CN112836186A - Page control method and device - Google Patents
Page control method and device Download PDFInfo
- Publication number
- CN112836186A CN112836186A CN201911153933.3A CN201911153933A CN112836186A CN 112836186 A CN112836186 A CN 112836186A CN 201911153933 A CN201911153933 A CN 201911153933A CN 112836186 A CN112836186 A CN 112836186A
- Authority
- CN
- China
- Prior art keywords
- page
- target
- target page
- password
- url
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/90—Details of database functions independent of the retrieved data types
- G06F16/95—Retrieval from the web
- G06F16/955—Retrieval from the web using information identifiers, e.g. uniform resource locators [URL]
- G06F16/9566—URL specific, e.g. using aliases, detecting broken or misspelled links
Abstract
The invention provides a page control method and a device; the method comprises the following steps: receiving an opening instruction of a target page corresponding to a target Uniform Resource Locator (URL), wherein the opening instruction is triggered by an application client based on page operation in a presented page; responding to the opening instruction, and acquiring page data corresponding to the target page; performing page rendering based on the page data to present the target page; detecting a password input box of a target type based on the target page to obtain a first detection result; when the first detection result represents that a password input box of a target type exists in a target page, sending a notification carrying a target URL to an application client; and the notification is used for the application client to carry out security verification on the target page based on the target URL and carry out security control on the target page when a verification result represents that the target page has risks. By the method and the device, safety guarantee can be provided for the user account in time.
Description
Technical Field
The invention relates to the technical field of information security and block chaining, in particular to a page control method and device.
Background
At present, many websites or application programs require a user to input a user name and a password for logging in, if the input user name and password are correct, the website or application program responds to a login request of the user and allows the user to log in to provide corresponding services, and if the user name and password of the user are easily leaked due to factors such as subjective maliciousness of the website or application program or utilization of a hacker, a great threat is formed on data security of the user. The related technology mainly depends on the report of related users, however, the password leakage period is long when the method is adopted, and the loss of user accounts cannot be avoided in time.
Disclosure of Invention
The embodiment of the invention provides a page control method and device, which can find risks existing in a webpage in time and provide security guarantee for a user account.
The embodiment of the invention provides a page control method, which comprises the following steps:
receiving an opening instruction of a target page corresponding to a target Uniform Resource Locator (URL), wherein the opening instruction is triggered by an application client based on page operation in a presented page;
responding to the opening instruction, and acquiring page data corresponding to the target page;
performing page rendering based on the page data to present the target page;
detecting a password input box of a target type based on the target page to obtain a first detection result;
when the first detection result represents that a target type password input box exists in the target page, sending a notification carrying the target URL to the application client;
and the notification is used for the application client to carry out security verification on the target page based on the target URL and carry out security control on the target page when a verification result represents that the target page has risks.
An embodiment of the present invention provides a page control apparatus, including:
the system comprises a receiving module, a processing module and a display module, wherein the receiving module is used for receiving an opening instruction of a target page corresponding to a target Uniform Resource Locator (URL), and the opening instruction is triggered by an application client based on page operation in a presented page;
the acquisition module is used for responding to the opening instruction and acquiring page data corresponding to the target page;
the rendering module is used for rendering a page based on the page data so as to present the target page;
the detection module is used for detecting the password input box of the target type based on the target page to obtain a detection result;
the sending module is used for sending a notification carrying the target URL to the application client when the detection result represents that the target type password input box exists in the target page;
and the notification is used for the application client to carry out security verification on the target page based on the target URL and carry out security control on the target page when a verification result represents that the target page has risks.
In the above scheme, the detection module is further configured to perform, based on the target page, detection on a webpage password box element of the page data to obtain a second detection result;
and when the second detection result represents that the webpage password frame elements exist in the page data, determining that the password input frame of the corresponding type exists in the page data.
In the above solution, the detection module is further configured to determine, in response to a received password input event for the password input box, a response element responding to the password input event;
and when the response element is a webpage password frame element, determining that a password input frame of a corresponding type exists in the page data.
In the above solution, the apparatus further includes a matching module, where the matching module is configured to perform security check on the target page by matching the target URL with a URL in a white list;
and when the target URL is not in the white list, sending a notice carrying the target URL to the application client.
In the above scheme, the apparatus further includes a control module, where the control module is configured to receive a control instruction sent by the application client when determining that the target page has a risk;
in response to the control instruction, intercepting the password input event when the password input event for the password input box is received.
In the above scheme, the control module is further configured to receive a control instruction sent by the application client when determining that the target page has a risk;
and closing the target page or sending prompt information for prompting that the target page has risks based on the control instruction.
In the above scheme, the rendering module is further configured to construct a corresponding document object model tree based on the page data;
analyzing the cascading style sheet file, and constructing a corresponding cascading style sheet object model tree;
merging the document object model tree and the cascading style sheet object model tree to construct a corresponding rendering tree;
and laying out and drawing the rendering tree to present the target page.
In the foregoing solution, the apparatus further includes a storage module, where the storage module is configured to store the detection result of the target page to a blockchain network.
An embodiment of the present invention provides an electronic device, including:
a memory for storing executable instructions;
and the processor is used for realizing the page control method provided by the embodiment of the invention when the executable instruction stored in the memory is executed.
The embodiment of the invention provides a storage medium, which stores executable instructions and is used for causing a processor to execute so as to realize the page control method provided by the embodiment of the invention.
The embodiment of the invention has the following beneficial effects:
when actively identifying a webpage password frame element in a target page through a browser kernel, sending a notification carrying a URL of the target page to an application client, enabling the application client to carry out security verification on the target page based on the URL, and carrying out security control on the target page when a verification result represents that the target page has a risk; therefore, when the password input frame of the target type is detected, whether the target page has risks or not is checked, and when the target page has risks, the target page is subjected to safety control, so that the user does not respond when inputting the password in the password input frame, the action of continuously inputting the password by the user is prevented in real time, continuous infringement of the target page with the risks to privacy information such as an account number and the password of the user is avoided, safety guarantee is timely provided for the account number and the password of the user, and the user can be relieved when visiting the webpage.
Drawings
Fig. 1 is an alternative architecture diagram of a page control system according to an embodiment of the present invention;
fig. 2 is an alternative structural schematic diagram of an electronic device according to an embodiment of the present invention;
fig. 3 is an optional flowchart of a page control method according to an embodiment of the present invention;
FIG. 4 is an alternative architecture diagram of a page control system according to an embodiment of the present invention;
FIG. 5 is a schematic diagram of an interface for presenting prompt information according to an embodiment of the present disclosure;
fig. 6 is a schematic diagram of an application architecture of a blockchain network according to an embodiment of the present invention;
fig. 7 is a schematic structural diagram of a blockchain in a blockchain network according to an embodiment of the present invention;
fig. 8 is a functional architecture diagram of a blockchain network according to an embodiment of the present invention;
fig. 9 is an alternative flowchart of a page control method according to an embodiment of the present invention;
fig. 10 is an alternative flowchart of a page control method according to an embodiment of the present invention;
FIG. 11 is an alternative architecture diagram of a page control system according to an embodiment of the present invention;
FIG. 12 is a schematic view of an alternative flow chart of a page control method according to an embodiment of the present invention;
fig. 13 is an alternative structural diagram of a page control device according to an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention clearer, the present invention will be further described in detail with reference to the accompanying drawings, the described embodiments should not be construed as limiting the present invention, and all other embodiments obtained by a person of ordinary skill in the art without creative efforts shall fall within the protection scope of the present invention.
In the following description, reference is made to "some embodiments" which describe a subset of all possible embodiments, but it is understood that "some embodiments" may be the same subset or different subsets of all possible embodiments, and may be combined with each other without conflict.
In the description that follows, references to the terms "first", "second", and the like, are intended only to distinguish between similar objects and not to indicate a particular ordering for the objects, it being understood that "first", "second", and the like may be interchanged under certain circumstances or sequences of events to enable embodiments of the invention described herein to be practiced in other than the order illustrated or described herein.
Unless defined otherwise, all technical and scientific terms used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this invention belongs. The terminology used herein is for the purpose of describing embodiments of the invention only and is not intended to be limiting of the invention.
Before further detailed description of the embodiments of the present invention, terms and expressions mentioned in the embodiments of the present invention are explained, and the terms and expressions mentioned in the embodiments of the present invention are applied to the following explanations.
1) The client side, and the application program running in the terminal for providing various services, such as an instant messaging client side and a live broadcast client side.
2) In response to the condition or state on which the performed operation depends, one or more of the performed operations may be in real-time or may have a set delay when the dependent condition or state is satisfied; there is no restriction on the order of execution of the operations performed unless otherwise specified.
3) And stealing the link, wherein the webpage content is a website for stealing the account number and the password.
4) And inputting an event, wherein the virtual keyboard and the physical keyboard perform password input action, so that the characters of the operating system are input into the webpage.
5) Transactions (transactions), equivalent to the computer term "Transaction," include operations that need to be committed to a blockchain network for execution and do not refer solely to transactions in the context of commerce, which embodiments of the present invention follow in view of the convention colloquially used in blockchain technology.
For example, a deployment (deployment) transaction is used to install a specified smart contract to a node in a blockchain network and is ready to be invoked; the Invoke (Invoke) transaction is used to append records of the transaction in the blockchain by invoking the smart contract and to perform operations on the state database of the blockchain, including update operations (including adding, deleting, and modifying key-value pairs in the state database) and query operations (i.e., querying key-value pairs in the state database).
6) A Block chain (Blockchain) is a storage structure for encrypted, chained transactions formed from blocks (blocks).
7) A Blockchain Network (Blockchain Network) incorporates new blocks into a set of nodes of a Blockchain in a consensus manner.
8) Ledger (legger) is a general term for blockchains (also called Ledger data) and state databases synchronized with blockchains. Wherein, the blockchain records the transaction in the form of a file in a file system; the state database records the transactions in the blockchain in the form of different types of Key (Key) Value pairs for supporting fast query of the transactions in the blockchain.
9) Intelligent Contracts (Smart Contracts), also known as chain codes (chaincodes) or application codes, are programs deployed in nodes of a blockchain network, and the nodes execute the intelligent Contracts called in received transactions to perform operations of updating or querying key-value data of a state database.
10) Consensus (Consensus), a process in a blockchain network, is used to agree on transactions in a block among a plurality of nodes involved, the agreed block is to be appended to the end of the blockchain, and the mechanisms for achieving Consensus include Proof of workload (PoW, Proof of Work), Proof of rights and interests (PoS, Proof of equity (DPoS), Proof of granted of shares (DPoS), Proof of Elapsed Time (PoET, Proof of Elapsed Time), and so on.
Referring to fig. 1, fig. 1 is an optional architecture diagram of a page control system 100 according to an embodiment of the present invention, in order to support an exemplary application, an application client, such as a QQ client, a wechat client, and the like, is disposed on a user terminal 400, and the application client may invoke a browser kernel 200 in-line or through an interface; the user terminal 400 is connected to the background server 500 through the network 300, wherein the network 300 may be a wide area network or a local area network, or a combination of the two, and the data transmission is realized by using a wireless link.
As shown in fig. 1, a user opens an application client of a user terminal 400, opens a target page through a browser kernel 200, that is, the browser kernel 200 is configured to receive an open instruction of the target page corresponding to a target URL, and in response to the open instruction, obtains page data corresponding to the target page; rendering the page based on the page data to present a target page; detecting a password input box of a target type based on the target page to obtain a first detection result; when the first detection result represents that the password input box of the target type exists in the target page, sending a notification carrying the target URL to an application client on the terminal 400; and the notification is used for the application client to carry out security verification on the target page based on the target URL and carry out security control on the target page when the verification result represents that the target page has risks.
More specifically, the application client on the terminal 400 sends a notification of the target URL to the background server 500, the background server 500 performs security check on the target page based on the target URL, and sends a check result to the terminal 400, when the check result indicates that the target page is risky, the application client on the terminal 400 calls the browser kernel 200, disables an input event of the current password input box, and enables the user to have no response when the user inputs the password in the password input box.
Referring to fig. 2, fig. 2 is a schematic diagram of an optional structure of an electronic device 200 according to an embodiment of the present invention, taking the electronic device as an example of a browser kernel 200, where the electronic device 200 shown in fig. 2 includes: at least one processor 210, memory 250, at least one network interface 220, and a user interface 230. The various components in terminal 200 are coupled together by a bus system 240. It will be appreciated that the bus system 250 is used to enable communications among the components. The bus system 240 includes a power bus, a control bus, and a status signal bus in addition to a data bus. For clarity of illustration, however, the various buses are labeled as bus system 240 in fig. 2.
The Processor 210 may be an integrated circuit chip having Signal processing capabilities, such as a general purpose Processor, a Digital Signal Processor (DSP), or other programmable logic device, discrete gate or transistor logic device, discrete hardware components, or the like, wherein the general purpose Processor may be a microprocessor or any conventional Processor, or the like.
The user interface 230 includes one or more output devices 231, including one or more speakers and/or one or more visual display screens, that enable the presentation of media content. The user interface 230 also includes one or more input devices 232, including user interface components that facilitate user input, such as a keyboard, mouse, microphone, touch screen display, camera, other input buttons and controls.
The memory 250 may be removable, non-removable, or a combination thereof. Exemplary hardware devices include solid state memory, hard disk drives, optical disk drives, and the like. Memory 250 optionally includes one or more storage devices physically located remotely from processor 210.
The memory 250 includes volatile memory or nonvolatile memory, and may include both volatile and nonvolatile memory. The nonvolatile memory may be a Read Only Memory (ROM), and the volatile memory may be a Random Access Memory (RAM). The memory 250 described in embodiments of the invention is intended to comprise any suitable type of memory.
In some embodiments, memory 250 is capable of storing data, examples of which include programs, modules, and data structures, or a subset or superset thereof, to support various operations, as exemplified below.
An operating system 251 including system programs for processing various basic system services and performing hardware-related tasks, such as a framework layer, a core library layer, a driver layer, etc., for implementing various basic services and processing hardware-based tasks;
a network communication module 252 for communicating to other computing devices via one or more (wired or wireless) network interfaces 220, an exemplary network interface 420 comprising: bluetooth, wireless compatibility authentication (WiFi), and Universal Serial Bus (USB), etc.;
a presentation module 253 to enable presentation of information (e.g., a user interface for operating peripherals and displaying content and information) via one or more output devices 231 (e.g., a display screen, speakers, etc.) associated with the user interface 230;
an input processing module 254 for detecting one or more user inputs or interactions from one of the one or more input devices 232 and translating the detected inputs or interactions.
In some embodiments, the page control device provided by the embodiments of the present invention may be implemented in software, and fig. 2 shows a page control device 255 stored in the memory 250, which may be software in the form of programs and plug-ins, and includes the following software modules: the receiving module 2551, the obtaining module 2552, the rendering module 2553, the detecting module 2554 and the sending module 2555 are logical and thus may be arbitrarily combined or further split according to the implemented functions. The functions of the respective modules will be explained below.
In other embodiments, the page control Device provided in the embodiments of the present invention may be implemented in hardware, and for example, the page control Device provided in the embodiments of the present invention may be a processor in the form of a hardware decoding processor, which is programmed to execute the page control method provided in the embodiments of the present invention, for example, the processor in the form of the hardware decoding processor may be one or more Application Specific Integrated Circuits (ASICs), DSPs, Programmable Logic Devices (PLDs), Complex Programmable Logic Devices (CPLDs), Field Programmable Gate Arrays (FPGAs), or other electronic components.
The page control method provided by the embodiment of the present invention will be described below with reference to an exemplary application when the page control method provided by the embodiment of the present invention is implemented as a browser kernel.
Referring to fig. 3, fig. 3 is an optional flowchart of a page control method according to an embodiment of the present invention, and will be described with reference to the steps shown in fig. 3.
Step 301: and the browser kernel receives an opening instruction of a target page corresponding to the target uniform resource locator URL.
Wherein the opening instruction is triggered by the application client based on page operation in the presented page.
In practical application, a browser kernel is one of the core parts of the browser, and is used for explaining a webpage language and rendering and displaying a page, and realizing loading and video playing or live streaming playing of the webpage, and the like.
In actual implementation, when a user clicks a target URL or inputs the target URL through a keyboard or a touch screen, an open instruction of a target page corresponding to the target URL is triggered, and the open instruction is transmitted to a browser kernel through an operating system.
Step 302: and responding to the opening instruction, and acquiring page data corresponding to the target page.
In actual implementation, after receiving a target URL, a browser checks a Protocol, a network address, a resource path, a file name, a dynamic parameter, and the like of the target URL, and a server sends a HyperText Transfer Protocol (HTTP) request through domain name resolution, TCP connection, and the browser, and returns a response message to the browser after processing the HTTP request, where the response message includes a status code, a response header, and a response Text, such as page data of a HyperText Markup Language (HTML), a scripting Language (JS, javascript), a Cascading Style sheet (CSS, Cascading Style Sheets) file, a picture, and the like.
Step 303: and rendering the page based on the page data to present the target page.
In practical application, the browser kernel receives a response message sent by the HTTP server, and starts parsing the HTML document to perform page rendering, and in some embodiments, the browser kernel may perform page rendering in the following manner:
constructing a corresponding Document Object Model (DOM) tree based on the page data; analyzing a Cascading Style sheet file (CSS) to construct a corresponding Cascading Style Sheet Object Model (CSSOM) tree; merging the document object model tree and the cascading style sheet object model tree to construct a corresponding rendering tree; and laying out and drawing the rendering tree to present the target page.
In actual implementation, the browser kernel performs code analysis on the page data to obtain a plurality of corresponding words; creating corresponding nodes based on the words; and constructing a corresponding document object model tree based on each node. After a rendering tree is constructed, coordinates are distributed to each node of the rendering tree according to the rendering tree to obtain corresponding position information; and traversing the position information of each node, and drawing a rendering tree to obtain a target page for presentation.
Step 304: and detecting the password input box of the target type based on the target page to obtain a first detection result.
In some embodiments, the browser kernel may perform detection of a target type of password entry box by:
detecting webpage password frame elements of the page data based on the target page to obtain a second detection result; and when the second detection result represents that the webpage password frame elements exist in the page data, determining that the password input frame of the corresponding type exists in the page data.
In actual implementation, when a browser kernel performs page rendering, whether a webpage password Element exists in page data is identified, for example, a target URL is opened by a QQ client through a TBS kernel, and when the TBS kernel performs page rendering, if the type of an html input Element is InputTypeNames:: password, it is considered that a password input box exists in the page data when the html input Element starts to be rendered.
In some embodiments, the browser kernel may also perform detection of a target type of password entry box by:
in response to a received password entry event for the password entry box, determining a response element that is responsive to the password entry event; and when the response element is the webpage password frame element, determining that the password input frame of the corresponding type exists in the page data.
In actual implementation, if the browser kernel does not recognize the webpage password elements from the page data, rendering of the page is completed, and the target page is presented, when a user inputs a password in a password input box presented in the target page, a password input event for the password input box is triggered, and the browser kernel detects the password input box based on the response element receiving the input event.
For example, when a user inputs a password in a password input box on a QQ login page presented on a terminal, a browser kernel receives a password input event corresponding to the password input box, and if an element responded by the password input event is HTMLInputElement and the type is InputTypNames:: password, the page data is considered to have the password input box.
Step 305: and when the first detection result represents that the target type password input box exists in the target page, sending a notification carrying the target URL to the application client.
And the notification is used for the application client to carry out security verification on the target page based on the target URL and carry out security control on the target page when the verification result represents that the target page has risks.
Referring to fig. 4, fig. 4 is an optional architecture diagram of the page control system according to the embodiment of the present invention, a target URL is opened by a browser kernel, when it is determined that a target type password input box exists in a target page, a notification carrying the target URL is reported to an application client, the application client sends the notification carrying the target URL to a background server, so that the background server performs security verification on the target page based on the notification carrying the URL, obtains and returns a verification result to the application client, and the application client generates a control instruction based on the verification result and sends the control instruction to the browser kernel to control the target page.
In some embodiments, the browser kernel may also determine whether the target page has a risk by itself, for example, by matching the target URL with a URL in a white list, security check is performed on the target page; and when the target URL is not in the white list, sending a notice carrying the target URL to the application client, and interacting the application client with a background server of the application to further judge whether the target page has risks.
For example, the background server analyzes the received notification to obtain a target URL, matches the obtained target URL with a pre-stored white list comprising legal pages, and determines that the target page is a safe page when the target URL is successfully matched with the URL in the white list; and when the target URL is failed to be matched with the URL in the white list, namely the target URL is not in the white list, determining that the target page has risk.
In actual implementation, the application background server returns a verification result of whether the target page is safe to the application client, the application client executes corresponding operations according to different verification results, and when the verification result represents that the target page has risks, the application client generates a control instruction for controlling the target page and sends the control instruction to the browser kernel.
Accordingly, in some embodiments, the browser kernel receives a control instruction sent by the application client when determining that the target page is at risk; and responding to the control instruction, and intercepting a password input event when the password input event aiming at the password input box is received.
Here, taking an application client as a QQ client as an example for explanation, when the QQ client interacts with a QQ backend server and determines that a target page is at risk, the QQ client generates a control instruction corresponding to the target page, invokes a TBS kernel interface, and the TBS kernel receives the control instruction and intercepts a password input event, that is, disables a current password input box event, so that a user does not have any response when inputting a password in the password input box.
In some embodiments, a browser kernel receives a control instruction sent by an application client when determining that a target page has a risk; and closing the target page or sending prompt information for prompting that the target page has risks based on the control instruction.
In practical application, when the browser kernel receives a control instruction sent by the application client when determining that the target page is at risk, the target page is closed based on the control instruction, so that when a user opens the target page at risk or inputs a password into a password input box of the presented target page at risk, the target page is automatically closed, the user is prevented from inputting the password, and the user is protected for the account password of the user.
In some embodiments, the browser may further send, based on the received control instruction, a prompt message for prompting that the target page is at risk, so that the prompt message is presented on the target page, referring to fig. 5, where fig. 5 is an interface schematic diagram for presenting the prompt message provided in the embodiments of the present invention, as shown in fig. 5, the application client presents the prompt message to prompt the user that the target page is at risk, so as to avoid the user from continuously inputting the password, and thus avoid leakage of the password.
By the method, when the browser kernel actively identifies the webpage password frame element in the target page, the browser kernel sends a notification carrying the URL of the target page to the application client, so that the application client performs security verification on the target page based on the URL and performs security control on the target page when the verification result indicates that the target page has risks; therefore, when the password input frame of the target type is detected, whether the target page has risks or not is checked, and when the target page has risks, the target page is subjected to safety control, so that the user does not respond when inputting the password in the password input frame, the action of continuously inputting the password by the user is prevented in real time, continuous infringement of the target page with the risks to privacy information such as an account number and the password of the user is avoided, safety guarantee is timely provided for the account number and the password of the user, and the user can be relieved when visiting the webpage.
In some embodiments, when a target URL is opened by a browser kernel, the browser kernel generates a transaction for storing a first detection result by combining a blockchain technique after obtaining a first detection result of whether a target page contains a password input box of a target type, and submits the generated transaction to a node of a blockchain network, so that the node recognizes the transaction and stores the first detection result to the blockchain network; when the user inputs or opens the target page corresponding to the URL again at the application client and needs to acquire the detection result of whether the target page contains the password input box of the target type, the browser kernel may generate a transaction for acquiring the detection result of whether the target page contains the password input box of the target type, and submit the generated transaction to the node of the block chain network, so that the node recognizes the transaction and returns the first detection result of the target page.
Next, a block chain network according to an embodiment of the present invention will be described. Referring to fig. 6, fig. 6 is a schematic diagram of an application architecture of a blockchain network according to an embodiment of the present invention, which includes a service agent 400, an authentication center 700, and a blockchain network 600 (exemplarily illustrating a consensus node 610-1 to a consensus node 610-3), which are described below.
The type of blockchain network 600 is flexible and may be, for example, any of a public chain, a private chain, or a federation chain. Taking a public link as an example, electronic devices such as a user terminal and a server of any service entity can access the blockchain network 600 without authorization; taking a federation chain as an example, an electronic device (e.g., a terminal/server) hosted by a service entity after obtaining authorization may access the blockchain network 600, and in this case, if the electronic device becomes a client node in the blockchain network 600, the client indicates an application client.
In some embodiments, the client node may act as a mere watcher of the blockchain network 600, i.e., provides functionality to support a business entity to initiate a transaction (e.g., for uplink storage of data or querying of data on a chain), and may be implemented by default or selectively (e.g., depending on the specific business requirements of the business entity) with respect to the functions of the consensus node 610 of the blockchain network 600, such as a ranking function, a consensus service, and an accounting function, etc. Therefore, the data and the service processing logic of the service subject can be migrated to the blockchain network 600 to the maximum extent, and the credibility and traceability of the data and service processing process are realized through the blockchain network 600.
A consensus node in blockchain network 600 receives transactions submitted by client nodes (e.g., client node 410 shown in fig. 6 as belonging to business entity 400) from different business entities (e.g., business entity 400 shown in fig. 6), executes the transactions to store a first detection result of a target page, and various intermediate or final results of executing the transactions may be returned for display in the business entity's client nodes.
For example, the client node 410 may subscribe to events of interest in the blockchain network 600, such as transactions occurring in a particular organization/channel in the blockchain network 600, and the corresponding transaction notifications are pushed by the consensus node 610 to the client node 410, thereby triggering the corresponding business logic in the client node 410.
An exemplary application of a block chain is described with an example that a service subject accesses a block chain network to achieve acquisition of a first detection result of a corresponding target page.
Referring to fig. 6, the service entity 400 is an application client, and registers from the certificate authority 700 to obtain a digital certificate, where the digital certificate includes a public key of the service entity and a digital signature signed by the certificate authority 700 for the public key and identity information of the service entity, and is used to be attached to a transaction together with the digital signature of the service entity for the transaction, and is sent to the blockchain network, so that the blockchain network takes the digital certificate and signature from the transaction, verifies the authenticity of the message (i.e. whether the message is not tampered) and the identity information of the service entity sending the message, and verifies the blockchain network according to the identity, for example, whether the service entity has the right to initiate the transaction. Clients running electronic devices (e.g., terminals or servers) hosted by the business entity may request access from the blockchain network 600 to become client nodes.
The client node 410 of the service body 400 is configured to generate, when the user re-inputs or opens the target page corresponding to the URL, a transaction for obtaining a first detection result of whether the target page contains the target type of the password input box, specify an intelligent contract that needs to be invoked to implement the obtaining operation, and parameters passed to the intelligent contract, and also carry a digital certificate of the client node 410, a signed digital signature (for example, a digest of the transaction is encrypted by using a private key in the digital certificate of the client node 410), and broadcast the transaction to the consensus node 610 in the blockchain network 600.
When a transaction is received in the consensus node 610 in the blockchain network 600, the digital certificate and the digital signature carried in the transaction are verified, after the verification is successful, whether the service agent 400 has the transaction right or not is determined according to the identity of the service agent 400 carried in the transaction, and the transaction fails due to any verification judgment of the digital signature and the right verification. After successful verification, node 610 signs its own digital signature (e.g., by encrypting the digest of the transaction using node 610-1's private key) and continues to broadcast in blockchain network 600.
After the consensus node 610 in the blockchain network 600 receives the transaction successfully verified, the transaction is filled into a new block and broadcast. When a new block is broadcasted by the consensus node 610 in the block chain network 600, performing a consensus process on the new block, if the consensus is successful, adding the new block to the tail of the block chain stored in the new block, updating the state database according to a transaction result, and executing a transaction in the new block: and for the submitted transaction for acquiring the first detection result of whether the target page contains the password input box of the target type, inquiring a key value pair of the first detection result of whether the target page contains the password input box of the target type in a state database, and returning the transaction result.
As an example of a block chain, referring to fig. 7, fig. 7 is a schematic structural diagram of a block chain in a block chain network 600 according to an embodiment of the present invention, where a header of each block may include hash values of all transactions in the block and also include hash values of all transactions in a previous block, a record of a newly generated transaction is filled in the block and is added to a tail of the block chain after being identified by nodes in the block chain network, so as to form a chain growth, and a chain structure based on hash values between blocks ensures tamper resistance and forgery prevention of transactions in the block.
An exemplary functional architecture of a block chain network provided in the embodiment of the present invention is described below, referring to fig. 8, fig. 8 is a functional architecture schematic diagram of a block chain network 600 provided in the embodiment of the present invention, which includes an application layer 601, a consensus layer 602, a network layer 603, a data layer 604, and a resource layer 605, which are described below respectively.
The resource layer 605 encapsulates the computing, storage, and communication resources that implement each node 610 in the blockchain network 600.
The data layer 604 encapsulates various data structures that implement the ledger, including blockchains implemented in files in a file system, state databases of the key-value type, and presence certificates (e.g., hash trees of transactions in blocks).
The network layer 603 encapsulates the functions of a Point-to-Point (P2P) network protocol, a data propagation mechanism and a data verification mechanism, an access authentication mechanism, and service agent identity management.
Wherein the P2P network protocol implements communication between nodes 610 in the blockchain network 600, the data propagation mechanism ensures propagation of transactions in the blockchain network 600, and the data verification mechanism is used for implementing reliability of data transmission between nodes 610 based on cryptography methods (e.g., digital certificates, digital signatures, public/private key pairs); the access authentication mechanism is used for authenticating the identity of the service subject added to the block chain network 600 according to an actual service scene, and endowing the service subject with the authority of accessing the block chain network 600 when the authentication is passed; the business entity identity management is used to store the identity of the business entity that is allowed to access blockchain network 600, as well as the permissions (e.g., the types of transactions that can be initiated).
The consensus layer 602 encapsulates the functionality of the mechanisms by which nodes 610 in the blockchain network 600 agree on a block (i.e., consensus mechanisms), transaction management, and ledger management. The consensus mechanism comprises consensus algorithms such as POS, POW and DPOS, and the pluggable consensus algorithm is supported.
The transaction management is used for verifying the digital signature carried in the transaction received by the node 610, verifying the identity information of the service subject, and determining whether the service subject has the right to perform the transaction (reading the relevant information from the identity management of the service subject) according to the identity information; for the service entities authorized to access the blockchain network 600, the service entities have digital certificates issued by the certificate authority, and the service entities sign the submitted transactions by using the private keys in their digital certificates, thereby declaring their own legal identities.
The ledger administration is used to maintain blockchains and state databases. For the block with the consensus, adding the block to the tail of the block chain; executing the transaction in the acquired consensus block, updating the key-value pairs in the state database when the transaction comprises an update operation, querying the key-value pairs in the state database when the transaction comprises a query operation and returning a query result to the client node of the business entity. Supporting query operations for multiple dimensions of a state database, comprising: querying the chunk based on the chunk sequence number (e.g., hash value of the transaction); inquiring the block according to the block hash value; inquiring a block according to the transaction serial number; inquiring the transaction according to the transaction serial number; inquiring account data of a business main body according to an account (serial number) of the business main body; and inquiring the block chain in the channel according to the channel name.
The application layer 601 encapsulates various services that the blockchain network can implement, including tracing, crediting, and verifying transactions.
Next, a description is continued on the page control method provided in the embodiment of the present invention, where an application client is provided on a terminal, a browser kernel is embedded in the application client or a target page is opened by calling the browser kernel, taking the browser kernel as an example, fig. 9 is an optional flowchart of the page control method provided in the embodiment of the present invention, and referring to fig. 9, the page control method provided in the embodiment of the present invention includes:
step 901: and the application client responds to the click operation of the target page of the target URL corresponding to the user and generates an opening instruction.
In practical application, when a user clicks a target URL or inputs the target URL through a keyboard or a touch screen, an application client is triggered to generate an open instruction of a target page corresponding to the target URL.
Step 902: and the application client sends an opening instruction to the browser kernel.
Step 903: the browser kernel receives an open instruction.
Step 904: and the browser kernel responds to the opening instruction and acquires page data corresponding to the target page.
In practical implementation, after receiving the target URL, the browser checks the target URL with a Protocol, a network address, a resource path, a file name, a dynamic parameter, and the like, and the server sends a HyperText Transfer Protocol (HTTP) request through domain name resolution, TCP connection, and the browser, and returns a response message to the browser after processing the HTTP request, where the response message includes a status code, a response header, and a response Text, such as page data of a HyperText Markup Language (HTML), a scripting Language (JS, javascript), a Cascading Style sheet (CSS, Cascading Style Sheets) file, a picture, and the like.
Step 905: the browser kernel performs page rendering based on the page data to present a target page;
step 906: and detecting the webpage password frame elements of the page data based on the target page to obtain a detection result.
In practical implementation, when a browser kernel performs page rendering, whether a webpage password element exists in page data is identified, for example, a target URL is opened by a QQ client through a TBS kernel, and when the TBS kernel performs page rendering, if the type of HTM LInputElement is InputTypeNames:: password, it is considered that a password input box exists in the page data when the HTM LInputElement starts to be rendered.
Step 907: and when the detection result represents that the webpage password box element exists in the webpage data, the browser kernel sends a notice carrying the target URL to the application client.
And the notification is used for the application client to carry out security verification on the target page based on the target URL and carry out security control on the target page when the verification result represents that the target page has risks.
In practical implementation, when the browser kernel determines that the target type password input box exists in the target page, a notification carrying the target URL is sent to the application client, and the application client interacts with the background server to determine whether the current target page has a risk.
Step 908: and the application client sends a notice carrying the target URL to the background server.
Step 909: and the background server matches the target URL with the URLs in the white list to obtain a matching result.
Step 910: and the background server returns the matching result to the application client.
Step 911: and when the matching result represents that the target URL is not in the white list, the application client generates a control instruction for controlling the target page.
In actual implementation, when the application client receives a verification result indicating whether the corresponding target page is safe, corresponding operations are executed according to different verification results, and when the verification result indicates that the target page has risks, the application client generates a control instruction for controlling the target page and sends the control instruction to the browser kernel.
Step 912: and the application client side responds to the input operation of the user for the password input box and sends a control instruction to the browser kernel.
Step 913: and the browser kernel responds to the control instruction and intercepts the password input event when receiving the password input event aiming at the password input box.
Here, taking an application client as a QQ client as an example for explanation, when the QQ client interacts with a QQ backend server and determines that a target page is at risk, the QQ client generates a control instruction corresponding to the target page, invokes a TBS kernel interface, and the TBS kernel receives the control instruction and intercepts a password input event, that is, disables a current password input box event, so that a user does not have any response when inputting a password in the password input box.
By the mode, when the target page has risks, the target page is subjected to safety control, so that no response exists when the user inputs the password in the password input box, the user is prevented from continuously inputting the password in real time, continuous damage of the target page with the risks to the account number, the password and other privacy information of the user is avoided, safety guarantee is timely provided for the account number and the password of the user, and the user is relieved in the process of accessing the webpage.
Next, a description is continued on the page control method provided in the embodiment of the present invention, where an application client is provided on a terminal, a browser kernel is embedded in the application client or a target page is opened by calling the browser kernel, and taking the browser kernel as an example, fig. 10 is an optional flowchart of the page control method provided in the embodiment of the present invention, and referring to fig. 10, the page control method provided in the embodiment of the present invention includes:
step 1001: and the application client responds to the click operation of the target page of the target URL corresponding to the user and generates an opening instruction.
Here, in an actual application, when a user clicks a target URL or inputs the target URL through a keyboard or a touch screen, the application client is triggered to generate an open instruction of a target page corresponding to the target URL.
Step 1002: and the application client sends an opening instruction to the browser kernel.
Step 1003: the browser kernel receives an open instruction.
Step 1004: and the browser kernel responds to the opening instruction and acquires page data corresponding to the target page.
Step 1005: and the browser kernel performs page rendering based on the page data to present the target page.
In the practical implementation, the browser kernel performs code analysis on the page data to obtain a plurality of corresponding words; creating corresponding nodes based on the words; constructing a corresponding DOM tree based on each node; analyzing the CSS to construct a corresponding CSSOM tree; merging the DOM tree and the CSSOM tree, constructing a corresponding rendering tree, and distributing coordinates for each node of the rendering tree according to the rendering tree to obtain corresponding position information; and traversing the position information of each node, and drawing a rendering tree to obtain a target page for presentation.
Step 1006: the browser kernel determines a response element that is responsive to a password entry event in response to a received password entry event for the password entry box.
Here, in actual implementation, if the browser kernel does not recognize the webpage password element from the page data, rendering of the page is completed, and the target page is presented, when the user inputs a password in a password input box presented in the target page, a password input event for the password input box is triggered, and the browser kernel performs detection of the password input box based on the response element receiving the input event.
For example, when a user inputs a password in a password input box on a QQ login page presented on a terminal, a browser kernel receives a password input event corresponding to the password input box, and if an element responded by the password input event is HTMLInputElement and the type is InputTypNames:: password, the page data is considered to have the password input box.
Step 1007: and when the response element is a webpage password box element, the browser kernel determines that a password input box of a corresponding type exists in the page data.
Step 1008: and the browser kernel sends a notice carrying the target URL to the application client.
And the notification is used for the application client to carry out security verification on the target page based on the target URL and carry out security control on the target page when the verification result represents that the target page has risks.
In practical implementation, when the browser kernel determines that the target type password input box exists in the target page, a notification carrying the target URL is sent to the application client, and the application client interacts with the background server to determine whether the current target page has a risk.
Step 1009: and the application client sends a notice carrying the target URL to the background server.
Step 1010: and the background server matches the target URL with the URLs in the white list to obtain a matching result.
Step 1011: and the background server returns the matching result to the application client.
Step 1012: and when the matching result represents that the target URL is not in the white list, the application client generates a control instruction for controlling the target page.
In actual implementation, when the application client receives a verification result indicating whether the corresponding target page is safe, corresponding operations are executed according to different verification results, and when the verification result indicates that the target page has risks, the application client generates a control instruction for controlling the target page and sends the control instruction to the browser kernel.
Step 1013: and the application client side responds to the input operation of the user for the password input box and sends the control instruction to the browser kernel.
Step 1014: and the browser kernel generates prompt information for prompting that the target page has risks based on the control instruction.
Step 1015: and the browser kernel sends prompt information to the application client.
Step 1016: and the application client presents the prompt information.
By the method, the display interface of the target page presents the prompt information for the target page with the risk, so that the target page of the user can be prompted to have the risk, the user is prevented from continuously inputting the password, and the password is prevented from being leaked.
In the following, an exemplary application of the embodiments of the present invention in a practical application scenario will be described.
The page control method provided by the embodiment of the invention is suitable for preventing account number and password from being stolen, is also suitable for identifying elements such as videos, pictures, articles and the like in a webpage, actively reports the elements, and confirms whether the current page is an illegal page by a browser user, so that the illegal page is prevented from continuously infringing information such as account numbers, privacy and the like of a user in real time. Next, a page control method according to an embodiment of the present invention is described with an example of preventing stealing of a QQ account password.
In actual implementation, the QQ client opens a URL (uniform resource locator) by using the TBS, when the URL is a hotlink, if a password input box is in a page displayed by the URL, the TBS reports the page to the QQ client, and the QQ client interacts with a QQ background server to determine whether the current page is the hotlink page (namely, the page has risks); if the page is a hotlink page, the QQ client calls a TBS kernel interface, and the current password box input event is forbidden, so that a user has no response when inputting a password in the password box.
Referring to fig. 11, fig. 11 is a schematic diagram of an optional architecture of a page control system according to an embodiment of the present invention, and as shown in fig. 11, the page control system according to the embodiment of the present invention includes a TBS kernel layer, a TBS interface layer, an application client (i.e., a TBS user), a backend server (i.e., a backend server of the TBS user), and so on.
The core of the page control method provided in the embodiment of the present invention is that the TBS kernel identifies a password input box in a web page and a password input event corresponding to the password input box, and in actual implementation, based on the architecture of the page control system shown in fig. 11, fig. 12 is an optional schematic flow diagram of the page control method according to the embodiment of the present invention, and will be described with reference to the steps shown in fig. 11 and fig. 12.
Step 1201: and the QQ client generates an opening instruction in response to the click operation of the webpage of the target URL corresponding to the user.
In practical application, when a target URL is clicked by a QQ user or input through a keyboard or a touch screen, the QQ client is triggered to generate an opening instruction of a webpage corresponding to the target URL.
Step 1202: the QQ client sends an open command to the TBS kernel.
Here, in an actual application, the TBS kernel is embedded in the QQ client, or the page data corresponding to the webpage is acquired by calling the TBS kernel, and the page is rendered based on the acquired page data, so as to present the target page.
Step 1203: the TBS kernel identifies the password entry box in the webpage.
In practical implementation, the target URL is opened by the QQ client through the TBS kernel, and when the TBS kernel performs page rendering, if the type of the HTMLI nputElement is InputTypeNames:: password, it is considered that there is a password input box in the webpage when the HTMLI nputElement starts to be rendered.
Or, in the process of rendering the page, the TBS kernel completes rendering the page without identifying a webpage password element from the page data, and when the QQ login page is presented, that is, when a password is input in a password input box on the QQ login page presented on the terminal by the user, the browser kernel receives a password input event corresponding to the password input box, and if an element responded by the password input event is HTMLInputElement, and the type is InputTypeNames:: password, the webpage is considered to have the password input box.
Step 1204: and judging whether a password input box exists or not.
Here, when there is a password input box in the web page, step 1205 is performed; when the password input box does not exist in the webpage, executing step 1210;
step 1205: and the TBS inner core sends a notice carrying the target URL to the QQ client.
And the notification is used for interacting the QQ client and the background server, and performing security check on the webpage (namely judging whether the webpage is a hotlink webpage) based on the target URL.
Step 1206: and the QQ client sends a notice carrying the target URL to the background server.
Step 1207: the background server judges whether the webpage is a hotlink webpage or not.
Here, in practical applications, the background server may match the target URL with a URL in a white list to obtain a matching result, and when the matching result indicates that the target URL is in the white list, the web page corresponding to the target URL is considered to be safe (i.e., not a hotlink web page), at this time, step 1210 is executed; when the matching result indicates that the target URL is not in the white list, the web page corresponding to the target URL is considered unsafe (i.e., an illegal web page, i.e., a hotlink web page), and at this time, step 1208 is executed.
Step 1208: the QQ client invokes the TBS interface.
Step 1209: the TBS kernel disables the password entry box to enter the password function.
Step 1210: and continuing to browse the webpage.
Step 1211: the page is closed.
Therefore, when the user opens the webpage with the risk or inputs the password to the password input box in the presented webpage with the risk, the target page is automatically closed, the user is prevented from inputting the password, and the user is protected for the account password of the user.
By the method, the efficiency of processing the hotlink is improved, the security such as the QQ account is guaranteed, and the user can feel more relieved when using the QQ to access the webpage.
Continuing with the exemplary structure of the page control device 255 implemented as software modules provided by the embodiments of the present invention, in some embodiments, as shown in fig. 2 and 13, the page control device 255 in the memory 250 includes the following software modules: a receiving module 2551, an obtaining module 2552, a rendering module 2553, a detecting module 2554 and a sending module 2555.
A receiving module 2551, configured to receive an open instruction of a target page corresponding to a target uniform resource locator URL, where the open instruction is triggered by an application client based on a page operation in a presented page;
an obtaining module 2552, configured to, in response to the opening instruction, obtain page data corresponding to the target page;
a rendering module 2553, configured to perform page rendering based on the page data to present the target page;
a detection module 2554, configured to perform detection on a password input box of a target type based on the target page, to obtain a detection result;
a sending module 2555, configured to send a notification carrying the target URL to the application client when the detection result indicates that a password input box of the target type exists in the target page;
and the notification is used for the application client to carry out security verification on the target page based on the target URL and carry out security control on the target page when a verification result represents that the target page has risks.
In some embodiments, the detection module is further configured to perform, based on the target page, webpage password box element detection on the page data to obtain a second detection result;
and when the second detection result represents that the webpage password frame elements exist in the page data, determining that the password input frame of the corresponding type exists in the page data.
In some embodiments, the detection module is further configured to determine, in response to a received password entry event for the password entry box, a response element responsive to the password entry event;
and when the response element is a webpage password frame element, determining that a password input frame of a corresponding type exists in the page data.
In some embodiments, the apparatus further comprises a matching module for performing a security check on the target page by matching the target URL with URLs in a whitelist;
and when the target URL is not in the white list, sending a notice carrying the target URL to the application client.
In some embodiments, the apparatus further includes a control module, configured to receive a control instruction sent by the application client when determining that the target page is at risk;
in response to the control instruction, intercepting the password input event when the password input event for the password input box is received.
In some embodiments, the control module is further configured to receive a control instruction sent by the application client when determining that the target page is at risk;
and closing the target page or sending prompt information for prompting that the target page has risks based on the control instruction.
In some embodiments, the rendering module is further configured to construct a corresponding document object model tree based on the page data;
analyzing the cascading style sheet file, and constructing a corresponding cascading style sheet object model tree;
merging the document object model tree and the cascading style sheet object model tree to construct a corresponding rendering tree;
and laying out and drawing the rendering tree to present the target page.
In some embodiments, the apparatus further comprises a storage module configured to store the detection result of the target page to a blockchain network.
An embodiment of the present invention provides an electronic device, including:
a memory for storing executable instructions;
and the processor is used for realizing the page control method provided by the embodiment of the invention when the executable instruction stored in the memory is executed.
The embodiment of the invention provides a storage medium, which stores executable instructions and is used for causing a processor to execute so as to realize the page control method provided by the embodiment of the invention.
In some embodiments, the storage medium may be memory such as FRAM, ROM, PROM, EPROM, EEPROM, flash memory, magnetic surface memory, optical disk, or CD-ROM; or may be various devices including one or any combination of the above memories.
In some embodiments, executable instructions may be written in any form of programming language (including compiled or interpreted languages), in the form of programs, software modules, scripts or code, and may be deployed in any form, including as a stand-alone program or as a module, component, subroutine, or other unit suitable for use in a computing environment.
By way of example, executable instructions may correspond, but do not necessarily have to correspond, to files in a file system, and may be stored in a portion of a file that holds other programs or data, such as in one or more scripts in a hypertext Markup Language (HTML) document, in a single file dedicated to the program in question, or in multiple coordinated files (e.g., files that store one or more modules, sub-programs, or portions of code).
By way of example, executable instructions may be deployed to be executed on one computing device or on multiple computing devices at one site or distributed across multiple sites and interconnected by a communication network.
The above description is only an example of the present invention, and is not intended to limit the scope of the present invention. Any modification, equivalent replacement, and improvement made within the spirit and scope of the present invention are included in the protection scope of the present invention.
Claims (10)
1. A page control method, characterized in that the method comprises:
receiving an opening instruction of a target page corresponding to a target Uniform Resource Locator (URL), wherein the opening instruction is triggered by an application client based on page operation in a presented page;
responding to the opening instruction, and acquiring page data corresponding to the target page;
performing page rendering based on the page data to present the target page;
detecting a password input box of a target type based on the target page to obtain a first detection result;
when the first detection result represents that a target type password input box exists in the target page, sending a notification carrying the target URL to the application client;
and the notification is used for the application client to carry out security verification on the target page based on the target URL and carry out security control on the target page when a verification result represents that the target page has risks.
2. The method of claim 1, wherein the detecting of the target type of password entry box based on the target page comprises:
based on the target page, carrying out webpage password frame element detection on the page data to obtain a second detection result;
and when the second detection result represents that the webpage password frame elements exist in the page data, determining that the password input frame of the corresponding type exists in the page data.
3. The method of claim 1, wherein the detecting of the target type of password entry box based on the target page comprises:
in response to a received password entry event for the password entry box, determining a response element that is responsive to the password entry event;
and when the response element is a webpage password frame element, determining that a password input frame of a corresponding type exists in the page data.
4. The method of claim 1, wherein the method further comprises:
performing security verification on the target page by matching the target URL with URLs in a white list;
and when the target URL is not in the white list, sending a notice carrying the target URL to the application client.
5. The method of claim 1, wherein the method further comprises:
receiving a control instruction sent by the application client when determining that the target page has risks;
in response to the control instruction, intercepting the password input event when the password input event for the password input box is received.
6. The method of claim 1, wherein the method further comprises:
receiving a control instruction sent by the application client when determining that the target page has risks;
and closing the target page or sending prompt information for prompting that the target page has risks based on the control instruction.
7. The method of claim 1, wherein the page rendering based on the page data to present the target page comprises:
constructing a corresponding document object model tree based on the page data;
analyzing the cascading style sheet file, and constructing a corresponding cascading style sheet object model tree;
merging the document object model tree and the cascading style sheet object model tree to construct a corresponding rendering tree;
and laying out and drawing the rendering tree to present the target page.
8. The method of any of claims 1 to 7, further comprising:
storing the first detection result of the target page to a blockchain network.
9. A page control apparatus, characterized in that the apparatus comprises:
the system comprises a receiving module, a processing module and a display module, wherein the receiving module is used for receiving an opening instruction of a target page corresponding to a target Uniform Resource Locator (URL), and the opening instruction is triggered by an application client based on page operation in a presented page;
the acquisition module is used for responding to the opening instruction and acquiring page data corresponding to the target page;
the rendering module is used for rendering a page based on the page data so as to present the target page;
the detection module is used for detecting the password input box of the target type based on the target page to obtain a detection result;
the sending module is used for sending a notification carrying the target URL to the application client when the detection result represents that the target type password input box exists in the target page;
and the notification is used for the application client to carry out security verification on the target page based on the target URL and carry out security control on the target page when a verification result represents that the target page has risks.
10. A storage medium having stored thereon executable instructions for causing a processor to perform the page control method of any one of claims 1 to 8 when executed.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911153933.3A CN112836186A (en) | 2019-11-22 | 2019-11-22 | Page control method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911153933.3A CN112836186A (en) | 2019-11-22 | 2019-11-22 | Page control method and device |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN112836186A true CN112836186A (en) | 2021-05-25 |
Family
ID=75921561
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201911153933.3A Pending CN112836186A (en) | 2019-11-22 | 2019-11-22 | Page control method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112836186A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114741072A (en) * | 2022-04-20 | 2022-07-12 | 苏州峰之鼎信息科技有限公司 | Page generation method, device, equipment and storage medium |
| CN116226566A (en) * | 2023-03-07 | 2023-06-06 | 杭州星锐网讯科技有限公司 | Method and system for rendering embedded client interface to webpage |
-
2019
- 2019-11-22 CN CN201911153933.3A patent/CN112836186A/en active Pending
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114741072A (en) * | 2022-04-20 | 2022-07-12 | 苏州峰之鼎信息科技有限公司 | Page generation method, device, equipment and storage medium |
| CN114741072B (en) * | 2022-04-20 | 2024-03-12 | 苏州峰之鼎信息科技有限公司 | Page generation method, device, equipment and storage medium |
| CN116226566A (en) * | 2023-03-07 | 2023-06-06 | 杭州星锐网讯科技有限公司 | Method and system for rendering embedded client interface to webpage |
| CN116226566B (en) * | 2023-03-07 | 2024-01-23 | 杭州星锐网讯科技有限公司 | Method and system for rendering embedded client interface to webpage |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11403373B2 (en) | Systems and methods for adding watermarks using an embedded browser | |
| US10110629B1 (en) | Managed honeypot intrusion detection system | |
| US10484385B2 (en) | Accessing an application through application clients and web browsers | |
| US10673866B2 (en) | Cross-account role management | |
| CN107077410B (en) | Analyzing client application behavior to detect anomalies and prevent access | |
| US11886525B2 (en) | Systems and methods for presenting additional content for a network application accessed via an embedded browser of a client application | |
| CN105610810B (en) | Data processing method, client and server | |
| CN111353903B (en) | Network identity protection method and device, electronic equipment and storage medium | |
| CN111355726B (en) | Identity authorization login method and device, electronic equipment and storage medium | |
| US10609165B1 (en) | Systems and methods for gamification of SaaS applications | |
| US10616209B2 (en) | Preventing inter-application message hijacking | |
| US11841931B2 (en) | Systems and methods for dynamically enforcing digital rights management via embedded browser | |
| US10936470B2 (en) | Systems and methods for performance bug and grievance reports for SaaS applications | |
| US20220197970A1 (en) | Systems and methods for improved remote display protocol for html applications | |
| US11290574B2 (en) | Systems and methods for aggregating skills provided by a plurality of digital assistants | |
| CN110569658A (en) | User information processing method and device based on block chain network, electronic equipment and storage medium | |
| US9843490B2 (en) | Methods and systems for analytic code injection | |
| CN112836186A (en) | Page control method and device | |
| US20180039771A1 (en) | Method of and server for authorizing execution of an application on an electronic device | |
| Ghiani et al. | Security in migratory interactive web applications | |
| US20220121333A1 (en) | Systems and methods for live tiles for saas | |
| CN113569166A (en) | Data processing method and device, electronic equipment and storage medium | |
| CN117909611A (en) | Page embedding method, device, equipment, medium, program product and credit system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| REG | Reference to a national code |
Ref country code: HK Ref legal event code: DE Ref document number: 40044651 Country of ref document: HK |
|
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |