Unlock instant, AI-driven research and patent intelligence for your innovation.

Method, device and system for preventing remote code from being executed in application operation

A technology of application operation and code, applied in the Internet field, can solve problems such as increasing the burden on the browser, reducing the speed of the first screen of the web page, and the browser cannot define a whitelist, so as to achieve the effect of improving security.

Active Publication Date: 2019-12-13
深圳市雅阅科技有限公司
View PDF9 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005] However, in order to expand the core capabilities of the mobile browser, some core functions will be exposed to the web page through the Js2Java mechanism, such as switching full screen, switching night mode, etc. For such a general JavaScript interface, the browser cannot define a whitelist
[0006] At the same time, every time the browser loads a page, it may inject a lot of JavaScript interfaces of external links. If the whitelist is checked every time it is used, it will increase the burden on the browser when opening the page and reduce the first screen of the page. Speed, bringing a certain negative experience to users

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method, device and system for preventing remote code from being executed in application operation
  • Method, device and system for preventing remote code from being executed in application operation
  • Method, device and system for preventing remote code from being executed in application operation

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0023] It should be understood that the specific embodiments described here are only used to explain the present invention, not to limit the present invention.

[0024] The hardware operating environment involved in the method of the embodiment of the present invention can be a mobile terminal such as a mobile phone or a tablet computer, on which various client application software is installed and can carry various mobile terminal browsers. The embodiment of the present invention can realize the following scheme: when the application on the mobile terminal executes the webpage code through the browser, the browser can monitor whether the webpage code has the behavior of calling the relevant interface of the query class, and if so, intercept the behavior, In this way, it is possible to prevent remote code execution caused by applications on the browsers of mobile terminals such as mobile phones and tablet computers, and effectively repair the vulnerability that the content of t...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

A method, device and system for preventing execution of remote codes of application operation in a browser are disclosed. The method includes: in response to receiving an application operating instruction from a client, triggering a browser to execute page codes; and monitoring whether the page codes request to perform an action of calling a query class related interface during a process of executing the page codes by the browser; if yes, intercepting the action. The method fixes a bug caused by executing remote malicious codes in application operations on mobile phones, tablet PCs and other mobile terminal devices, which may cause content of the mobile phone to be tampered and deleted, thus improving the security of operating an application on a browser. The method does not restrict the browser from extending kernel's capability, and does not affect calling to the add Java script lnterface function made by third-party product interacting with Java Script of the browser.

Description

technical field [0001] The present invention relates to the technical field of the Internet, in particular to a method, device and system for a browser to prevent remote codes from being executed during application operations. Background technique [0002] There is an addJavascriptInterface method in the Android WebView component, which is mainly used to export Java classes or methods for JavaScript calls. However, when JavaScript calls an exported Java class, it can execute arbitrary Java code through reflection. [0003] In addition, in order to extend the kernel capabilities, mobile browsers generally register Java classes through the addJavascriptInterface method, provide them to web pages, and invoke kernel functions through JavaScript. This creates a loophole. The typical malicious attack scenario is as follows: In the browser, by providing a web page, after the user clicks on the web page, the browser JavaScript searches for the class name and method name, and execut...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): G06F21/56G06F21/57
CPCG06F21/53G06F2221/2119
Inventor 苏可方敏
Owner 深圳市雅阅科技有限公司