Unlock instant, AI-driven research and patent intelligence for your innovation.

Method, device, equipment and product for repairing cross-site scripting attack vulnerability

A cross-site scripting attack and repair method technology, applied in computer security devices, instruments, electrical digital data processing and other directions, can solve the problem that XSS vulnerabilities cannot cope with different contexts

Active Publication Date: 2022-03-11
北京仁科互动网络技术有限公司
View PDF5 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] The present invention provides a method, device, device and product for repairing cross-site scripting attack vulnerabilities, which are used to solve the defect that the repairing scheme for XSS vulnerabilities in the prior art cannot cope with different contexts, realize coverage of different contexts, and ensure XSS repairing Vulnerable code is valid

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method, device, equipment and product for repairing cross-site scripting attack vulnerability
  • Method, device, equipment and product for repairing cross-site scripting attack vulnerability
  • Method, device, equipment and product for repairing cross-site scripting attack vulnerability

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0043] In order to make the purpose, technical solutions and advantages of the present invention clearer, the technical solutions in the present invention will be clearly and completely described below in conjunction with the accompanying drawings in the present invention. Obviously, the described embodiments are part of the embodiments of the present invention , but not all examples. Based on the embodiments of the present invention, all other embodiments obtained by persons of ordinary skill in the art without creative efforts fall within the protection scope of the present invention.

[0044]XSS vulnerability is a kind of security vulnerability attack of website application, which is a kind of code injection. An XSS vulnerability allows a malicious user to inject code into a web page, affecting other users viewing the web page. Such attacks usually involve HTML as well as client-side scripting languages. XSS attacks usually refer to exploiting the loopholes left in the de...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention provides a method, a device, equipment and a product for repairing cross-site scripting attack vulnerabilities, and relates to the technical field of network security, the method comprises the following steps: splitting and converting contents in a webpage to be repaired into hypertext markup language elements; wherein the webpage to be repaired contains a vulnerability rendering result; for each hypertext markup language element obtained through conversion, determining whether the hypertext markup language element contains data of an untrusted source or not, and determining a context where the data of the untrusted source is located; generating corresponding prompt information based on the context; wherein the prompt information comprises the step of carrying out corresponding coding on the data of the untrusted source on the basis of the context. According to the method, the cross-site scripting attack vulnerability can be specifically and really repaired, different context conditions are covered, it is guaranteed that codes for repairing the XSS vulnerability are effective, and data input by a user cannot be deleted or varied in the repairing process.

Description

technical field [0001] The invention relates to the technical field of network security, in particular to a method, device, equipment and product for repairing vulnerabilities of cross-site scripting attacks. Background technique [0002] Cross Site Scripting (Cross Site Scripting, XSS) vulnerabilities have gradually become the most threatening and common type of vulnerabilities to global wide area network (WorldWide Web, Web) applications. The principle of the XSS vulnerability is that the application directly outputs the data from an untrusted source (usually input from the client) to the Hyper Text Markup Language page (Hyper Text Markup Language, HTML) without any inspection and preprocessing, and then Render directly in the client browser, causing the attacker to execute arbitrary JavaScript script code in the victim's browser process and steal the victim's private information. [0003] At present, XSS vulnerabilities can generally be found through web vulnerability sc...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/55G06F21/57
CPCG06F21/552G06F21/577
Inventor 赵宇李哲祎张英男
Owner 北京仁科互动网络技术有限公司