CN107301345B - 一种阻止xss攻击的方法、***及装置 - Google Patents
一种阻止xss攻击的方法、***及装置 Download PDFInfo
- Publication number
- CN107301345B CN107301345B CN201710416624.5A CN201710416624A CN107301345B CN 107301345 B CN107301345 B CN 107301345B CN 201710416624 A CN201710416624 A CN 201710416624A CN 107301345 B CN107301345 B CN 107301345B
- Authority
- CN
- China
- Prior art keywords
- attack
- page data
- annotation
- tag
- page
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/52—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
- G06F21/54—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by adding security routines or objects to programs
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1466—Active attacks involving interception, injection, modification, spoofing of data unit addresses, e.g. hijacking, packet injection or TCP sequence number attacks
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computing Systems (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Computer And Data Communications (AREA)
Abstract
Description
Claims (8)
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710416624.5A CN107301345B (zh) | 2017-06-06 | 2017-06-06 | 一种阻止xss攻击的方法、***及装置 |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710416624.5A CN107301345B (zh) | 2017-06-06 | 2017-06-06 | 一种阻止xss攻击的方法、***及装置 |
Publications (2)
Publication Number | Publication Date |
---|---|
CN107301345A CN107301345A (zh) | 2017-10-27 |
CN107301345B true CN107301345B (zh) | 2019-12-06 |
Family
ID=60134690
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201710416624.5A Active CN107301345B (zh) | 2017-06-06 | 2017-06-06 | 一种阻止xss攻击的方法、***及装置 |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN107301345B (zh) |
Families Citing this family (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107301845A (zh) | 2017-08-23 | 2017-10-27 | 深圳市华星光电半导体显示技术有限公司 | 像素驱动电路及其驱动方法 |
CN108769081B (zh) * | 2018-07-11 | 2020-09-11 | 中国人民解放军国防科技大学 | 一种检测xss攻击的方法、装置及计算机可读存储介质 |
CN115221529B (zh) * | 2022-09-14 | 2022-12-27 | 杭州天谷信息科技有限公司 | 一种前端网页的异常注入方法以及*** |
Family Cites Families (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20130185623A1 (en) * | 2012-01-12 | 2013-07-18 | International Business Machines Corporation | Instructing web clients to ignore scripts in specified portions of web pages |
US9356955B2 (en) * | 2014-03-15 | 2016-05-31 | Kenneth F. Belva | Methods for determining cross-site scripting and related vulnerabilities in applications |
CN105282096A (zh) * | 2014-06-18 | 2016-01-27 | 腾讯科技(深圳)有限公司 | Xss 漏洞检测方法和装置 |
CN105512559B (zh) * | 2014-10-17 | 2019-09-17 | 阿里巴巴集团控股有限公司 | 一种用于提供访问页面的方法与设备 |
CN106357668A (zh) * | 2016-10-14 | 2017-01-25 | 福建亿榕信息技术有限公司 | 预防xss攻击的方法 |
-
2017
- 2017-06-06 CN CN201710416624.5A patent/CN107301345B/zh active Active
Also Published As
Publication number | Publication date |
---|---|
CN107301345A (zh) | 2017-10-27 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US10129285B2 (en) | End-to-end taint tracking for detection and mitigation of injection vulnerabilities in web applications | |
US9954855B2 (en) | Login method and apparatus, and open platform system | |
US9544318B2 (en) | HTML security gateway | |
US20240202372A1 (en) | Apparatus and method for securing web application server source code | |
US9009821B2 (en) | Injection attack mitigation using context sensitive encoding of injected input | |
Tang et al. | Fortifying web-based applications automatically | |
WO2016164036A1 (en) | Modifying web page code to include code to protect output | |
US8931084B1 (en) | Methods and systems for scripting defense | |
US10972507B2 (en) | Content policy based notification of application users about malicious browser plugins | |
CN107301345B (zh) | 一种阻止xss攻击的方法、***及装置 | |
US20150047038A1 (en) | Techniques for validating distributed denial of service attacks based on social media content | |
US8789177B1 (en) | Method and system for automatically obtaining web page content in the presence of redirects | |
EP3518135B1 (en) | Protection against third party javascript vulnerabilities | |
US11128639B2 (en) | Dynamic injection or modification of headers to provide intelligence | |
CN114357457A (zh) | 漏洞检测方法、装置、电子设备和存储介质 | |
US9219742B2 (en) | Transforming user-input data in scripting language | |
US10686834B1 (en) | Inert parameters for detection of malicious activity | |
CN110708308B (zh) | 一种面向云计算环境的跨站脚本漏洞挖掘方法及*** | |
CN110177096B (zh) | 客户端认证方法、装置、介质和计算设备 | |
CN109491647A (zh) | 一种基于编程语言的在线预防攻击方法及电子设备 | |
CN112069509A (zh) | 一种框架注入漏洞检测方法、装置、设备及介质 | |
CN105991599B (zh) | Jsonp请求方法及装置 | |
CN109218284B (zh) | Xss漏洞检测方法及装置、计算机设备及可读介质 | |
CN112437036B (zh) | 一种数据分析的方法及设备 | |
CN110365633B (zh) | 通信流量控制方法、装置、计算机设备及存储介质 |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant | ||
EE01 | Entry into force of recordation of patent licensing contract |
Application publication date: 20171027 Assignee: XINGCHAO SHANYAO MOBILE NETWORK TECHNOLOGY (CHINA) Co.,Ltd. Assignor: SINA.COM TECHNOLOGY (CHINA) Co.,Ltd. Contract record no.: X2021980003903 Denomination of invention: A method, system and device for preventing XSS attack Granted publication date: 20191206 License type: Common License Record date: 20210524 |
|
EE01 | Entry into force of recordation of patent licensing contract | ||
TR01 | Transfer of patent right |
Effective date of registration: 20230427 Address after: Room 501-502, 5/F, Sina Headquarters Scientific Research Building, Block N-1 and N-2, Zhongguancun Software Park, Dongbei Wangxi Road, Haidian District, Beijing, 100193 Patentee after: Sina Technology (China) Co.,Ltd. Address before: 100193 7th floor, scientific research building, Sina headquarters, plot n-1, n-2, Zhongguancun Software Park, Dongbei Wangxi Road, Haidian District, Beijing, 100193 Patentee before: Sina.com Technology (China) Co.,Ltd. |
|
TR01 | Transfer of patent right |