Unlock instant, AI-driven research and patent intelligence for your innovation.

A defense method for website cross-site scripting attack

A cross-site scripting attack, website technology, applied in the Internet field, can solve inappropriate problems, achieve the effect of improving security, improving experience, and reducing the risk of user information leakage

Active Publication Date: 2022-05-06
南京焦点领动云计算技术有限公司
View PDF6 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

In this case, the traditional one-size-fits-all defense method may not be suitable, so a more flexible and business logic method is needed to defend against XSS security vulnerabilities

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A defense method for website cross-site scripting attack

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0025] The present invention will be further described below in conjunction with accompanying drawing and exemplary embodiment:

[0026] Such as figure 1 A method for defending against cross-site scripting attacks on a website is shown. Step 1: Analyze the business logic of the website to confirm which request URLs can support script code input and which ones do not. Because the business level needs to support certain specific request storage codes and output them to the page to achieve the purpose of completing the business logic. For example, various advanced components and blocks in our company's website building platform support the input of codes to achieve various advanced customization effects. The setting save item requests of these components and blocks all have the same url prefix, and the whitelist is configured according to the request url. It supports multiple forms of whitelist configuration, which can be used for fuzzy matching and exact matching based on the ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a defense method for website cross-site scripting attack, which is characterized in that it includes step 1: analyzing the business logic of the website, judging whether the request supports script code input, supporting specific request storage code according to the needs of the business level, and outputting to page, to achieve the completion of business logic, configure the whitelist according to the request; perform fuzzy matching and exact matching according to the URL, and match according to the controller class name in the back-end interface. Step 2: Analyze the interaction of the front-end page and judge the interaction of input data Whether it needs to be processed by the server, step 3: modify the back-end program, and process the request parameters from the front-end page programmatically. It can achieve the effect of flexibly and conveniently defending against cross-site scripting attacks, improving website security, ensuring user information security, reducing the risk of user information leakage, and improving user experience. At the same time, the simple and flexible configuration can better meet the needs of business logic.

Description

technical field [0001] The invention relates to the technical field of the Internet, in particular to a method for defending against website cross-site scripting attacks. Background technique [0002] The advancement of Internet technology has promoted the vigorous development of the Internet industry, but it is also accompanied by various network security issues. Nowadays, network security issues are getting more and more attention from Internet practitioners. How to solve network security issues is the foundation of an Internet company. Cross Site Scripting attack (Cross Site Script, in order to distinguish it from Cascading Style Sheet, CSS, also known as XSS attack) is a common network security problem. Specifically, a cross-site scripting attack means that an attacker embeds malicious executable scripts or HTML codes in a web page, and when a user visits the page, the embedded malicious scripts or codes will be executed. Attackers can harm users in a variety of ways, ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): H04L9/40H04L67/02
CPCH04L63/1466H04L67/02
Inventor 黄明胡成钢
Owner 南京焦点领动云计算技术有限公司