Method and device for defending DOM-Based-XSS vulnerability and client

A document object model and cross-site scripting vulnerability technology, applied in electrical components, transmission systems, etc., can solve the problems of mainstream scanning and defense methods failure.

Active Publication Date: 2018-11-23
TENCENT TECH (SHENZHEN) CO LTD
View PDF7 Cites 16 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

At present, quite a few web vulnerability scanners in the industry can support DOM-Based-XSS scanning and discovery of online web services, and some excellent web application firewalls can also effectively intercept and defend against DOM-Based-XSS vulnerabilities, but There are still some special scenarios that will invalidate the mainstream scanning and defense methods. Therefore, a more lightweight and non-affecting normal business method is adopted to defend against DOM-Based-XSS vulnerabilities. When hackers attack and exploit the above-mentioned vulnerabilities discovered It is of great significance for the improvement of web application and business security to allow the business side to perceive in real time

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method and device for defending DOM-Based-XSS vulnerability and client
  • Method and device for defending DOM-Based-XSS vulnerability and client
  • Method and device for defending DOM-Based-XSS vulnerability and client

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0020] In order to enable those skilled in the art to better understand the solutions of the present invention, the following will clearly and completely describe the technical solutions in the embodiments of the present invention in conjunction with the drawings in the embodiments of the present invention. Obviously, the described embodiments are only It is an embodiment of a part of the present invention, but not all embodiments. Based on the embodiments of the present invention, all other embodiments obtained by persons of ordinary skill in the art without making creative efforts shall fall within the protection scope of the present invention.

[0021] In order to make the object, technical solution and advantages of the present invention clearer, the implementation manner of the present invention will be further described in detail below in conjunction with the accompanying drawings.

[0022] Such as figure 1 As shown, the Document Object Model (Dom, Document Object Model...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention provides a method and device for defending a document object model based cross site scripting (DOM-Based-XSS) vulnerability and a client. The method comprises the steps of: parsing a tree structure of a current page DOM; before a data hypertext markup language (HTML) text is loaded, checking a request field related to the DOM tree in a hypertext transfer protocol; and if the requestfield comprises a first category of character strings, carrying out filtering or escaping on the first category of character strings. According to the invention, at a moment before the data HTML textis loaded, the request field in the hypertext transfer protocol is verified, so that verification on a uniform resource locator (URL) can be comprehensively and efficiently implemented; the DOM-Based-XSS vulnerability is repaired; and the method and the device have a full-site defense effect and are helpful for controlling the online service increment DOM-Based-XSS vulnerability and preventing newDOM-Based-XSS vulnerability.

Description

technical field [0001] The invention belongs to the technical field of network security protection, and in particular relates to a document object model-based cross-site script vulnerability defense method, device and client. Background technique [0002] Cross Site Scripting (Cross Site Scripting, often abbreviated as XSS) is a vulnerability in which the web application does not effectively filter or escape the data input by the user, so that the attacker can display the constructed malicious data on the page. The method of utilization is that malicious attackers insert malicious JavaScript codes into web pages. When users browse the web pages, the JavaScript codes embedded in the web pages will be executed, thereby achieving the purpose of maliciously attacking normal users. Depending on the triggering of XSS vulnerabilities in different scenarios, attackers stealing cookie information, implementing worm propagation, and phishing attacks will bring the most significant har...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06H04L29/08
CPCH04L63/1433H04L63/145H04L67/02
Inventor 张强杨勇胡珀郑兴王放郭晶范宇河唐文韬
Owner TENCENT TECH (SHENZHEN) CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap