CN110263533A - Safe web page means of defence - Google Patents
Safe web page means of defence Download PDFInfo
- Publication number
- CN110263533A CN110263533A CN201910349779.0A CN201910349779A CN110263533A CN 110263533 A CN110263533 A CN 110263533A CN 201910349779 A CN201910349779 A CN 201910349779A CN 110263533 A CN110263533 A CN 110263533A
- Authority
- CN
- China
- Prior art keywords
- page
- object element
- randomization
- client
- parent
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/90—Details of database functions independent of the retrieved data types
- G06F16/95—Retrieval from the web
- G06F16/958—Organisation or management of web site content, e.g. publishing, maintaining pages or automatic linking
- G06F16/972—Access to data in other repository systems, e.g. legacy data or dynamic Web page generation
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Databases & Information Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Data Mining & Analysis (AREA)
- Computer Hardware Design (AREA)
- Information Transfer Between Computers (AREA)
- Storage Device Security (AREA)
Abstract
The embodiment of the present invention provides a kind of safe web page means of defence.Wherein, method includes: the parent page for receiving server-side and sending;Randomization is carried out to each first object attribute of an element value in parent page, JavaScript script is generated according to the mapping relations between the attribute value before each first object element randomization and the attribute value after randomization, JavaScript script is injected in parent page, intermediate page is generated;Intermediate page is sent to client, so that client loads out parent page by parsing intermediate page.Safe web page means of defence provided in an embodiment of the present invention, by being randomized to attribute value of the middleware agent apparatus to object element in parent page, positioning of the attacker to element can be destroyed, so as to protect webpage and web portal security, the safety for improving webpage and website, it does not need server to be modified web site contents, applicability is more preferable.
Description
Technical field
The present invention relates to field of computer technology, more particularly, to a kind of safe web page means of defence.
Background technique
With the high speed development of internet, cloud computing and mobile computing, the webpage of magnanimity can be all increased newly daily.Thereupon
, threaten the event of internet and computer security also increasing using webpage.The personnel such as hacker can using in webpage element,
Script and loophole etc. threaten internet and computer security.For example, web crawlers carries out the element etc. in the page using XPath
Positioning, to implement network attack using a certain or certain elements.
Currently, there are many webpage means of defences, by being protected webpage to reduce the security risk of website.It is logical
Gateway is crossed to be avoided that illegally URL (uniform resource locator, the Uniform Resource Locator) method encrypted
Access, but need to be arranged in gateway, it is not suitable for providing network service on a large scale, and solve efficiency and need to be considered,
Versatility is poor.It is restored from the resource request for carrying encrypted uniform resource locator by content distribution network system
The method of uniform resource locator can shield illegal web page, but can only intercept illegal resource request, narrow scope of application.Pass through
The webpage that server end PHP program includes FORM list is subjected to parameter name scramble, there is the effect of certain interference form fields
Fruit, but be easy to be bypassed, what attacker remained to be easier to is positioned using other localization methods, and needs to modify the net on server
Page, it is not easy to it realizes, it is poor for applicability.In conclusion all there is restricted application not in existing kind of safe web page means of defence
Foot.
Summary of the invention
The embodiment of the present invention provides a kind of safe web page means of defence, to solve or at least be partially solved existing skill
The defect of art restricted application.
In a first aspect, the embodiment of the present invention provides a kind of safe web page means of defence, comprising:
Receive the parent page that server-side is sent;
Randomization is carried out to each first object attribute of an element value in the parent page, according to each described first
Mapping relations between the attribute value after attribute value and randomization before object element randomization generate
JavaScript script injects the JavaScript script in the parent page, generates intermediate page;
The intermediate page is sent to client, so that the client loads out by parsing the intermediate page
The parent page;
Wherein, the first object element is static elements.
Second aspect, the embodiment of the present invention provide a kind of safe web page means of defence, comprising:
Receive the parent page that server-side is sent;
JavaScript script is generated according to the information of each third object element in the parent page, it will be described
JavaScript script injects in the parent page, generates intermediate page;
The intermediate page is sent to client, so that the client is by parsing the intermediate page to each institute
The attribute value for stating third object element carries out randomization, and loads out the parent page;
Wherein, the third object element is the element of dynamic generation.
The third aspect, the embodiment of the present invention provide a kind of safe web page means of defence, comprising:
Receive the intermediate page that middleware agent apparatus is sent;
Parse the intermediate page, the JavaScript script that operation is injected in the intermediate page;
When rendering each first object element, the first object element is restored according to the JavaScript script
Attribute value loads out parent page;
Wherein, the intermediate page is the middleware agent apparatus to each first mesh in the parent page
Mark attribute of an element value carry out randomization, according to before each first object element randomization attribute value with
The mapping relations between attribute value after machineization processing generate JavaScript script, and the JavaScript script is injected
It is generated in the parent page;The first object element is static elements.
Fourth aspect, the embodiment of the present invention provide a kind of safe web page means of defence, comprising:
Receive the intermediate page that middleware agent apparatus is sent;
Parse the intermediate page, the JavaScript script that operation is injected in the intermediate page, so that generating
When each third object element, using the character string generated at random as the category of the third object element after randomization
Property value;
When rendering each third object element, by the character string generated at random, the operation centre is replaced with
The attribute value obtained in the page for generating the JavaScript code of the third object element, loads out parent page;
Wherein, the intermediate page is the middleware agent apparatus according to each third in the parent page
The information of object element generates JavaScript script, and the JavaScript script is injected in the parent page and is generated
's;The third object element is the element of dynamic generation.
5th aspect, the embodiment of the present invention provides a kind of electronic equipment, including memory, processor and is stored in memory
Computer program that is upper and can running on a processor realizes that such as first aspect is various to fourth aspect when executing described program
In possible implementation the step of safe web page means of defence provided by any possible implementation.
6th aspect, the embodiment of the present invention provide a kind of non-transient computer readable storage medium, are stored thereon with calculating
Machine program realizes the various possible implementations such as first aspect to fourth aspect when the computer program is executed by processor
In safe web page means of defence provided by any possible implementation the step of.
Safe web page means of defence provided in an embodiment of the present invention, by middleware agent apparatus to mesh in parent page
Mark attribute of an element value is randomized, and positioning of the attacker to element can be destroyed, so as to protect webpage and web portal security, mention
The safety of high webpage and website does not need server and is modified to web site contents, and applicability is more preferable.
Detailed description of the invention
In order to more clearly explain the embodiment of the invention or the technical proposal in the existing technology, to embodiment or will show below
There is attached drawing needed in technical description to be briefly described, it should be apparent that, the accompanying drawings in the following description is this hair
Bright some embodiments for those of ordinary skill in the art without creative efforts, can be with root
Other attached drawings are obtained according to these attached drawings.
Fig. 1 is the flow diagram according to safe web page means of defence provided in an embodiment of the present invention;
Fig. 2 is the flow diagram according to safe web page means of defence provided in an embodiment of the present invention;
Fig. 3 is the flow diagram according to safe web page means of defence provided in an embodiment of the present invention;
Fig. 4 is the flow diagram according to safe web page means of defence provided in an embodiment of the present invention;
Fig. 5 is the structural schematic diagram according to safe web page protective device provided in an embodiment of the present invention;
Fig. 6 is the structural schematic diagram according to safe web page protective device provided in an embodiment of the present invention;
Fig. 7 is the entity structure schematic diagram according to electronic equipment provided in an embodiment of the present invention.
Specific embodiment
In order to make the object, technical scheme and advantages of the embodiment of the invention clearer, below in conjunction with the embodiment of the present invention
In attached drawing, technical scheme in the embodiment of the invention is clearly and completely described, it is clear that described embodiment is
A part of the embodiment of the present invention, instead of all the embodiments.Based on the embodiments of the present invention, those of ordinary skill in the art
Every other embodiment obtained without creative efforts, shall fall within the protection scope of the present invention.
In order to overcome the above problem of the prior art, the embodiment of the present invention provides a kind of safe web page means of defence, hair
Bright design is attribute of an element some or all of in the parent page sent by the realization of middleware agent apparatus to server
Value carry out randomization, the element property values that webpage is shown in face of attacker be randomization after value, attacker according to
The mode of XPath positioning webpage element can not work normally, to achieve the purpose that protect webpage and web portal security.
Fig. 1 is the flow diagram according to safe web page means of defence provided in an embodiment of the present invention.As shown in Figure 1, should
Method includes: step S101, receives the parent page that server-side is sent.
It should be noted that the executing subject of the embodiment of the present invention is middleware agent apparatus.
When middleware agent apparatus is not present, the step of client loading page includes: that user passes through the clear of client
After device of looking at inputs network address, client sends the request for obtaining the corresponding webpage of the network address by browser to server-side;Server-side
After receiving the request, requested webpage (parent page) is returned to client;Client carries out the webpage by browser
Load.
When there are middleware agent apparatus, the step of client loading page in, the acquisition network address that client is sent
The request of corresponding webpage is forwarded to server-side by middleware agent apparatus;The requested webpage that server-side returns, passes through
Middleware agent apparatus is forwarded to client;Other steps be not present middleware agent apparatus when it is identical, details are not described herein again.
Middleware agent apparatus can be content distributing network (Content Delivery Network, CDN) or fire prevention
Wall etc. can be to the device that the page is handled, and the device is between client and server-side.
It is understood that before step S101 further include: the page access request that client is sent is received, by the page
Acquisition request is forwarded to server-side.
Page access request carries the network address of parent page.
Client sends page access request to middleware agent apparatus, and middleware agent apparatus is by the page access request
It is forwarded to server-side, server-side returns to parent page, middleware agency to middleware agent apparatus according to the page access request
Device receives the parent page that server-side returns.
Step S102, randomization is carried out to each first object attribute of an element value in parent page, according to each the
Mapping relations between attribute value before one object element randomization and the attribute value after randomization generate
JavaScript script injects JavaScript script in parent page, generates intermediate page.
Wherein, first object element is static elements.
Specifically, it can be realized in such a way that the attribute value to static elements is randomized anti-to the safety of webpage
Shield.
It is understood that any page includes the element of several static elements He several dynamic generations.Element
Attribute value be the character string with certain meaning.
First object element can be predetermined.It is understood that also being wrapped between step S101 and step S102
It includes, obtains each element for needing randomization in the parent page.Each static state of randomization is needed in the parent page
Element, i.e., each first object element.
For any first object element, when server-side returns to parent page, which has been generated, the attribute of an element
Value has also determined that.
It should be noted that before carrying out randomization to each first object attribute of an element value in parent page,
Parent page first can be parsed into raw DOM Document Object Model (Document Object Model, DOM), so as to parent page
In element traversed, determine the position of each first object element.
It, can be according to the position acquisition of the element attribute of an element for each first object element in parent page
Value carries out randomization to the attribute of an element value, which is converted into the character string generated at random, as
Attribute value after the element randomization.
After carrying out randomization to each first object attribute of an element value, each first object element can be randomized
The mapping relations between the attribute value after attribute value and randomization before processing, are converted into JavaScript script.
JavaScript script may include two parts: a part be each first object element randomization before category
Property value and randomization after attribute value between mapping relations, another part for repairing the page, i.e., to randomization at
Attribute value after reason is restored.Wherein, for static elements, mapping relations are inserted into JavaScript script, are informed
Client is repaired according to above-mentioned mapping relations;The script for repairing the page is the fixation script write in advance, it is only necessary to be known
Road mapping relations just can be carried out reparation.
After generating the JavaScript script, which is injected in parent page, and parent page
In each first object attribute of an element value be replaced by the attribute value after randomization, so as to obtain intermediate page
Face.
Step S103, intermediate page is sent to client, so that client loads out original by parsing intermediate page
The beginning page.
Specifically, after carrying out processing generation intermediate page to parent page, intermediate page is sent to client.
Before carrying each first object element randomization due to the JavaScript script injected in intermediate page
Attribute value and randomization after attribute value between mapping relations, client receive intermediate page after, by clear
It, can be according to the JavaScript script injected in intermediate page, to intermediate page when device of looking at parses intermediate page
DOM API is kidnapped, when rendering each first object element, to the category of the first object element after randomization
Property value restored, so as to load out parent page, parent page can normally be shown, not by element property be randomized
It influences, does not influence visual effect.
The DOM API of intermediate page is kidnapped, specifically function API can be selected to kidnap element, such as can
The element property after being randomized can be restored, not shadow according to for selecting the getElementById function of element ID
Ring normal parsing function.
The embodiment of the present invention by middleware agent apparatus to first object attribute of an element static in parent page
Value is randomized, and positioning of the attacker to element can be destroyed, so as to protect webpage and web portal security, improve webpage and website
Safety, do not need server and web site contents be modified, applicability is more preferable;According to the attribute value before and after randomization
Between mapping relations generate JavaScript script, can normally be shown by the parent page of JavaScript Script controlling,
Do not influence visual effect.Further, it is mainly realized by middleware agent apparatus, does not need server and web site contents are carried out
Large scale deployment and popularization are convenient in change, are particularly suitable for carrying out security protection to the old page for being difficult to modify.
Content based on the various embodiments described above receives the parent page that server-side is sent, between generation intermediate page, also
It include: to be encrypted according to uniform resource identifier of the preset Encryption Algorithm to every one second object element.
Wherein, the second object element is the static elements for quoting external resource.
Specifically, in order to further carry out security protection to webpage, the safety of webpage and website, acceptable basis are improved
Preset Encryption Algorithm encrypts the uniform resource identifier of each second object element in parent page, by every one second
The uniform resource identifier of object element replaces with encrypted uniform resource identifier.
Uniform resource identifier (Uniform Resource Identifier, URI) is one for identifying a certain interconnection
The character string of net resource name.This kind mark allows user to the resource of any (including local and internet) by specifically assisting
View interacts operation.URI is by including determining that the scheme of grammer and related protocol is defined.The upper available every kind of resource of Web, example
Such as html document, image, video clip, program can be positioned by a URI.
It is understood that in intermediate page each second object element uniform resource identifier, be encrypted system
One resource identifier.
Second object element can be the static elements of the resources such as the external list of reference, picture, video, program.
List may include cascading style sheets (Cascading Style Sheets, CSS) list.
External resource cited in every one second object element, can obtain from server-side.
Correspondingly, intermediate page is sent to after client further include: receive the first resource that client is sent and obtain
Request.
Wherein, first resource acquisition request carries any encrypted uniform resource identifier of second object element.
Specifically, after intermediate page being sent to client, client parses intermediate page by browser
When, for every one second object element, need to obtain the external resource of element reference, client generates first resource acquisition and asks
It asks.The first resource acquisition request carries the encrypted uniform resource identifier of the second object element.The first resource obtains
Request, for obtaining the external resource that second object element is quoted from server-side.
The first resource acquisition request is sent to middleware agent apparatus by client, middleware agent apparatus receive this
One resource acquisition request.
It is decrypted according to the encrypted uniform resource identifier that preset decipherment algorithm carries resource acquisition request.
Specifically, after middleware agent apparatus receives first resource acquisition request, according to preset decipherment algorithm to this
Resource acquisition request carry a certain encrypted uniform resource identifier of second object element be decrypted, decrypt this second
The uniform resource identifier of object element, as decrypted result.
Preset decipherment algorithm is the corresponding decipherment algorithm of preset Encryption Algorithm.
According to decrypted result, first resource acquisition request after being restored, the first resource after the reduction is obtained
Request carries the uniform resource identifier of second object element.
First resource acquisition request after reduction can be sent to server-side by middleware agent apparatus.
Resource is obtained from server-side according to decrypted result, and is forwarded to client.
Specifically, it after server-side receives the first resource acquisition request after reduction, can be provided according to first after the reduction
The uniform resource identifier for second object element that source acquisition request carries obtains the external money of second object element reference
Source, and the resource is returned into middleware agent apparatus.
Middleware agent apparatus receives the resource that server-side is returned according to the first resource acquisition request after reduction, thus real
Resource is now obtained from server-side according to decrypted result.After middleware agent apparatus receives the resource, by the resource forwarding to visitor
Family end, client can load the resource.
The embodiment of the present invention is encrypted by the uniform resource identifier to the second static object element, can be destroyed and be attacked
Acquisition of the person of hitting to external resource does not need to take so as to protect webpage and web portal security, the safety for improving webpage and website
Business device is modified web site contents, and applicability is more preferable.Further, it is mainly realized, is not needed by middleware agent apparatus
Server is modified web site contents, is convenient for large scale deployment and popularization, is particularly suitable for old to be difficult to modify
The page carries out security protection.
Content based on the various embodiments described above, according to the attribute value before each first object element randomization and at random
It includes: according to each first mesh that the mapping relations between attribute value after change processing, which generate the specific steps of JavaScript script,
Mapping relations and original page between attribute value before mark element randomization and the attribute value after randomization
The information of each third object element in face generates JavaScript script.
Wherein, third object element is the element of dynamic generation.
Specifically, the mode being randomized except through the attribute value to static elements realizes the security protection to webpage
Except, the safety to webpage can also be further strengthened in such a way that the attribute of an element value to dynamic generation is randomized
Protection.
It is client by the browser resolves page is to generate it should be noted that the element of dynamic generation.
Third object element can be predetermined.It is understood that also being wrapped between step S101 and step S102
It includes, obtains each element for needing randomization in the parent page.Each dynamic of randomization is needed in the parent page
The element of generation, i.e., each third object element.
In order to which the attribute value to each third object element carries out randomization, when generating JavaScript script, in addition to
It needs to the mapping between the attribute value before each first object element randomization and the attribute value after randomization
Except relationship is converted, it is also necessary to convert the information of each third object element in parent page.
It is understood that due to generate intermediate page when not to each third object element in parent page at
It manages, third object element in each third object element, that is, intermediate page in parent page, for giving birth in parent page
At in JavaScript code, that is, intermediate page of each third object element for generating the third object element
JavaScript code.
Since the JavaScript script injected in intermediate page carries the information of each third object element, client's termination
It, can be according to injecting in intermediate page when being parsed by browser to intermediate page after receiving intermediate page
JavaScript script obtains the information of each third object element.
For each third object element in intermediate page, which can be generated, and right according to the position of the element
The DOM API of intermediate page is kidnapped, and is specifically kidnapped the attribute of an element value assignment, the word that a string are generated at random
Symbol string is as the attribute value after the third object element randomization.
Since the attribute value of third object element has carried out randomization, attacker can not be matched to by Xpath with
The character string that machine generates, so as to destroy positioning of the attacker to third object element.
When rendering each third object element, according in intermediate page for generating the third object element
JavaScript code restores the first object attribute of an element value after randomization, so as to load
Parent page out, parent page can normally be shown, do not influenced by element property randomization, do not influence visual effect.
The embodiment of the present invention passes through the information to each third object element of middleware agent apparatus generation carrying
JavaScript script makes client be able to achieve the category to the third object element of dynamic generation by JavaScript script
Property value randomization, positioning of the attacker to element can be destroyed, so as to protect webpage and web portal security, improve webpage and website
Safety, do not need server and web site contents be modified, applicability is more preferable;It is original by JavaScript Script controlling
The page can normally be shown, not influence visual effect.Further, it is mainly realized by middleware agent apparatus, does not need to take
Business device is modified web site contents, is convenient for large scale deployment and popularization, is particularly suitable for the old page for being difficult to modify
Face carries out security protection.
Content based on the various embodiments described above, according to the attribute value before each first object element randomization and at random
The information of each third object element in the mapping relations and parent page between attribute value after change processing, generates
The specific steps of JavaScript script include: according to before each first object element randomization attribute value and randomization
The mapping relations between attribute value after processing, the information and client of each third object element in parent page need root
According to the information for each 4th object element that preset Encryption Algorithm encrypts uniform resource identifier, JavaScript is generated
Script.
Wherein, the 4th object element is the element for quoting the dynamic generation of external resource.
Specifically, in order to further carry out security protection to webpage, the safety of webpage and website is improved, is generated
When JavaScript script, in addition to need to before each first object element randomization attribute value and randomization it
The mapping relations between attribute value afterwards are converted, and the information of each third object element in parent page is turned
It is alternatively outer, it is also necessary to convert the information of each 4th object element in parent page.
It is understood that due to generate intermediate page when not to each 4th object element in parent page at
It manages, the 4th object element in every four object elements, that is, intermediate page in parent page.
Preset Encryption Algorithm may be embodied in JavaScript script.Client passes through operation JavaScript foot
This, can add according to uniform resource identifier of the preset Encryption Algorithm to each 4th object element in intermediate page
It is close, the uniform resource identifier of every one the 4th object element is replaced with into encrypted uniform resource identifier.
The preset Encryption Algorithm that uses of encryption is carried out to the uniform resource identifier of the 4th object element, can with to the
It is identical that the uniform resource identifier of two object elements carries out the preset Encryption Algorithm that encryption uses.
4th object element can be the member of the dynamic generations of resources such as the external list of reference, picture, video, program
Element.
List may include cascading style sheets (Cascading Style Sheets, CSS) list.
External resource cited in every one the 4th object element, can obtain from server-side.
Correspondingly, intermediate page is sent to after client further include: receive the Secondary resource that client is sent and obtain
Request.
Wherein, Secondary resource acquisition request carries the encrypted uniform resource identifier of any 4th object element.
Specifically, after intermediate page being sent to client, client parses intermediate page by browser
When, for every one the 4th object element, need to obtain the external resource of element reference, client generates Secondary resource acquisition and asks
It asks.The Secondary resource acquisition request carries the 4th encrypted uniform resource identifier of object element.The Secondary resource obtains
Request, for obtaining the external resource that the 4th object element is quoted from server-side.
The Secondary resource acquisition request is sent to middleware agent apparatus by client, middleware agent apparatus receive this
Two resource acquisitions request.
The encrypted uniform resource identifier that Secondary resource acquisition request carries is carried out according to preset decipherment algorithm
Decryption.
Specifically, after middleware agent apparatus receives Secondary resource acquisition request, according to preset decipherment algorithm to this
The encrypted uniform resource identifier of a certain 4th object element that resource acquisition request carries is decrypted, and decrypts the 4th
The uniform resource identifier of object element, as decrypted result.
Preset decipherment algorithm is the corresponding decipherment algorithm of preset Encryption Algorithm.
According to decrypted result, Secondary resource acquisition request after being restored, the Secondary resource after the reduction is obtained
Request carries the uniform resource identifier of the 4th object element.
Secondary resource acquisition request after reduction can be sent to server-side by middleware agent apparatus.
Resource is obtained from server-side according to decrypted result, and is forwarded to client.
Specifically, it after server-side receives the Secondary resource acquisition request after reduction, can be provided according to second after the reduction
The uniform resource identifier for the 4th object element that source acquisition request carries obtains the external money of the 4th object element reference
Source, and the resource is returned into middleware agent apparatus.
Middleware agent apparatus receives the resource that server-side is returned according to the Secondary resource acquisition request after reduction, thus real
Resource is now obtained from server-side according to decrypted result.After middleware agent apparatus receives the resource, by the resource forwarding to visitor
Family end, client can load the resource.
The embodiment of the present invention is encrypted by the uniform resource identifier to the 4th static object element, can be destroyed and be attacked
Acquisition of the person of hitting to external resource does not need to take so as to protect webpage and web portal security, the safety for improving webpage and website
Business device is modified web site contents, and applicability is more preferable.Further, it is mainly realized, is not needed by middleware agent apparatus
Server is modified web site contents, is convenient for large scale deployment and popularization, is particularly suitable for old to be difficult to modify
The page carries out security protection.
Fig. 2 is the flow diagram according to safe web page means of defence provided in an embodiment of the present invention.As shown in Fig. 2, should
Method includes: step S201, receives the parent page that server-side is sent.
It should be noted that the executing subject of the embodiment of the present invention is middleware agent apparatus.
It is understood that before step S201 further include: the page access request that client is sent is received, by the page
Acquisition request is forwarded to server-side.
Page access request carries the network address of parent page.
Client sends page access request to middleware agent apparatus, and middleware agent apparatus is by the page access request
It is forwarded to server-side, server-side returns to parent page, middleware agency to middleware agent apparatus according to the page access request
Device receives the parent page that server-side returns.
Step S202, JavaScript script is generated according to the information of each third object element in parent page, it will
JavaScript script injects in parent page, generates intermediate page.
Wherein, third object element is the element of dynamic generation.
Specifically, the peace to webpage can be realized in such a way that the attribute of an element value to dynamic generation is randomized
Full protection.
It should be noted that according to the information of each third object element in parent page generate JavaScript script it
Before, parent page first can be parsed into raw DOM Document Object Model (Document Object Model, DOM), so as to client pair
Element in intermediate page is traversed, and determines the position of each third object element.
It is client by the browser resolves page is to generate it should be noted that the element of dynamic generation.
Third object element can be predetermined.It is understood that also being wrapped between step S201 and step S202
It includes, obtains each element for needing randomization in the parent page.Each dynamic of randomization is needed in the parent page
The element of generation, i.e., each third object element.
In order to which the attribute value to each third object element carries out randomization, by each third target element in parent page
The information of element, is converted into JavaScript script.
JavaScript script may include two parts: a part is the information of each third object element, and another part is used
In repairing the page, i.e., the attribute value after randomization is restored.Wherein, for the element of dynamic generation, by each third
The information of object element is inserted into JavaScript script, informs that client repairs the attribute value of each third object element;It repairs
The script of the multiple page is the fixation script write in advance.
After generating the JavaScript script, which is injected in parent page, so as to
To intermediate page.
Step S203, intermediate page is sent to client, so that client is by parsing intermediate page to each third
The attribute value of object element carries out randomization, and loads out parent page.
Specifically, after carrying out processing generation intermediate page to parent page, intermediate page is sent to client.
It is understood that due to generate intermediate page when not to each third object element in parent page at
It manages, third object element in each third object element, that is, intermediate page in parent page, for giving birth in parent page
At in JAVASCRIPT code, that is, intermediate page of each third object element for generating the third object element
JAVASCRIPT code.
Since the JavaScript script injected in intermediate page carries the information of each third object element, client's termination
It, can be according to injecting in intermediate page when being parsed by browser to intermediate page after receiving intermediate page
JavaScript script obtains the information of each third object element.
For each third object element in intermediate page, which can be generated, and right according to the position of the element
The DOM API of intermediate page is kidnapped, and is specifically kidnapped the attribute of an element value assignment, the word that a string are generated at random
Symbol string is as the attribute value after the third object element randomization.
Since the attribute value of third object element has carried out randomization, attacker can not be matched to by Xpath with
The character string that machine generates, so as to destroy positioning of the attacker to third object element.
When rendering each third object element, according in intermediate page for generating the third object element
JavaScript code restores the first object attribute of an element value after randomization, so as to load
Parent page out, parent page can normally be shown, do not influenced by element property randomization, do not influence visual effect.
The embodiment of the present invention passes through the information to each third object element of middleware agent apparatus generation carrying
JavaScript script makes client be able to achieve the category to the third object element of dynamic generation by JavaScript script
Property value randomization, positioning of the attacker to element can be destroyed, so as to protect webpage and web portal security, improve webpage and website
Safety, do not need server and web site contents be modified, applicability is more preferable;It is original by JavaScript Script controlling
The page can normally be shown, not influence visual effect.Further, it is mainly realized by middleware agent apparatus, does not need to take
Business device is modified web site contents, is convenient for large scale deployment and popularization, is particularly suitable for the old page for being difficult to modify
Face carries out security protection.
Content based on the various embodiments described above is generated according to the information of each third object element in parent page
The specific steps of JavaScript script include: the information and client needs according to each third object element in parent page
According to the information for each 4th object element that preset Encryption Algorithm encrypts uniform resource identifier, generate
JavaScript script.
Wherein, the 4th object element is the element for quoting the dynamic generation of external resource.
Specifically, in order to further carry out security protection to webpage, the safety of webpage and website is improved, is generated
When JavaScript script, other than needing the information by each third object element in parent page to be converted, also need
The information of each 4th object element in parent page is converted.
It is understood that due to generate intermediate page when not to each 4th object element in parent page at
It manages, the 4th object element in every four object elements, that is, intermediate page in parent page.
Preset Encryption Algorithm may be embodied in JavaScript script.Client passes through operation JavaScript foot
This, can add according to uniform resource identifier of the preset Encryption Algorithm to each 4th object element in intermediate page
It is close, the uniform resource identifier of every one the 4th object element is replaced with into encrypted uniform resource identifier.
4th object element can be the member of the dynamic generations of resources such as the external list of reference, picture, video, program
Element.
List may include cascading style sheets (Cascading Style Sheets, CSS) list.
External resource cited in every one the 4th object element, can obtain from server-side.
Correspondingly, intermediate page is sent to after client further include: receive the Secondary resource that client is sent and obtain
Request.
Wherein, Secondary resource acquisition request carries the encrypted uniform resource identifier of any 4th object element.
Specifically, after intermediate page being sent to client, client parses intermediate page by browser
When, for every one the 4th object element, need to obtain the external resource of element reference, client generates Secondary resource acquisition and asks
It asks.The Secondary resource acquisition request carries the 4th encrypted uniform resource identifier of object element.The Secondary resource obtains
Request, for obtaining the external resource that the 4th object element is quoted from server-side.
The Secondary resource acquisition request is sent to middleware agent apparatus by client, middleware agent apparatus receive this
Two resource acquisitions request.
The encrypted uniform resource identifier that Secondary resource acquisition request carries is carried out according to preset decipherment algorithm
Decryption.
Specifically, after middleware agent apparatus receives Secondary resource acquisition request, according to preset decipherment algorithm to this
The encrypted uniform resource identifier of a certain 4th object element that resource acquisition request carries is decrypted, and decrypts the 4th
The uniform resource identifier of object element, as decrypted result.
Preset decipherment algorithm is the corresponding decipherment algorithm of preset Encryption Algorithm.
According to decrypted result, Secondary resource acquisition request after being restored, the Secondary resource after the reduction is obtained
Request carries the uniform resource identifier of the 4th object element.
Secondary resource acquisition request after reduction can be sent to server-side by middleware agent apparatus.
Resource is obtained from server-side according to decrypted result, and is forwarded to client.
Specifically, it after server-side receives the Secondary resource acquisition request after reduction, can be provided according to second after the reduction
The uniform resource identifier for the 4th object element that source acquisition request carries obtains the external money of the 4th object element reference
Source, and the resource is returned into middleware agent apparatus.
Middleware agent apparatus receives the resource that server-side is returned according to the Secondary resource acquisition request after reduction, thus real
Resource is now obtained from server-side according to decrypted result.After middleware agent apparatus receives the resource, by the resource forwarding to visitor
Family end, client can load the resource.
The embodiment of the present invention is encrypted by the uniform resource identifier to the 4th static object element, can be destroyed and be attacked
Acquisition of the person of hitting to external resource does not need to take so as to protect webpage and web portal security, the safety for improving webpage and website
Business device is modified web site contents, and applicability is more preferable.Further, it is mainly realized, is not needed by middleware agent apparatus
Server is modified web site contents, is convenient for large scale deployment and popularization, is particularly suitable for old to be difficult to modify
The page carries out security protection.
Fig. 3 is the flow diagram according to safe web page means of defence provided in an embodiment of the present invention.As shown in figure 3, should
Method includes: step S301, receives the intermediate page that middleware agent apparatus is sent.
Wherein, intermediate page is middleware agent apparatus to each first object attribute of an element value in parent page into
Row randomization, according to the attribute value before each first object element randomization and the attribute value after randomization
Between mapping relations generate JavaScript script, JavaScript script is injected in parent page and is generated;First mesh
Mark element is static elements.
It should be noted that the executing subject of the embodiment of the present invention is client.
It is understood that before step S301 further include: send page access request to middleware agent apparatus.
The page access request is forwarded to server-side by middleware agent apparatus, server-side according to the page access request to
Middleware agent apparatus returns to parent page, and middleware agent apparatus receives the parent page that server-side returns.
Middleware agent apparatus can obtain each first object element in parent page according to the position of the element
The attribute of an element value is taken, randomization is carried out to the attribute of an element value, which is converted into random life
At character string, as the attribute value after the element randomization.
It, can be by each first after middleware agent apparatus carries out randomization to each first object attribute of an element value
The mapping relations between the attribute value after attribute value and randomization before object element randomization, are converted into
JavaScript script.
After middleware agent apparatus generates the JavaScript script, which is injected into parent page
In, and each first object attribute of an element value has been replaced by the attribute value after randomization in parent page, so as to
To obtain intermediate page.
Intermediate page is sent to client by middleware agent apparatus, and client receives intermediate page.
Step S302, intermediate page is parsed, is run by the JavaScript script in injection intermediate page.
Specifically, after client receives intermediate page, intermediate page is parsed, operation is by injection intermediate page first
JavaScript script in face.
Step S303, when rendering each first object element, first object element is restored according to JavaScript script
Attribute value, load out parent page.
Specifically, since the JavaScript script injected in intermediate page carries at each first object element randomization
The mapping relations between the attribute value after attribute value and randomization before reason, after client receives intermediate page,
It, can be according to the JavaScript script injected in intermediate page, to centre when being parsed by browser to intermediate page
The DOM API of the page is kidnapped, when rendering each first object element, to the first object member after randomization
Element attribute value restored, so as to load out parent page, parent page can normally be shown, not by element property with
The influence of machine, does not influence visual effect.
The DOM API of intermediate page is kidnapped, specifically function API can be selected to kidnap element, such as can
The element property after being randomized can be restored, not shadow according to for selecting the getElementById function of element ID
Ring normal parsing function.
The embodiment of the present invention by middleware agent apparatus to first object attribute of an element static in parent page
Value is randomized, and positioning of the attacker to element can be destroyed, so as to protect webpage and web portal security, improve webpage and website
Safety, do not need server and web site contents be modified, applicability is more preferable;According to the attribute value before and after randomization
Between mapping relations generate JavaScript script, can normally be shown by the parent page of JavaScript Script controlling,
Do not influence visual effect.Further, it is mainly realized by middleware agent apparatus, does not need server and web site contents are carried out
Large scale deployment and popularization are convenient in change, are particularly suitable for carrying out security protection to the old page for being difficult to modify.
Fig. 4 is the flow diagram according to safe web page means of defence provided in an embodiment of the present invention.As shown in figure 4, should
Method includes:
Step S401, the intermediate page that middleware agent apparatus is sent is received.
Wherein, intermediate page is that middleware agent apparatus is raw according to the information of each third object element in parent page
At JavaScript script, by what is generated in the injection parent page of JavaScript script;Third object element is dynamic generation
Element.
It should be noted that the executing subject of the embodiment of the present invention is client.
It is understood that before step S401 further include: send page access request to middleware agent apparatus.
The page access request is forwarded to server-side by middleware agent apparatus, server-side according to the page access request to
Middleware agent apparatus returns to parent page, and middleware agent apparatus receives the parent page that server-side returns.
In order to which the attribute value to each third object element carries out randomization, middleware agent apparatus will be in parent page
Each third object element information, be converted into JavaScript script.
After middleware agent apparatus generates the JavaScript script, which is injected into parent page
In, so as to obtain intermediate page.
Intermediate page is sent to client by middleware agent apparatus, and client receives intermediate page.
Step S402, intermediate page is parsed, operation is by the JavaScript script in injection intermediate page, so that generating
When each third object element, using the character string generated at random as the attribute of the third object element after randomization
Value.
Specifically, after client receives intermediate page, intermediate page is parsed, operation is by injection intermediate page first
JavaScript script in face.
It is understood that due to generate intermediate page when not to each third object element in parent page at
It manages, third object element in each third object element, that is, intermediate page in parent page, for giving birth in parent page
At in JavaScript code, that is, intermediate page of each third object element for generating the third object element
JavaScript code.
Since the JavaScript script injected in intermediate page carries the information of each third object element, client's termination
It, can be according to injecting in intermediate page when being parsed by browser to intermediate page after receiving intermediate page
JavaScript script obtains the information of each third object element.
For each third object element in intermediate page, which can be generated, and right according to the position of the element
The DOM API of intermediate page is kidnapped, and is specifically kidnapped the attribute of an element value assignment, the word that a string are generated at random
Symbol string is as the attribute value after the third object element randomization.
Since the attribute value of third object element has carried out randomization, attacker can not be matched to by Xpath with
The character string that machine generates, so as to destroy positioning of the attacker to third object element.
Step S403, when rendering each third object element, the character string that will be generated at random replaces with operation intermediate page
In for generate third object element JavaScript code obtain attribute value, load out parent page.
Specifically, when rendering each third object element, according in intermediate page for generating the third object element
JavaScript code, the first object attribute of an element value after randomization is restored, so as to add
Parent page is set out, parent page can normally be shown, do not influenced by element property randomization, do not influence visual effect.
The embodiment of the present invention passes through the information to each third object element of middleware agent apparatus generation carrying
JavaScript script makes client be able to achieve the category to the third object element of dynamic generation by JavaScript script
Property value randomization, positioning of the attacker to element can be destroyed, so as to protect webpage and web portal security, improve webpage and website
Safety, do not need server and web site contents be modified, applicability is more preferable;It is original by JavaScript Script controlling
The page can normally be shown, not influence visual effect.Further, it is mainly realized by middleware agent apparatus, does not need to take
Business device is modified web site contents, is convenient for large scale deployment and popularization, is particularly suitable for the old page for being difficult to modify
Face carries out security protection.
Fig. 5 is the structural schematic diagram according to safe web page protective device provided in an embodiment of the present invention.Based on above-mentioned each reality
The content of example is applied, as shown in figure 5, the device includes page receiving module 501, script generation module 502 and page forwarding module
503, in which:
Page receiving module 501, for receiving the parent page of server-side transmission;
Script generation module 502, for being carried out at randomization to each first object attribute of an element value in parent page
Reason, according to the mapping between the attribute value before each first object element randomization and the attribute value after randomization
Relationship generates JavaScript script, and JavaScript script is injected in parent page, generates intermediate page;
Page forwarding module 503, for intermediate page to be sent to client, so that client passes through parsing intermediate page
Face loads out parent page;
Wherein, first object element is static elements.
It should be noted that the device can be middleware agent apparatus, it is deployed at middleware.
In another embodiment, page receiving module 501, script generation module 502 and page forwarding module 503 function
Respectively include:
Page receiving module 501, for receiving the parent page of server-side transmission;
Script generation module 502, for being generated according to the information of each third object element in parent page
JavaScript script injects JavaScript script in parent page, generates intermediate page;
Page forwarding module 503, for intermediate page to be sent to client, so that client passes through parsing intermediate page
Attribute value in face of each third object element carries out randomization, and loads out parent page;
Wherein, third object element is the element of dynamic generation.
Safe web page protective device provided in an embodiment of the present invention, the net provided for executing the various embodiments described above of the present invention
Page safety protecting method, each module which includes realize that the specific method of corresponding function and process are detailed in
The embodiment of above-mentioned each safe web page means of defence, details are not described herein again.
The safe web page protective device is used for the safe web page means of defence of foregoing embodiments.Therefore, in aforementioned each reality
The description and definition in the safe web page means of defence in example are applied, can be used for the reason of each execution module in the embodiment of the present invention
Solution.
The embodiment of the present invention by middleware agent apparatus to the attribute value of the object element in parent page carry out with
Machine can destroy positioning of the attacker to element, so as to protect webpage and web portal security, the safety for improving webpage and website
Property, not needing server is modified web site contents, and applicability is more preferable;It is original by the JavaScript Script controlling of generation
The page can normally be shown, not influence visual effect.Further, it is mainly realized by middleware agent apparatus, does not need to take
Business device is modified web site contents, is convenient for large scale deployment and popularization, is particularly suitable for the old page for being difficult to modify
Face carries out security protection.
Fig. 6 is the structural schematic diagram according to safe web page protective device provided in an embodiment of the present invention.Based on above-mentioned each reality
The content of example is applied, as shown in fig. 6, the device includes receiving module 601, parsing module 602 and rendering module 603, in which:
Receiving module 601, for receiving the intermediate page of middleware agent apparatus transmission;
Parsing module 602 is run for parsing intermediate page by the JavaScript script in injection intermediate page;
Rendering module 603 when for rendering each first object element, restores the first mesh according to JavaScript script
Attribute of an element value is marked, parent page is loaded out;
Wherein, intermediate page is middleware agent apparatus to each first object attribute of an element value in parent page into
Row randomization, according to the attribute value before each first object element randomization and the attribute value after randomization
Between mapping relations generate JavaScript script, JavaScript script is injected in parent page and is generated;First mesh
Mark element is static elements.
It should be noted that the device can be client.
In another embodiment, the function of receiving module 601, parsing module 602 and rendering module 603 respectively include:
Receiving module 601, for receiving the intermediate page of middleware agent apparatus transmission;
Parsing module 602, for parsing intermediate page, operation by the JavaScript script in injection intermediate page, with
When so that generating each third object element, using the character string generated at random as the third object element after randomization
Attribute value;
Rendering module 603, when for rendering each third object element, the character string that will be generated at random replaces with operation
The attribute value obtained in intermediate page for generating the JavaScript code of third object element, loads out parent page;
Wherein, intermediate page is that middleware agent apparatus is raw according to the information of each third object element in parent page
At JavaScript script, by what is generated in the injection parent page of JavaScript script;Third object element is dynamic generation
Element.
Safe web page protective device provided in an embodiment of the present invention, the net provided for executing the various embodiments described above of the present invention
Page safety protecting method, each module which includes realize that the specific method of corresponding function and process are detailed in
The embodiment of above-mentioned each safe web page means of defence, details are not described herein again.
The safe web page protective device is used for the safe web page means of defence of foregoing embodiments.Therefore, in aforementioned each reality
The description and definition in the safe web page means of defence in example are applied, can be used for the reason of each execution module in the embodiment of the present invention
Solution.
The embodiment of the present invention by middleware agent apparatus to the attribute value of the object element in parent page carry out with
Machine can destroy positioning of the attacker to element, so as to protect webpage and web portal security, the safety for improving webpage and website
Property, not needing server is modified web site contents, and applicability is more preferable;It is original by the JavaScript Script controlling of generation
The page can normally be shown, not influence visual effect.Further, it is mainly realized by middleware agent apparatus, does not need to take
Business device is modified web site contents, is convenient for large scale deployment and popularization, is particularly suitable for the old page for being difficult to modify
Face carries out security protection.
Fig. 7 is the structural block diagram according to electronic equipment provided in an embodiment of the present invention.Content based on the above embodiment, such as
Shown in Fig. 7, which may include: processor (processor) 701, memory (memory) 702 and bus 703;Its
In, processor 701 and memory 702 pass through bus 703 and complete mutual communication;Processor 701 is stored in for calling
In reservoir 702 and the computer program instructions that can be run on processor 701, to execute provided by above-mentioned each method embodiment
Safe web page means of defence, for example, receive the parent page that server-side is sent;To each first object member in parent page
The attribute value of element carries out randomization, according to the attribute value and randomization before each first object element randomization
Mapping relations between attribute value later generate JavaScript script, and JavaScript script is injected in parent page,
Generate intermediate page;Intermediate page is sent to client, so that client loads out original page by parsing intermediate page
Face;It or include: the parent page for receiving server-side and sending;It is generated according to the information of each third object element in parent page
JavaScript script injects JavaScript script in parent page, generates intermediate page;Intermediate page is sent to visitor
Family end so that client carries out randomization by attribute value of the parsing intermediate page to each third object element, and adds
Set out parent page.
Another embodiment of the present invention discloses a kind of computer program product, and computer program product is non-transient including being stored in
Computer program on computer readable storage medium, computer program include program instruction, when program instruction is held by computer
When row, computer is able to carry out safe web page means of defence provided by above-mentioned each method embodiment, for example, receives service
Hold the parent page sent;Randomization is carried out to each first object attribute of an element value in parent page, according to each the
Mapping relations between attribute value before one object element randomization and the attribute value after randomization generate
JavaScript script injects JavaScript script in parent page, generates intermediate page;Intermediate page is sent to visitor
Family end, so that client loads out parent page by parsing intermediate page;It or include: the original of reception server-side transmission
The page;JavaScript script is generated according to the information of each third object element in parent page, by JavaScript script
It injects in parent page, generates intermediate page;Intermediate page is sent to client, so that client passes through parsing intermediate page
Attribute value in face of each third object element carries out randomization, and loads out parent page.
In addition, the logical order in above-mentioned memory 702 can be realized by way of SFU software functional unit and conduct
Independent product when selling or using, can store in a computer readable storage medium.Based on this understanding, originally
The technical solution of the inventive embodiments substantially part of the part that contributes to existing technology or the technical solution in other words
It can be embodied in the form of software products, which is stored in a storage medium, including several fingers
It enables and using so that a computer equipment (can be personal computer, server or the network equipment etc.) executes the present invention respectively
The all or part of the steps of a embodiment method.And storage medium above-mentioned includes: USB flash disk, mobile hard disk, read-only memory
(ROM, Read-Only Memory), random access memory (RAM, Random Access Memory), magnetic or disk
Etc. the various media that can store program code.
Another embodiment of the present invention provides a kind of non-transient computer readable storage medium, non-transient computer readable storages
Medium storing computer instruction, computer instruction make computer execute the protection of safe web page provided by above-mentioned each method embodiment
Method, for example, receive the parent page that server-side is sent;To each first object attribute of an element value in parent page into
Row randomization, according to the attribute value before each first object element randomization and the attribute value after randomization
Between mapping relations generate JavaScript script, by JavaScript script inject parent page in, generate intermediate page;
Intermediate page is sent to client, so that client loads out parent page by parsing intermediate page.
The apparatus embodiments described above are merely exemplary, wherein unit can be as illustrated by the separation member
Or may not be and be physically separated, component shown as a unit may or may not be physical unit, i.e.,
It can be located in one place, or may be distributed over multiple network units.It can select according to the actual needs therein
Some or all of the modules achieves the purpose of the solution of this embodiment.Those of ordinary skill in the art are not paying creative labor
In the case where dynamic, it can understand and implement.
Through the above description of the embodiments, those skilled in the art can be understood that each embodiment can
It realizes by means of software and necessary general hardware platform, naturally it is also possible to pass through hardware.Such understanding, above-mentioned skill
Substantially the part that contributes to existing technology can be embodied in the form of software products art scheme in other words, the calculating
Machine software product may be stored in a computer readable storage medium, such as ROM/RAM, magnetic disk, CD, including some instructions are used
So that a computer equipment (can be personal computer, server or the network equipment etc.) executes above-mentioned each implementation
The method of certain parts of example or embodiment.
Finally, it should be noted that the above embodiments are merely illustrative of the technical solutions of the present invention, rather than its limitations;Although
Present invention has been described in detail with reference to the aforementioned embodiments, those skilled in the art should understand that: it still may be used
To modify the technical solutions described in the foregoing embodiments or equivalent replacement of some of the technical features;
And these are modified or replaceed, technical solution of various embodiments of the present invention that it does not separate the essence of the corresponding technical solution spirit and
Range.
Claims (10)
1. a kind of safe web page means of defence characterized by comprising
Receive the parent page that server-side is sent;
Randomization is carried out to each first object attribute of an element value in the parent page, according to each first object
Mapping relations between the attribute value after attribute value and randomization before element randomization generate
JavaScript script injects the JavaScript script in the parent page, generates intermediate page;
The intermediate page is sent to client so that the client by parse the intermediate page load out it is described
Parent page;
Wherein, the first object element is static elements.
2. safe web page means of defence according to claim 1, which is characterized in that described to receive the original of server-side transmission
Between the page, with the generation intermediate page, further includes:
It is encrypted according to uniform resource identifier of the preset Encryption Algorithm to every one second object element;
Correspondingly, the intermediate page is sent to after client further include:
Receive the first resource acquisition request that the client is sent;
It is decrypted according to the encrypted uniform resource identifier that preset decipherment algorithm carries resource acquisition request;
Resource is obtained from the server-side according to decrypted result, and is forwarded to the client;
Wherein, second object element is the static elements for quoting external resource;The first resource acquisition request carries and appoints
The one encrypted uniform resource identifier of second object element.
3. safe web page means of defence according to claim 1 or 2, which is characterized in that described according to each first mesh
Mapping relations between attribute value before marking element randomization and the attribute value after randomization generate
The specific steps of JavaScript script include:
According between the attribute value before each first object element randomization and the attribute value after randomization
Mapping relations and the parent page in each third object element information, generate the JavaScript script;
Wherein, the third object element is the element of dynamic generation.
4. safe web page means of defence according to claim 3, which is characterized in that described according to each first object member
The mapping relations and the original page between the attribute value after attribute value and randomization before plain randomization
The information of each third object element in face, the specific steps for generating the JavaScript script include:
According between the attribute value before each first object element randomization and the attribute value after randomization
Mapping relations, the information and the client of each third object element in the parent page needs according to preset encryption
The information for each 4th object element that algorithm encrypts uniform resource identifier, generates the JavaScript script;
Correspondingly, the intermediate page is sent to after client further include:
Receive the Secondary resource acquisition request that the client is sent;
The encrypted uniform resource identifier that the Secondary resource acquisition request carries is carried out according to preset decipherment algorithm
Decryption;
Resource is obtained from the server-side according to decrypted result, and is forwarded to the client;
Wherein, the 4th object element is the element for quoting the dynamic generation of external resource;The Secondary resource acquisition request,
Carry the encrypted uniform resource identifier of any 4th object element.
5. a kind of safe web page means of defence characterized by comprising
Receive the parent page that server-side is sent;
JavaScript script is generated according to the information of each third object element in the parent page, it will be described
JavaScript script injects in the parent page, generates intermediate page;
The intermediate page is sent to client, so that the client is by parsing the intermediate page to each described the
The attribute value of three object elements carries out randomization, and loads out the parent page;
Wherein, the third object element is the element of dynamic generation.
6. safe web page means of defence according to claim 5, which is characterized in that described according in the parent page
The specific steps that the information of each third object element generates JavaScript script include:
It needs to be calculated according to preset encryption according to the information of each third object element in the parent page and the client
The information for each 4th object element that method encrypts uniform resource identifier, generates the JavaScript script;
Correspondingly, the intermediate page is sent to after client further include:
Receive the Secondary resource acquisition request that the client is sent;
The encrypted uniform resource identifier that the Secondary resource acquisition request carries is carried out according to preset decipherment algorithm
Decryption;
Resource is obtained from the server-side according to decrypted result, and is forwarded to the client;
Wherein, the 4th object element is the element for quoting the dynamic generation of external resource;The Secondary resource acquisition request,
Carry the encrypted uniform resource identifier of any 4th object element.
7. a kind of safe web page means of defence characterized by comprising
Receive the intermediate page that middleware agent apparatus is sent;
Parse the intermediate page, the JavaScript script that operation is injected in the intermediate page;
When rendering each first object element, the first object attribute of an element is restored according to the JavaScript script
Value, loads out parent page;
Wherein, the intermediate page is the middleware agent apparatus to each first object member in the parent page
Element attribute value carry out randomization, according to before each first object element randomization attribute value and randomization
Mapping relations between attribute value after processing generate JavaScript script, will be described in JavaScript script injection
It is generated in parent page;The first object element is static elements.
8. a kind of safe web page means of defence characterized by comprising
Receive the intermediate page that middleware agent apparatus is sent;
Parse the intermediate page, the JavaScript script that operation is injected in the intermediate page, so that generating each
When third object element, using the character string generated at random as the attribute of the third object element after randomization
Value;
When rendering each third object element, by the character string generated at random, the operation intermediate page is replaced with
In for generate the third object element JAVASCRIPT code obtain attribute value, load out parent page;
Wherein, the intermediate page is the middleware agent apparatus according to each third target in the parent page
The information of element generates JavaScript script, and the JavaScript script is injected and is generated in the parent page;Institute
State the element that third object element is dynamic generation.
9. a kind of electronic equipment including memory, processor and stores the calculating that can be run on a memory and on a processor
Machine program, which is characterized in that the processor realizes webpage as claimed in any one of claims 1 to 8 when executing described program
The step of safety protecting method.
10. a kind of non-transient computer readable storage medium, is stored thereon with computer program, which is characterized in that the computer
The step of safe web page means of defence as claimed in any one of claims 1 to 8 is realized when program is executed by processor.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910349779.0A CN110263533A (en) | 2019-04-28 | 2019-04-28 | Safe web page means of defence |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910349779.0A CN110263533A (en) | 2019-04-28 | 2019-04-28 | Safe web page means of defence |
Publications (1)
Publication Number | Publication Date |
---|---|
CN110263533A true CN110263533A (en) | 2019-09-20 |
Family
ID=67914008
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201910349779.0A Pending CN110263533A (en) | 2019-04-28 | 2019-04-28 | Safe web page means of defence |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN110263533A (en) |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111209544A (en) * | 2019-12-17 | 2020-05-29 | 中移(杭州)信息技术有限公司 | Web application security protection method and device, electronic equipment and storage medium |
CN112182614A (en) * | 2020-09-29 | 2021-01-05 | 北京天云海数技术有限公司 | Dynamic Web application protection system |
CN112291352A (en) * | 2020-10-30 | 2021-01-29 | 杭州安恒信息安全技术有限公司 | Protection method, device, equipment and medium for database collision and brute force cracking |
Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105979393A (en) * | 2015-12-01 | 2016-09-28 | 乐视致新电子科技(天津)有限公司 | Web page display method and device, and intelligent television system |
CN107959660A (en) * | 2016-10-17 | 2018-04-24 | 中兴通讯股份有限公司 | A kind of static file access method and device based on Nginx |
US20180121680A1 (en) * | 2014-05-23 | 2018-05-03 | Shape Security, Inc. | Obfuscating web code |
CN109150965A (en) * | 2018-07-06 | 2019-01-04 | 百度在线网络技术(北京)有限公司 | The anti-screen method of information resources, device, computer equipment and storage medium |
CN109284104A (en) * | 2018-09-28 | 2019-01-29 | 北京航空航天大学青岛研究院 | Method based on webpage assembler language control page jump |
CN109309677A (en) * | 2018-09-28 | 2019-02-05 | 杭州电子科技大学 | A kind of Web application dynamic security method based on semanteme collaboration |
US20190081873A1 (en) * | 2017-09-12 | 2019-03-14 | Sophos Limited | Dashboard for managing enterprise network traffic |
-
2019
- 2019-04-28 CN CN201910349779.0A patent/CN110263533A/en active Pending
Patent Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20180121680A1 (en) * | 2014-05-23 | 2018-05-03 | Shape Security, Inc. | Obfuscating web code |
CN105979393A (en) * | 2015-12-01 | 2016-09-28 | 乐视致新电子科技(天津)有限公司 | Web page display method and device, and intelligent television system |
CN107959660A (en) * | 2016-10-17 | 2018-04-24 | 中兴通讯股份有限公司 | A kind of static file access method and device based on Nginx |
US20190081873A1 (en) * | 2017-09-12 | 2019-03-14 | Sophos Limited | Dashboard for managing enterprise network traffic |
CN109150965A (en) * | 2018-07-06 | 2019-01-04 | 百度在线网络技术(北京)有限公司 | The anti-screen method of information resources, device, computer equipment and storage medium |
CN109284104A (en) * | 2018-09-28 | 2019-01-29 | 北京航空航天大学青岛研究院 | Method based on webpage assembler language control page jump |
CN109309677A (en) * | 2018-09-28 | 2019-02-05 | 杭州电子科技大学 | A kind of Web application dynamic security method based on semanteme collaboration |
Non-Patent Citations (3)
Title |
---|
努力化猿的鼠: "Meta http-equiv属性详解", <HTTPS://WWW.CNBLOGS.COM/DREAMAKER/P/10576750.HTML> * |
孙松柏等: "HTML5安全研究", 《计算机应用与软件》 * |
邹学强等: "基于页面布局相似性的钓鱼网页发现方法", 《通信学报》 * |
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111209544A (en) * | 2019-12-17 | 2020-05-29 | 中移(杭州)信息技术有限公司 | Web application security protection method and device, electronic equipment and storage medium |
CN111209544B (en) * | 2019-12-17 | 2022-07-01 | 中移(杭州)信息技术有限公司 | Web application security protection method and device, electronic equipment and storage medium |
CN112182614A (en) * | 2020-09-29 | 2021-01-05 | 北京天云海数技术有限公司 | Dynamic Web application protection system |
CN112182614B (en) * | 2020-09-29 | 2023-10-13 | 北京天云海数技术有限公司 | Dynamic Web application protection system |
CN112291352A (en) * | 2020-10-30 | 2021-01-29 | 杭州安恒信息安全技术有限公司 | Protection method, device, equipment and medium for database collision and brute force cracking |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US11886619B2 (en) | Apparatus and method for securing web application server source code | |
US9241004B1 (en) | Alteration of web documents for protection against web-injection attacks | |
CN104166822B (en) | A kind of method and apparatus of data protection | |
EP3391263B1 (en) | Securing webpages, webapps and applications | |
CN104106073B (en) | Security strategy editing machine | |
US9553865B2 (en) | Protecting websites from cross-site scripting | |
CN105306473B (en) | A kind of method for preventing injection attacks, client, server and system | |
CN105631355A (en) | Data processing method and device | |
US9135469B2 (en) | Information protection system | |
CN108322461A (en) | Method, system, device, equipment and the medium of application program automated log on | |
CN105631359A (en) | Control method and device of webpage operation | |
WO2015150391A1 (en) | Software protection | |
Van Acker et al. | FlashOver: Automated discovery of cross-site scripting vulnerabilities in rich internet applications | |
CN110263533A (en) | Safe web page means of defence | |
EP2245821A2 (en) | Authenticating a web page with embedded javascript | |
CN106331042B (en) | Single sign-on method and device for heterogeneous user system | |
CN103778352A (en) | Electronic evidence generation and verification method and device as well as electronic evidence generation system | |
CN110084038A (en) | Prevent third party's JavaScript loophole | |
Peguero et al. | CSRF protection in JavaScript frameworks and the security of JavaScript applications | |
US8892894B2 (en) | Computer-implemented method and system for embedding and authenticating ancillary information in digitally signed content | |
Kerschbaumer et al. | Towards precise and efficient information flow control in web browsers | |
US20220263828A1 (en) | Client-side blocking and reporting of unauthorized network transmissions | |
CA2701776A1 (en) | A computer-implemented method and system to enable out of band tracking for digital distribution | |
Caliwag et al. | Integrating the escaping technique in preventing cross site scripting in an online inventory system | |
AU2007357078A1 (en) | A computer-implemented method and system for embedding and authenticating ancillary information in digitally signed content |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
AD01 | Patent right deemed abandoned |
Effective date of abandoning: 20211112 |
|
AD01 | Patent right deemed abandoned |