request from the client, the server generates a page comprising at least one dynamic content and adds a mark to at least one dynamic content.
3. The method according to claim 1 or 2, characterized in that the method further comprises: the client filtering the monitored dynamic content to intercept script attacks includes: and when the monitored dynamic content does not meet the corresponding filtering rule, intercepting the dynamic content.
4. The method of claim 3, wherein the monitored indicia of dynamic content indicates the type of filtering being performed as a node and its attribute type;
when the monitored dynamic content does not meet the corresponding filtering rule, intercepting the dynamic content specifically comprises:
when a node is inserted into the page document object tree, traversing from the inserted node to a father node in sequence to check whether the newly inserted node is the node meeting the filtering rule or whether the inserted page document object tree meets the range meeting the mark;
if not, removing the inserted node or converting the node content into a safe form and then outputting the node content; if so, the node is inserted normally.
5. The method of claim 3, wherein the monitored indicia of dynamic content indicates that the type of filtering process is an event;
when the monitored dynamic content does not meet the corresponding filtering rule, intercepting the dynamic content specifically comprises:
when an event is triggered in the page, traversing from the event source node to the father node in sequence to check whether a filtering rule exists or not;
if the legal filtering rule corresponding to the event is found, the event is released, and if the corresponding filtering rule is not found until the root node is found, the event is intercepted.
6. The method of claim 3, wherein the monitored indicia of dynamic content indicates the type of filtering being performed as a node and its attribute type; when the monitored dynamic content does not meet the corresponding filtering rule, intercepting the dynamic content specifically comprises:
when a node is inserted into the page document object tree, traversing from the inserted node to a father node in sequence to check whether the newly inserted node is the node meeting the filtering rule or whether the inserted page document object tree meets the range meeting the mark; if not, removing the inserted node or converting the node content into a safe form and then outputting the node content; if yes, the node is normally inserted;
the monitored dynamic content mark indicates that the type of filtering processing is an event; when the monitored dynamic content does not meet the corresponding filtering rule, intercepting the dynamic content specifically comprises:
when an event is triggered in the page, traversing from an event source node to a father node in sequence to check whether a legal filtering rule of the event exists in the filtering rules; if a legal filtering rule is found, the event is released, and if the corresponding filtering rule is not found until the root node is found, the event is intercepted.
7. The method according to claim 1 or 2, characterized in that the method is followed by: and displaying the page after the filtering processing.
8. A method of preventing scripting attacks, comprising:
the server receives a page application request from the client and generates a page comprising at least one dynamic content;
at least one dynamic content in the server page is marked; the dynamic content mark is used for identifying the range of the dynamic content and the type of the dynamic content for filtering, so that the client can process the dynamic content according to preset filtering rules corresponding to different types of filtering.
9. An apparatus for preventing script attack is characterized in that the apparatus is arranged at a client; comprises a monitoring module and a filtering module, wherein,
the monitoring module is used for monitoring the dynamic content marked in the page when the page is loaded;
the filtering module is used for filtering the monitored dynamic content to intercept script attacks;
the filtration module is specifically configured to: corresponding filtering rules are preset corresponding to different types of filtering treatment;
the mark of the dynamic content is used for identifying the range of the dynamic content and the type of filtering processing of the dynamic content.
10. The apparatus of claim 9, wherein the filtering module is further configured to: and intercepting the dynamic content when the monitored dynamic content does not meet the corresponding filtering rule.
11. The apparatus of claim 10, wherein the filtration module is specifically configured to:
when the monitored dynamic content mark indicates that the type of filtering processing is a node and the attribute type thereof, when a page document object tree inserts a node, traversing from the inserted node to a father node in sequence to check whether the newly inserted node meets the node of a legal rule or whether the inserted page document object tree meets the range which meets the mark; if not, removing the inserted node or converting the node content into a safe form and then outputting the node content; if yes, the node is normally inserted;
and/or the presence of a gas in the gas,
when the monitored dynamic content mark indicates that the type of filtering processing is an event, when the event is triggered in the page, traversing from the event source node to the father node in sequence to check whether the filtering rule has a legal filtering rule of the event; if a legal filtering rule is found, the event is released, and if the corresponding filtering rule is not found until the root node is found, the event is intercepted.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610497347.0A CN107547487B (en) | 2016-06-29 | 2016-06-29 | Method and device for preventing script attack |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610497347.0A CN107547487B (en) | 2016-06-29 | 2016-06-29 | Method and device for preventing script attack |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN107547487A CN107547487A (en) | 2018-01-05 |
| CN107547487B true CN107547487B (en) | 2020-11-24 |
Family
ID=60965679
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201610497347.0A Active CN107547487B (en) | 2016-06-29 | 2016-06-29 | Method and device for preventing script attack |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN107547487B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109040097A (en) * | 2018-08-23 | 2018-12-18 | 彩讯科技股份有限公司 | A kind of defence method of cross-site scripting attack, device, equipment and storage medium |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103092880A (en) * | 2011-10-31 | 2013-05-08 | 国际商业机器公司 | Method and system for marking raw data generated by objects in Internet of things |
| CN105100084A (en) * | 2015-07-07 | 2015-11-25 | 中国科学院计算技术研究所 | Method and system for preventing cross-site request forgery attack |
Family Cites Families (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20090119769A1 (en) * | 2007-11-05 | 2009-05-07 | Microsoft Corporation | Cross-site scripting filter |
| DE102008024104A1 (en) * | 2008-05-17 | 2010-05-27 | Robert Bosch Gmbh | A material mark sensor and method for detecting a mark on or in a material |
| US10375107B2 (en) * | 2010-07-22 | 2019-08-06 | International Business Machines Corporation | Method and apparatus for dynamic content marking to facilitate context-aware output escaping |
| US20150082424A1 (en) * | 2013-09-19 | 2015-03-19 | Jayant Shukla | Active Web Content Whitelisting |
| CN105592017B (en) * | 2014-10-30 | 2019-03-29 | 阿里巴巴集团控股有限公司 | The defence method and system of cross-site scripting attack |
-
2016
- 2016-06-29 CN CN201610497347.0A patent/CN107547487B/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103092880A (en) * | 2011-10-31 | 2013-05-08 | 国际商业机器公司 | Method and system for marking raw data generated by objects in Internet of things |
| CN105100084A (en) * | 2015-07-07 | 2015-11-25 | 中国科学院计算技术研究所 | Method and system for preventing cross-site request forgery attack |
Also Published As
| Publication number | Publication date |
|---|---|
| CN107547487A (en) | 2018-01-05 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10728274B2 (en) | Method and system for injecting javascript into a web page | |
| US10678910B2 (en) | Modifying web page code to include code to protect output | |
| Gupta et al. | XSS-SAFE: a server-side approach to detect and mitigate cross-site scripting (XSS) attacks in JavaScript code | |
| US20140173736A1 (en) | Method and system for detecting webpage Trojan embedded | |
| DE112011101831B4 (en) | Protection against cross-website scripting attacks | |
| US10333972B2 (en) | Method and apparatus for detecting hidden content of web page | |
| US20110307951A1 (en) | System and method for blocking the transmission of sensitive data using dynamic data tainting | |
| US20130185350A1 (en) | Instructing web clients to ignore scripts in specified portions of web pages | |
| US10372899B2 (en) | Method and apparatus for context-aware output escaping using dynamic content marking | |
| CN107147645B (en) | Method and device for acquiring network security data | |
| Heiderich et al. | Dompurify: Client-side protection against xss and markup injection | |
| CN110210231B (en) | Security protection method, system, equipment and computer readable storage medium | |
| Van Acker et al. | Monkey-in-the-browser: malware and vulnerabilities in augmented browsing script markets | |
| CN109218296B (en) | XSS (XSS) defense system and method based on improved CSP (chip size service) strategy | |
| CN107180194B (en) | Method and device for vulnerability detection based on visual analysis system | |
| US20150046787A1 (en) | Url tagging based on user behavior | |
| CN107547487B (en) | Method and device for preventing script attack | |
| CN103577188B (en) | The method and device of defence cross-site scripting attack | |
| US9058493B1 (en) | System, method, and computer program for conditionally implementing protected content | |
| US20160335232A1 (en) | Remote script execution for secure and private browsing | |
| CN107103242B (en) | Data acquisition method and device | |
| Hubczyk et al. | Local and remote file inclusion | |
| CN108512818B (en) | Method and device for detecting vulnerability | |
| Vikne et al. | Client-Side XSS Filtering in Firefox | |
| CN115065534B (en) | Dynamic script attack interception method and device, electronic equipment and readable storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20240131 Address after: # 01-21, Lai Zan Da Building 1, 51 Belarusian Road, Singapore Patentee after: Alibaba Singapore Holdings Ltd. Country or region after: Singapore Address before: A four-storey 847 mailbox in Grand Cayman Capital Building, British Cayman Islands Patentee before: ALIBABA GROUP HOLDING Ltd. Country or region before: United Kingdom |
|
| TR01 | Transfer of patent right |