Web server and method for preventing cross-site scripting attack

A cross-site scripting attack and server technology, which is applied in the field of web servers to prevent cross-site scripting attacks, can solve the problems of not eliminating XSS attacks from the root, difficult server-side XSS attacks, high maintenance costs, etc., and achieve the elimination of cross-site scripting attacks , avoid malicious code execution, high configurability effect

Active Publication Date: 2018-04-27
CHINA UNIONPAY
View PDF5 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] However, the existing technical solutions have the following problems: (1) For the first method, since the authorized client request may contain malicious code, it is difficult to avoid the XSS attack on the server side; ( 2) For the second method, because it is completely focused on the client, that is, to identify reflective XSS attacks from the perspective of the client, and to prohibit the execution of scripts on the client, it does not eliminate the XSS attack from the root cause. In addition, because the filter is blocked It is installed on the client side, so it has high requirements for browser configuration and performance. In addition, it can only filter existing known XSS vulnerabilities, and when new XSS vulnerabilities appear, the filter on the client needs to be updated, so the maintenance cost is high.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Web server and method for preventing cross-site scripting attack
  • Web server and method for preventing cross-site scripting attack

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0027] figure 1 is a schematic structural diagram of a Web server for preventing cross-site scripting attacks according to an embodiment of the present invention. Such as figure 1 As shown, the web server for preventing cross-site scripting attacks disclosed by the present invention includes a preprocessing unit 1 , a filter 2 and a web resource processing unit 3 . Wherein, the preprocessing unit 1 intercepts the HTTP request after receiving the HTTP request from the browser, and determines whether to perform a filtering operation for the HTTP request according to the filter mapping table, and if it is determined that it needs to perform a filtering operation for the HTTP request. HTTP request filtering operation, then the HTTP request is passed to the filter. After the filter 2 receives the HTTP request, it performs a filtering operation for the HTTP request according to predetermined cross-site scripting attack judgment rules and cross-site scripting attack processing rule...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention proposes a web server and a method for preventing cross-site scripting attack, wherein the method includes: after the Web server receives an HTTP request from a browser, intercepting the HTTP request, and determining, according to a filter mapping table, whether a filtering operation with respect to the HTTP request is to be executed; if it is determined that the filtering operation with respect to the HTTP request is needed to be executed, executing, by the Web server, the filtering operation with respect to the intercepted HTTP request according to a predetermined cross-site scripting attack judging rule and a cross-site scripting attack processing rule. The Web server and the method for preventing cross-site scripting attack disclosed in the invention can prevent effectively the cross-site scripting attack with respect to the browser and / or Web server.

Description

technical field [0001] The present invention relates to a Web server and a method, more specifically, to a Web server and a method for preventing cross-site scripting attacks. Background technique [0002] At present, with the increasingly wide application of computers and networks and the increasing variety of business types in different fields, secure data transmission between browsers and Web servers is required to prevent cross-site scripting attacks (that is, XSS, which refers to HTTP response due to The browser contains illegal data, which causes the browser to execute malicious code, thereby obtaining the user's cookie data (which is the data stored on the user's local terminal in order to identify the user's identity and track the session), and then create fraudulent pages to implement phishing attacks, etc. etc.) are becoming more and more important. [0003] The two existing ways to prevent cross-site scripting attacks are as follows: (1) Divide the web page into ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Patents(China)
IPC IPC(8): H04L29/06
CPCH04L63/145H04L67/02
Inventor 杨曦周继恩汤茂安李伟李岩陈孟
Owner CHINA UNIONPAY
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap