Web server and method for preventing cross-site scripting attack

Abstract

The invention proposes a web server and a method for preventing cross-site scripting attack, wherein the method includes: after the Web server receives an HTTP request from a browser, intercepting the HTTP request, and determining, according to a filter mapping table, whether a filtering operation with respect to the HTTP request is to be executed; if it is determined that the filtering operation with respect to the HTTP request is needed to be executed, executing, by the Web server, the filtering operation with respect to the intercepted HTTP request according to a predetermined cross-site scripting attack judging rule and a cross-site scripting attack processing rule. The Web server and the method for preventing cross-site scripting attack disclosed in the invention can prevent effectively the cross-site scripting attack with respect to the browser and / or Web server.

Description

technical field [0001] The present invention relates to a Web server and a method, more specifically, to a Web server and a method for preventing cross-site scripting attacks. Background technique [0002] At present, with the increasingly wide application of computers and networks and the increasing variety of business types in different fields, secure data transmission between browsers and Web servers is required to prevent cross-site scripting attacks (that is, XSS, which refers to HTTP response due to The browser contains illegal data, which causes the browser to execute malicious code, thereby obtaining the user's cookie data (which is the data stored on the user's local terminal in order to identify the user's identity and track the session), and then create fraudulent pages to implement phishing attacks, etc. etc.) are becoming more and more important. [0003] The two existing ways to prevent cross-site scripting attacks are as follows: (1) Divide the web page into ...

Images