Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Method and device for preventing cross site scripting attack

A technology of cross-site scripting attack and escaping method, applied in the field of web page design, it can solve the problems of multiple XSS security problems, failure to find problems, etc., to achieve the effect of defending cross-site scripting attacks and improving security.

Active Publication Date: 2014-02-12
BEIJING QIHOO TECH CO LTD
View PDF5 Cites 5 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Although this solution can find some online problems, it has the following disadvantages: the code is scanned after it goes online, and some security holes may have been exploited; scanning is a black-box mechanism and cannot find all problems
However, in the actual implementation, it was found that after adopting this scheme, there are still many XSS security problems

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method and device for preventing cross site scripting attack
  • Method and device for preventing cross site scripting attack
  • Method and device for preventing cross site scripting attack

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0041] Exemplary embodiments of the present disclosure will be described in more detail below with reference to the accompanying drawings. Although exemplary embodiments of the present disclosure are shown in the drawings, it should be understood that the present disclosure may be embodied in various forms and should not be limited by the embodiments set forth herein. Rather, these embodiments are provided for more thorough understanding of the present disclosure and to fully convey the scope of the present disclosure to those skilled in the art.

[0042] In order to defend against cross-site scripting attacks, one solution in the prior art is to uniformly transcode the UI variables passed to the web page design template through the back-end logic layer. This transcoding is performed using a general escape function, which still exists More XSS security issues.

[0043] In response to this problem, the inventors of the present application conducted theoretical analysis and a l...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a method and a device for preventing cross site scripting attack, and belongs to the technical field of website design. The method comprises the following steps: performing lexical analysis on a website design template file to acquire user interface (UI) variables of the template file; acquiring a semantic environment of each UI variable in the template file; acquiring a transferred meaning method corresponding to the semantic environment of each UI variable; adding the transferred meaning methods into the template file of the UI variables to perform transferred meaning on the corresponding UI variables according to the transferred meaning methods after the template file in which the transferred meaning methods are added is on line. According to the method and the device, the output safety of the UI variables can be improved, so that the cross site scripting attack can be effectively prevented.

Description

technical field [0001] The invention relates to the field of web page design, in particular to a method and device for defending against cross-site scripting attacks. Background technique [0002] In web development, as users can enter more and more places, the security problems caused by user input are becoming more and more serious. A common security problem is cross-site scripting (Cross Site Scripting, XSS). XSS attacks refer to malicious attackers embedding malicious html codes into web pages. When a user browses the page, the embedded html codes will be executed to achieve the special purpose of malicious users. XSS attacks can steal user accounts and obtain administrator privileges, causing very serious consequences. How to quickly and safely solve XSS security issues is very important in web page development. [0003] One solution in the prior art is to use some tools to scan online services. During the scanning process, some malicious codes will be carried. If th...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): G06F9/44G06F17/30G06F21/12
Inventor 李成银
Owner BEIJING QIHOO TECH CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com