CN110263533A - Safe web page means of defence - Google Patents

Safe web page means of defence Download PDF

Info

Publication number
CN110263533A
CN110263533A CN201910349779.0A CN201910349779A CN110263533A CN 110263533 A CN110263533 A CN 110263533A CN 201910349779 A CN201910349779 A CN 201910349779A CN 110263533 A CN110263533 A CN 110263533A
Authority
CN
China
Prior art keywords
page
object element
randomization
client
parent
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201910349779.0A
Other languages
Chinese (zh)
Inventor
韦俊琳
郑晓峰
段海新
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Tsinghua University
CERNET Corp
Original Assignee
Tsinghua University
CERNET Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Tsinghua University, CERNET Corp filed Critical Tsinghua University
Priority to CN201910349779.0A priority Critical patent/CN110263533A/en
Publication of CN110263533A publication Critical patent/CN110263533A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/90Details of database functions independent of the retrieved data types
    • G06F16/95Retrieval from the web
    • G06F16/958Organisation or management of web site content, e.g. publishing, maintaining pages or automatic linking
    • G06F16/972Access to data in other repository systems, e.g. legacy data or dynamic Web page generation
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Databases & Information Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Data Mining & Analysis (AREA)
  • Computer Hardware Design (AREA)
  • Information Transfer Between Computers (AREA)
  • Storage Device Security (AREA)

Abstract

The embodiment of the present invention provides a kind of safe web page means of defence.Wherein, method includes: the parent page for receiving server-side and sending;Randomization is carried out to each first object attribute of an element value in parent page, JavaScript script is generated according to the mapping relations between the attribute value before each first object element randomization and the attribute value after randomization, JavaScript script is injected in parent page, intermediate page is generated;Intermediate page is sent to client, so that client loads out parent page by parsing intermediate page.Safe web page means of defence provided in an embodiment of the present invention, by being randomized to attribute value of the middleware agent apparatus to object element in parent page, positioning of the attacker to element can be destroyed, so as to protect webpage and web portal security, the safety for improving webpage and website, it does not need server to be modified web site contents, applicability is more preferable.

Description

Safe web page means of defence
Technical field
The present invention relates to field of computer technology, more particularly, to a kind of safe web page means of defence.
Background technique
With the high speed development of internet, cloud computing and mobile computing, the webpage of magnanimity can be all increased newly daily.Thereupon , threaten the event of internet and computer security also increasing using webpage.The personnel such as hacker can using in webpage element, Script and loophole etc. threaten internet and computer security.For example, web crawlers carries out the element etc. in the page using XPath Positioning, to implement network attack using a certain or certain elements.
Currently, there are many webpage means of defences, by being protected webpage to reduce the security risk of website.It is logical Gateway is crossed to be avoided that illegally URL (uniform resource locator, the Uniform Resource Locator) method encrypted Access, but need to be arranged in gateway, it is not suitable for providing network service on a large scale, and solve efficiency and need to be considered, Versatility is poor.It is restored from the resource request for carrying encrypted uniform resource locator by content distribution network system The method of uniform resource locator can shield illegal web page, but can only intercept illegal resource request, narrow scope of application.Pass through The webpage that server end PHP program includes FORM list is subjected to parameter name scramble, there is the effect of certain interference form fields Fruit, but be easy to be bypassed, what attacker remained to be easier to is positioned using other localization methods, and needs to modify the net on server Page, it is not easy to it realizes, it is poor for applicability.In conclusion all there is restricted application not in existing kind of safe web page means of defence Foot.
Summary of the invention
The embodiment of the present invention provides a kind of safe web page means of defence, to solve or at least be partially solved existing skill The defect of art restricted application.
In a first aspect, the embodiment of the present invention provides a kind of safe web page means of defence, comprising:
Receive the parent page that server-side is sent;
Randomization is carried out to each first object attribute of an element value in the parent page, according to each described first Mapping relations between the attribute value after attribute value and randomization before object element randomization generate JavaScript script injects the JavaScript script in the parent page, generates intermediate page;
The intermediate page is sent to client, so that the client loads out by parsing the intermediate page The parent page;
Wherein, the first object element is static elements.
Second aspect, the embodiment of the present invention provide a kind of safe web page means of defence, comprising:
Receive the parent page that server-side is sent;
JavaScript script is generated according to the information of each third object element in the parent page, it will be described JavaScript script injects in the parent page, generates intermediate page;
The intermediate page is sent to client, so that the client is by parsing the intermediate page to each institute The attribute value for stating third object element carries out randomization, and loads out the parent page;
Wherein, the third object element is the element of dynamic generation.
The third aspect, the embodiment of the present invention provide a kind of safe web page means of defence, comprising:
Receive the intermediate page that middleware agent apparatus is sent;
Parse the intermediate page, the JavaScript script that operation is injected in the intermediate page;
When rendering each first object element, the first object element is restored according to the JavaScript script Attribute value loads out parent page;
Wherein, the intermediate page is the middleware agent apparatus to each first mesh in the parent page Mark attribute of an element value carry out randomization, according to before each first object element randomization attribute value with The mapping relations between attribute value after machineization processing generate JavaScript script, and the JavaScript script is injected It is generated in the parent page;The first object element is static elements.
Fourth aspect, the embodiment of the present invention provide a kind of safe web page means of defence, comprising:
Receive the intermediate page that middleware agent apparatus is sent;
Parse the intermediate page, the JavaScript script that operation is injected in the intermediate page, so that generating When each third object element, using the character string generated at random as the category of the third object element after randomization Property value;
When rendering each third object element, by the character string generated at random, the operation centre is replaced with The attribute value obtained in the page for generating the JavaScript code of the third object element, loads out parent page;
Wherein, the intermediate page is the middleware agent apparatus according to each third in the parent page The information of object element generates JavaScript script, and the JavaScript script is injected in the parent page and is generated 's;The third object element is the element of dynamic generation.
5th aspect, the embodiment of the present invention provides a kind of electronic equipment, including memory, processor and is stored in memory Computer program that is upper and can running on a processor realizes that such as first aspect is various to fourth aspect when executing described program In possible implementation the step of safe web page means of defence provided by any possible implementation.
6th aspect, the embodiment of the present invention provide a kind of non-transient computer readable storage medium, are stored thereon with calculating Machine program realizes the various possible implementations such as first aspect to fourth aspect when the computer program is executed by processor In safe web page means of defence provided by any possible implementation the step of.
Safe web page means of defence provided in an embodiment of the present invention, by middleware agent apparatus to mesh in parent page Mark attribute of an element value is randomized, and positioning of the attacker to element can be destroyed, so as to protect webpage and web portal security, mention The safety of high webpage and website does not need server and is modified to web site contents, and applicability is more preferable.
Detailed description of the invention
In order to more clearly explain the embodiment of the invention or the technical proposal in the existing technology, to embodiment or will show below There is attached drawing needed in technical description to be briefly described, it should be apparent that, the accompanying drawings in the following description is this hair Bright some embodiments for those of ordinary skill in the art without creative efforts, can be with root Other attached drawings are obtained according to these attached drawings.
Fig. 1 is the flow diagram according to safe web page means of defence provided in an embodiment of the present invention;
Fig. 2 is the flow diagram according to safe web page means of defence provided in an embodiment of the present invention;
Fig. 3 is the flow diagram according to safe web page means of defence provided in an embodiment of the present invention;
Fig. 4 is the flow diagram according to safe web page means of defence provided in an embodiment of the present invention;
Fig. 5 is the structural schematic diagram according to safe web page protective device provided in an embodiment of the present invention;
Fig. 6 is the structural schematic diagram according to safe web page protective device provided in an embodiment of the present invention;
Fig. 7 is the entity structure schematic diagram according to electronic equipment provided in an embodiment of the present invention.
Specific embodiment
In order to make the object, technical scheme and advantages of the embodiment of the invention clearer, below in conjunction with the embodiment of the present invention In attached drawing, technical scheme in the embodiment of the invention is clearly and completely described, it is clear that described embodiment is A part of the embodiment of the present invention, instead of all the embodiments.Based on the embodiments of the present invention, those of ordinary skill in the art Every other embodiment obtained without creative efforts, shall fall within the protection scope of the present invention.
In order to overcome the above problem of the prior art, the embodiment of the present invention provides a kind of safe web page means of defence, hair Bright design is attribute of an element some or all of in the parent page sent by the realization of middleware agent apparatus to server Value carry out randomization, the element property values that webpage is shown in face of attacker be randomization after value, attacker according to The mode of XPath positioning webpage element can not work normally, to achieve the purpose that protect webpage and web portal security.
Fig. 1 is the flow diagram according to safe web page means of defence provided in an embodiment of the present invention.As shown in Figure 1, should Method includes: step S101, receives the parent page that server-side is sent.
It should be noted that the executing subject of the embodiment of the present invention is middleware agent apparatus.
When middleware agent apparatus is not present, the step of client loading page includes: that user passes through the clear of client After device of looking at inputs network address, client sends the request for obtaining the corresponding webpage of the network address by browser to server-side;Server-side After receiving the request, requested webpage (parent page) is returned to client;Client carries out the webpage by browser Load.
When there are middleware agent apparatus, the step of client loading page in, the acquisition network address that client is sent The request of corresponding webpage is forwarded to server-side by middleware agent apparatus;The requested webpage that server-side returns, passes through Middleware agent apparatus is forwarded to client;Other steps be not present middleware agent apparatus when it is identical, details are not described herein again.
Middleware agent apparatus can be content distributing network (Content Delivery Network, CDN) or fire prevention Wall etc. can be to the device that the page is handled, and the device is between client and server-side.
It is understood that before step S101 further include: the page access request that client is sent is received, by the page Acquisition request is forwarded to server-side.
Page access request carries the network address of parent page.
Client sends page access request to middleware agent apparatus, and middleware agent apparatus is by the page access request It is forwarded to server-side, server-side returns to parent page, middleware agency to middleware agent apparatus according to the page access request Device receives the parent page that server-side returns.
Step S102, randomization is carried out to each first object attribute of an element value in parent page, according to each the Mapping relations between attribute value before one object element randomization and the attribute value after randomization generate JavaScript script injects JavaScript script in parent page, generates intermediate page.
Wherein, first object element is static elements.
Specifically, it can be realized in such a way that the attribute value to static elements is randomized anti-to the safety of webpage Shield.
It is understood that any page includes the element of several static elements He several dynamic generations.Element Attribute value be the character string with certain meaning.
First object element can be predetermined.It is understood that also being wrapped between step S101 and step S102 It includes, obtains each element for needing randomization in the parent page.Each static state of randomization is needed in the parent page Element, i.e., each first object element.
For any first object element, when server-side returns to parent page, which has been generated, the attribute of an element Value has also determined that.
It should be noted that before carrying out randomization to each first object attribute of an element value in parent page, Parent page first can be parsed into raw DOM Document Object Model (Document Object Model, DOM), so as to parent page In element traversed, determine the position of each first object element.
It, can be according to the position acquisition of the element attribute of an element for each first object element in parent page Value carries out randomization to the attribute of an element value, which is converted into the character string generated at random, as Attribute value after the element randomization.
After carrying out randomization to each first object attribute of an element value, each first object element can be randomized The mapping relations between the attribute value after attribute value and randomization before processing, are converted into JavaScript script.
JavaScript script may include two parts: a part be each first object element randomization before category Property value and randomization after attribute value between mapping relations, another part for repairing the page, i.e., to randomization at Attribute value after reason is restored.Wherein, for static elements, mapping relations are inserted into JavaScript script, are informed Client is repaired according to above-mentioned mapping relations;The script for repairing the page is the fixation script write in advance, it is only necessary to be known Road mapping relations just can be carried out reparation.
After generating the JavaScript script, which is injected in parent page, and parent page In each first object attribute of an element value be replaced by the attribute value after randomization, so as to obtain intermediate page Face.
Step S103, intermediate page is sent to client, so that client loads out original by parsing intermediate page The beginning page.
Specifically, after carrying out processing generation intermediate page to parent page, intermediate page is sent to client.
Before carrying each first object element randomization due to the JavaScript script injected in intermediate page Attribute value and randomization after attribute value between mapping relations, client receive intermediate page after, by clear It, can be according to the JavaScript script injected in intermediate page, to intermediate page when device of looking at parses intermediate page DOM API is kidnapped, when rendering each first object element, to the category of the first object element after randomization Property value restored, so as to load out parent page, parent page can normally be shown, not by element property be randomized It influences, does not influence visual effect.
The DOM API of intermediate page is kidnapped, specifically function API can be selected to kidnap element, such as can The element property after being randomized can be restored, not shadow according to for selecting the getElementById function of element ID Ring normal parsing function.
The embodiment of the present invention by middleware agent apparatus to first object attribute of an element static in parent page Value is randomized, and positioning of the attacker to element can be destroyed, so as to protect webpage and web portal security, improve webpage and website Safety, do not need server and web site contents be modified, applicability is more preferable;According to the attribute value before and after randomization Between mapping relations generate JavaScript script, can normally be shown by the parent page of JavaScript Script controlling, Do not influence visual effect.Further, it is mainly realized by middleware agent apparatus, does not need server and web site contents are carried out Large scale deployment and popularization are convenient in change, are particularly suitable for carrying out security protection to the old page for being difficult to modify.
Content based on the various embodiments described above receives the parent page that server-side is sent, between generation intermediate page, also It include: to be encrypted according to uniform resource identifier of the preset Encryption Algorithm to every one second object element.
Wherein, the second object element is the static elements for quoting external resource.
Specifically, in order to further carry out security protection to webpage, the safety of webpage and website, acceptable basis are improved Preset Encryption Algorithm encrypts the uniform resource identifier of each second object element in parent page, by every one second The uniform resource identifier of object element replaces with encrypted uniform resource identifier.
Uniform resource identifier (Uniform Resource Identifier, URI) is one for identifying a certain interconnection The character string of net resource name.This kind mark allows user to the resource of any (including local and internet) by specifically assisting View interacts operation.URI is by including determining that the scheme of grammer and related protocol is defined.The upper available every kind of resource of Web, example Such as html document, image, video clip, program can be positioned by a URI.
It is understood that in intermediate page each second object element uniform resource identifier, be encrypted system One resource identifier.
Second object element can be the static elements of the resources such as the external list of reference, picture, video, program.
List may include cascading style sheets (Cascading Style Sheets, CSS) list.
External resource cited in every one second object element, can obtain from server-side.
Correspondingly, intermediate page is sent to after client further include: receive the first resource that client is sent and obtain Request.
Wherein, first resource acquisition request carries any encrypted uniform resource identifier of second object element.
Specifically, after intermediate page being sent to client, client parses intermediate page by browser When, for every one second object element, need to obtain the external resource of element reference, client generates first resource acquisition and asks It asks.The first resource acquisition request carries the encrypted uniform resource identifier of the second object element.The first resource obtains Request, for obtaining the external resource that second object element is quoted from server-side.
The first resource acquisition request is sent to middleware agent apparatus by client, middleware agent apparatus receive this One resource acquisition request.
It is decrypted according to the encrypted uniform resource identifier that preset decipherment algorithm carries resource acquisition request.
Specifically, after middleware agent apparatus receives first resource acquisition request, according to preset decipherment algorithm to this Resource acquisition request carry a certain encrypted uniform resource identifier of second object element be decrypted, decrypt this second The uniform resource identifier of object element, as decrypted result.
Preset decipherment algorithm is the corresponding decipherment algorithm of preset Encryption Algorithm.
According to decrypted result, first resource acquisition request after being restored, the first resource after the reduction is obtained Request carries the uniform resource identifier of second object element.
First resource acquisition request after reduction can be sent to server-side by middleware agent apparatus.
Resource is obtained from server-side according to decrypted result, and is forwarded to client.
Specifically, it after server-side receives the first resource acquisition request after reduction, can be provided according to first after the reduction The uniform resource identifier for second object element that source acquisition request carries obtains the external money of second object element reference Source, and the resource is returned into middleware agent apparatus.
Middleware agent apparatus receives the resource that server-side is returned according to the first resource acquisition request after reduction, thus real Resource is now obtained from server-side according to decrypted result.After middleware agent apparatus receives the resource, by the resource forwarding to visitor Family end, client can load the resource.
The embodiment of the present invention is encrypted by the uniform resource identifier to the second static object element, can be destroyed and be attacked Acquisition of the person of hitting to external resource does not need to take so as to protect webpage and web portal security, the safety for improving webpage and website Business device is modified web site contents, and applicability is more preferable.Further, it is mainly realized, is not needed by middleware agent apparatus Server is modified web site contents, is convenient for large scale deployment and popularization, is particularly suitable for old to be difficult to modify The page carries out security protection.
Content based on the various embodiments described above, according to the attribute value before each first object element randomization and at random It includes: according to each first mesh that the mapping relations between attribute value after change processing, which generate the specific steps of JavaScript script, Mapping relations and original page between attribute value before mark element randomization and the attribute value after randomization The information of each third object element in face generates JavaScript script.
Wherein, third object element is the element of dynamic generation.
Specifically, the mode being randomized except through the attribute value to static elements realizes the security protection to webpage Except, the safety to webpage can also be further strengthened in such a way that the attribute of an element value to dynamic generation is randomized Protection.
It is client by the browser resolves page is to generate it should be noted that the element of dynamic generation.
Third object element can be predetermined.It is understood that also being wrapped between step S101 and step S102 It includes, obtains each element for needing randomization in the parent page.Each dynamic of randomization is needed in the parent page The element of generation, i.e., each third object element.
In order to which the attribute value to each third object element carries out randomization, when generating JavaScript script, in addition to It needs to the mapping between the attribute value before each first object element randomization and the attribute value after randomization Except relationship is converted, it is also necessary to convert the information of each third object element in parent page.
It is understood that due to generate intermediate page when not to each third object element in parent page at It manages, third object element in each third object element, that is, intermediate page in parent page, for giving birth in parent page At in JavaScript code, that is, intermediate page of each third object element for generating the third object element JavaScript code.
Since the JavaScript script injected in intermediate page carries the information of each third object element, client's termination It, can be according to injecting in intermediate page when being parsed by browser to intermediate page after receiving intermediate page JavaScript script obtains the information of each third object element.
For each third object element in intermediate page, which can be generated, and right according to the position of the element The DOM API of intermediate page is kidnapped, and is specifically kidnapped the attribute of an element value assignment, the word that a string are generated at random Symbol string is as the attribute value after the third object element randomization.
Since the attribute value of third object element has carried out randomization, attacker can not be matched to by Xpath with The character string that machine generates, so as to destroy positioning of the attacker to third object element.
When rendering each third object element, according in intermediate page for generating the third object element JavaScript code restores the first object attribute of an element value after randomization, so as to load Parent page out, parent page can normally be shown, do not influenced by element property randomization, do not influence visual effect.
The embodiment of the present invention passes through the information to each third object element of middleware agent apparatus generation carrying JavaScript script makes client be able to achieve the category to the third object element of dynamic generation by JavaScript script Property value randomization, positioning of the attacker to element can be destroyed, so as to protect webpage and web portal security, improve webpage and website Safety, do not need server and web site contents be modified, applicability is more preferable;It is original by JavaScript Script controlling The page can normally be shown, not influence visual effect.Further, it is mainly realized by middleware agent apparatus, does not need to take Business device is modified web site contents, is convenient for large scale deployment and popularization, is particularly suitable for the old page for being difficult to modify Face carries out security protection.
Content based on the various embodiments described above, according to the attribute value before each first object element randomization and at random The information of each third object element in the mapping relations and parent page between attribute value after change processing, generates The specific steps of JavaScript script include: according to before each first object element randomization attribute value and randomization The mapping relations between attribute value after processing, the information and client of each third object element in parent page need root According to the information for each 4th object element that preset Encryption Algorithm encrypts uniform resource identifier, JavaScript is generated Script.
Wherein, the 4th object element is the element for quoting the dynamic generation of external resource.
Specifically, in order to further carry out security protection to webpage, the safety of webpage and website is improved, is generated When JavaScript script, in addition to need to before each first object element randomization attribute value and randomization it The mapping relations between attribute value afterwards are converted, and the information of each third object element in parent page is turned It is alternatively outer, it is also necessary to convert the information of each 4th object element in parent page.
It is understood that due to generate intermediate page when not to each 4th object element in parent page at It manages, the 4th object element in every four object elements, that is, intermediate page in parent page.
Preset Encryption Algorithm may be embodied in JavaScript script.Client passes through operation JavaScript foot This, can add according to uniform resource identifier of the preset Encryption Algorithm to each 4th object element in intermediate page It is close, the uniform resource identifier of every one the 4th object element is replaced with into encrypted uniform resource identifier.
The preset Encryption Algorithm that uses of encryption is carried out to the uniform resource identifier of the 4th object element, can with to the It is identical that the uniform resource identifier of two object elements carries out the preset Encryption Algorithm that encryption uses.
4th object element can be the member of the dynamic generations of resources such as the external list of reference, picture, video, program Element.
List may include cascading style sheets (Cascading Style Sheets, CSS) list.
External resource cited in every one the 4th object element, can obtain from server-side.
Correspondingly, intermediate page is sent to after client further include: receive the Secondary resource that client is sent and obtain Request.
Wherein, Secondary resource acquisition request carries the encrypted uniform resource identifier of any 4th object element.
Specifically, after intermediate page being sent to client, client parses intermediate page by browser When, for every one the 4th object element, need to obtain the external resource of element reference, client generates Secondary resource acquisition and asks It asks.The Secondary resource acquisition request carries the 4th encrypted uniform resource identifier of object element.The Secondary resource obtains Request, for obtaining the external resource that the 4th object element is quoted from server-side.
The Secondary resource acquisition request is sent to middleware agent apparatus by client, middleware agent apparatus receive this Two resource acquisitions request.
The encrypted uniform resource identifier that Secondary resource acquisition request carries is carried out according to preset decipherment algorithm Decryption.
Specifically, after middleware agent apparatus receives Secondary resource acquisition request, according to preset decipherment algorithm to this The encrypted uniform resource identifier of a certain 4th object element that resource acquisition request carries is decrypted, and decrypts the 4th The uniform resource identifier of object element, as decrypted result.
Preset decipherment algorithm is the corresponding decipherment algorithm of preset Encryption Algorithm.
According to decrypted result, Secondary resource acquisition request after being restored, the Secondary resource after the reduction is obtained Request carries the uniform resource identifier of the 4th object element.
Secondary resource acquisition request after reduction can be sent to server-side by middleware agent apparatus.
Resource is obtained from server-side according to decrypted result, and is forwarded to client.
Specifically, it after server-side receives the Secondary resource acquisition request after reduction, can be provided according to second after the reduction The uniform resource identifier for the 4th object element that source acquisition request carries obtains the external money of the 4th object element reference Source, and the resource is returned into middleware agent apparatus.
Middleware agent apparatus receives the resource that server-side is returned according to the Secondary resource acquisition request after reduction, thus real Resource is now obtained from server-side according to decrypted result.After middleware agent apparatus receives the resource, by the resource forwarding to visitor Family end, client can load the resource.
The embodiment of the present invention is encrypted by the uniform resource identifier to the 4th static object element, can be destroyed and be attacked Acquisition of the person of hitting to external resource does not need to take so as to protect webpage and web portal security, the safety for improving webpage and website Business device is modified web site contents, and applicability is more preferable.Further, it is mainly realized, is not needed by middleware agent apparatus Server is modified web site contents, is convenient for large scale deployment and popularization, is particularly suitable for old to be difficult to modify The page carries out security protection.
Fig. 2 is the flow diagram according to safe web page means of defence provided in an embodiment of the present invention.As shown in Fig. 2, should Method includes: step S201, receives the parent page that server-side is sent.
It should be noted that the executing subject of the embodiment of the present invention is middleware agent apparatus.
It is understood that before step S201 further include: the page access request that client is sent is received, by the page Acquisition request is forwarded to server-side.
Page access request carries the network address of parent page.
Client sends page access request to middleware agent apparatus, and middleware agent apparatus is by the page access request It is forwarded to server-side, server-side returns to parent page, middleware agency to middleware agent apparatus according to the page access request Device receives the parent page that server-side returns.
Step S202, JavaScript script is generated according to the information of each third object element in parent page, it will JavaScript script injects in parent page, generates intermediate page.
Wherein, third object element is the element of dynamic generation.
Specifically, the peace to webpage can be realized in such a way that the attribute of an element value to dynamic generation is randomized Full protection.
It should be noted that according to the information of each third object element in parent page generate JavaScript script it Before, parent page first can be parsed into raw DOM Document Object Model (Document Object Model, DOM), so as to client pair Element in intermediate page is traversed, and determines the position of each third object element.
It is client by the browser resolves page is to generate it should be noted that the element of dynamic generation.
Third object element can be predetermined.It is understood that also being wrapped between step S201 and step S202 It includes, obtains each element for needing randomization in the parent page.Each dynamic of randomization is needed in the parent page The element of generation, i.e., each third object element.
In order to which the attribute value to each third object element carries out randomization, by each third target element in parent page The information of element, is converted into JavaScript script.
JavaScript script may include two parts: a part is the information of each third object element, and another part is used In repairing the page, i.e., the attribute value after randomization is restored.Wherein, for the element of dynamic generation, by each third The information of object element is inserted into JavaScript script, informs that client repairs the attribute value of each third object element;It repairs The script of the multiple page is the fixation script write in advance.
After generating the JavaScript script, which is injected in parent page, so as to To intermediate page.
Step S203, intermediate page is sent to client, so that client is by parsing intermediate page to each third The attribute value of object element carries out randomization, and loads out parent page.
Specifically, after carrying out processing generation intermediate page to parent page, intermediate page is sent to client.
It is understood that due to generate intermediate page when not to each third object element in parent page at It manages, third object element in each third object element, that is, intermediate page in parent page, for giving birth in parent page At in JAVASCRIPT code, that is, intermediate page of each third object element for generating the third object element JAVASCRIPT code.
Since the JavaScript script injected in intermediate page carries the information of each third object element, client's termination It, can be according to injecting in intermediate page when being parsed by browser to intermediate page after receiving intermediate page JavaScript script obtains the information of each third object element.
For each third object element in intermediate page, which can be generated, and right according to the position of the element The DOM API of intermediate page is kidnapped, and is specifically kidnapped the attribute of an element value assignment, the word that a string are generated at random Symbol string is as the attribute value after the third object element randomization.
Since the attribute value of third object element has carried out randomization, attacker can not be matched to by Xpath with The character string that machine generates, so as to destroy positioning of the attacker to third object element.
When rendering each third object element, according in intermediate page for generating the third object element JavaScript code restores the first object attribute of an element value after randomization, so as to load Parent page out, parent page can normally be shown, do not influenced by element property randomization, do not influence visual effect.
The embodiment of the present invention passes through the information to each third object element of middleware agent apparatus generation carrying JavaScript script makes client be able to achieve the category to the third object element of dynamic generation by JavaScript script Property value randomization, positioning of the attacker to element can be destroyed, so as to protect webpage and web portal security, improve webpage and website Safety, do not need server and web site contents be modified, applicability is more preferable;It is original by JavaScript Script controlling The page can normally be shown, not influence visual effect.Further, it is mainly realized by middleware agent apparatus, does not need to take Business device is modified web site contents, is convenient for large scale deployment and popularization, is particularly suitable for the old page for being difficult to modify Face carries out security protection.
Content based on the various embodiments described above is generated according to the information of each third object element in parent page The specific steps of JavaScript script include: the information and client needs according to each third object element in parent page According to the information for each 4th object element that preset Encryption Algorithm encrypts uniform resource identifier, generate JavaScript script.
Wherein, the 4th object element is the element for quoting the dynamic generation of external resource.
Specifically, in order to further carry out security protection to webpage, the safety of webpage and website is improved, is generated When JavaScript script, other than needing the information by each third object element in parent page to be converted, also need The information of each 4th object element in parent page is converted.
It is understood that due to generate intermediate page when not to each 4th object element in parent page at It manages, the 4th object element in every four object elements, that is, intermediate page in parent page.
Preset Encryption Algorithm may be embodied in JavaScript script.Client passes through operation JavaScript foot This, can add according to uniform resource identifier of the preset Encryption Algorithm to each 4th object element in intermediate page It is close, the uniform resource identifier of every one the 4th object element is replaced with into encrypted uniform resource identifier.
4th object element can be the member of the dynamic generations of resources such as the external list of reference, picture, video, program Element.
List may include cascading style sheets (Cascading Style Sheets, CSS) list.
External resource cited in every one the 4th object element, can obtain from server-side.
Correspondingly, intermediate page is sent to after client further include: receive the Secondary resource that client is sent and obtain Request.
Wherein, Secondary resource acquisition request carries the encrypted uniform resource identifier of any 4th object element.
Specifically, after intermediate page being sent to client, client parses intermediate page by browser When, for every one the 4th object element, need to obtain the external resource of element reference, client generates Secondary resource acquisition and asks It asks.The Secondary resource acquisition request carries the 4th encrypted uniform resource identifier of object element.The Secondary resource obtains Request, for obtaining the external resource that the 4th object element is quoted from server-side.
The Secondary resource acquisition request is sent to middleware agent apparatus by client, middleware agent apparatus receive this Two resource acquisitions request.
The encrypted uniform resource identifier that Secondary resource acquisition request carries is carried out according to preset decipherment algorithm Decryption.
Specifically, after middleware agent apparatus receives Secondary resource acquisition request, according to preset decipherment algorithm to this The encrypted uniform resource identifier of a certain 4th object element that resource acquisition request carries is decrypted, and decrypts the 4th The uniform resource identifier of object element, as decrypted result.
Preset decipherment algorithm is the corresponding decipherment algorithm of preset Encryption Algorithm.
According to decrypted result, Secondary resource acquisition request after being restored, the Secondary resource after the reduction is obtained Request carries the uniform resource identifier of the 4th object element.
Secondary resource acquisition request after reduction can be sent to server-side by middleware agent apparatus.
Resource is obtained from server-side according to decrypted result, and is forwarded to client.
Specifically, it after server-side receives the Secondary resource acquisition request after reduction, can be provided according to second after the reduction The uniform resource identifier for the 4th object element that source acquisition request carries obtains the external money of the 4th object element reference Source, and the resource is returned into middleware agent apparatus.
Middleware agent apparatus receives the resource that server-side is returned according to the Secondary resource acquisition request after reduction, thus real Resource is now obtained from server-side according to decrypted result.After middleware agent apparatus receives the resource, by the resource forwarding to visitor Family end, client can load the resource.
The embodiment of the present invention is encrypted by the uniform resource identifier to the 4th static object element, can be destroyed and be attacked Acquisition of the person of hitting to external resource does not need to take so as to protect webpage and web portal security, the safety for improving webpage and website Business device is modified web site contents, and applicability is more preferable.Further, it is mainly realized, is not needed by middleware agent apparatus Server is modified web site contents, is convenient for large scale deployment and popularization, is particularly suitable for old to be difficult to modify The page carries out security protection.
Fig. 3 is the flow diagram according to safe web page means of defence provided in an embodiment of the present invention.As shown in figure 3, should Method includes: step S301, receives the intermediate page that middleware agent apparatus is sent.
Wherein, intermediate page is middleware agent apparatus to each first object attribute of an element value in parent page into Row randomization, according to the attribute value before each first object element randomization and the attribute value after randomization Between mapping relations generate JavaScript script, JavaScript script is injected in parent page and is generated;First mesh Mark element is static elements.
It should be noted that the executing subject of the embodiment of the present invention is client.
It is understood that before step S301 further include: send page access request to middleware agent apparatus.
The page access request is forwarded to server-side by middleware agent apparatus, server-side according to the page access request to Middleware agent apparatus returns to parent page, and middleware agent apparatus receives the parent page that server-side returns.
Middleware agent apparatus can obtain each first object element in parent page according to the position of the element The attribute of an element value is taken, randomization is carried out to the attribute of an element value, which is converted into random life At character string, as the attribute value after the element randomization.
It, can be by each first after middleware agent apparatus carries out randomization to each first object attribute of an element value The mapping relations between the attribute value after attribute value and randomization before object element randomization, are converted into JavaScript script.
After middleware agent apparatus generates the JavaScript script, which is injected into parent page In, and each first object attribute of an element value has been replaced by the attribute value after randomization in parent page, so as to To obtain intermediate page.
Intermediate page is sent to client by middleware agent apparatus, and client receives intermediate page.
Step S302, intermediate page is parsed, is run by the JavaScript script in injection intermediate page.
Specifically, after client receives intermediate page, intermediate page is parsed, operation is by injection intermediate page first JavaScript script in face.
Step S303, when rendering each first object element, first object element is restored according to JavaScript script Attribute value, load out parent page.
Specifically, since the JavaScript script injected in intermediate page carries at each first object element randomization The mapping relations between the attribute value after attribute value and randomization before reason, after client receives intermediate page, It, can be according to the JavaScript script injected in intermediate page, to centre when being parsed by browser to intermediate page The DOM API of the page is kidnapped, when rendering each first object element, to the first object member after randomization Element attribute value restored, so as to load out parent page, parent page can normally be shown, not by element property with The influence of machine, does not influence visual effect.
The DOM API of intermediate page is kidnapped, specifically function API can be selected to kidnap element, such as can The element property after being randomized can be restored, not shadow according to for selecting the getElementById function of element ID Ring normal parsing function.
The embodiment of the present invention by middleware agent apparatus to first object attribute of an element static in parent page Value is randomized, and positioning of the attacker to element can be destroyed, so as to protect webpage and web portal security, improve webpage and website Safety, do not need server and web site contents be modified, applicability is more preferable;According to the attribute value before and after randomization Between mapping relations generate JavaScript script, can normally be shown by the parent page of JavaScript Script controlling, Do not influence visual effect.Further, it is mainly realized by middleware agent apparatus, does not need server and web site contents are carried out Large scale deployment and popularization are convenient in change, are particularly suitable for carrying out security protection to the old page for being difficult to modify.
Fig. 4 is the flow diagram according to safe web page means of defence provided in an embodiment of the present invention.As shown in figure 4, should Method includes:
Step S401, the intermediate page that middleware agent apparatus is sent is received.
Wherein, intermediate page is that middleware agent apparatus is raw according to the information of each third object element in parent page At JavaScript script, by what is generated in the injection parent page of JavaScript script;Third object element is dynamic generation Element.
It should be noted that the executing subject of the embodiment of the present invention is client.
It is understood that before step S401 further include: send page access request to middleware agent apparatus.
The page access request is forwarded to server-side by middleware agent apparatus, server-side according to the page access request to Middleware agent apparatus returns to parent page, and middleware agent apparatus receives the parent page that server-side returns.
In order to which the attribute value to each third object element carries out randomization, middleware agent apparatus will be in parent page Each third object element information, be converted into JavaScript script.
After middleware agent apparatus generates the JavaScript script, which is injected into parent page In, so as to obtain intermediate page.
Intermediate page is sent to client by middleware agent apparatus, and client receives intermediate page.
Step S402, intermediate page is parsed, operation is by the JavaScript script in injection intermediate page, so that generating When each third object element, using the character string generated at random as the attribute of the third object element after randomization Value.
Specifically, after client receives intermediate page, intermediate page is parsed, operation is by injection intermediate page first JavaScript script in face.
It is understood that due to generate intermediate page when not to each third object element in parent page at It manages, third object element in each third object element, that is, intermediate page in parent page, for giving birth in parent page At in JavaScript code, that is, intermediate page of each third object element for generating the third object element JavaScript code.
Since the JavaScript script injected in intermediate page carries the information of each third object element, client's termination It, can be according to injecting in intermediate page when being parsed by browser to intermediate page after receiving intermediate page JavaScript script obtains the information of each third object element.
For each third object element in intermediate page, which can be generated, and right according to the position of the element The DOM API of intermediate page is kidnapped, and is specifically kidnapped the attribute of an element value assignment, the word that a string are generated at random Symbol string is as the attribute value after the third object element randomization.
Since the attribute value of third object element has carried out randomization, attacker can not be matched to by Xpath with The character string that machine generates, so as to destroy positioning of the attacker to third object element.
Step S403, when rendering each third object element, the character string that will be generated at random replaces with operation intermediate page In for generate third object element JavaScript code obtain attribute value, load out parent page.
Specifically, when rendering each third object element, according in intermediate page for generating the third object element JavaScript code, the first object attribute of an element value after randomization is restored, so as to add Parent page is set out, parent page can normally be shown, do not influenced by element property randomization, do not influence visual effect.
The embodiment of the present invention passes through the information to each third object element of middleware agent apparatus generation carrying JavaScript script makes client be able to achieve the category to the third object element of dynamic generation by JavaScript script Property value randomization, positioning of the attacker to element can be destroyed, so as to protect webpage and web portal security, improve webpage and website Safety, do not need server and web site contents be modified, applicability is more preferable;It is original by JavaScript Script controlling The page can normally be shown, not influence visual effect.Further, it is mainly realized by middleware agent apparatus, does not need to take Business device is modified web site contents, is convenient for large scale deployment and popularization, is particularly suitable for the old page for being difficult to modify Face carries out security protection.
Fig. 5 is the structural schematic diagram according to safe web page protective device provided in an embodiment of the present invention.Based on above-mentioned each reality The content of example is applied, as shown in figure 5, the device includes page receiving module 501, script generation module 502 and page forwarding module 503, in which:
Page receiving module 501, for receiving the parent page of server-side transmission;
Script generation module 502, for being carried out at randomization to each first object attribute of an element value in parent page Reason, according to the mapping between the attribute value before each first object element randomization and the attribute value after randomization Relationship generates JavaScript script, and JavaScript script is injected in parent page, generates intermediate page;
Page forwarding module 503, for intermediate page to be sent to client, so that client passes through parsing intermediate page Face loads out parent page;
Wherein, first object element is static elements.
It should be noted that the device can be middleware agent apparatus, it is deployed at middleware.
In another embodiment, page receiving module 501, script generation module 502 and page forwarding module 503 function Respectively include:
Page receiving module 501, for receiving the parent page of server-side transmission;
Script generation module 502, for being generated according to the information of each third object element in parent page JavaScript script injects JavaScript script in parent page, generates intermediate page;
Page forwarding module 503, for intermediate page to be sent to client, so that client passes through parsing intermediate page Attribute value in face of each third object element carries out randomization, and loads out parent page;
Wherein, third object element is the element of dynamic generation.
Safe web page protective device provided in an embodiment of the present invention, the net provided for executing the various embodiments described above of the present invention Page safety protecting method, each module which includes realize that the specific method of corresponding function and process are detailed in The embodiment of above-mentioned each safe web page means of defence, details are not described herein again.
The safe web page protective device is used for the safe web page means of defence of foregoing embodiments.Therefore, in aforementioned each reality The description and definition in the safe web page means of defence in example are applied, can be used for the reason of each execution module in the embodiment of the present invention Solution.
The embodiment of the present invention by middleware agent apparatus to the attribute value of the object element in parent page carry out with Machine can destroy positioning of the attacker to element, so as to protect webpage and web portal security, the safety for improving webpage and website Property, not needing server is modified web site contents, and applicability is more preferable;It is original by the JavaScript Script controlling of generation The page can normally be shown, not influence visual effect.Further, it is mainly realized by middleware agent apparatus, does not need to take Business device is modified web site contents, is convenient for large scale deployment and popularization, is particularly suitable for the old page for being difficult to modify Face carries out security protection.
Fig. 6 is the structural schematic diagram according to safe web page protective device provided in an embodiment of the present invention.Based on above-mentioned each reality The content of example is applied, as shown in fig. 6, the device includes receiving module 601, parsing module 602 and rendering module 603, in which:
Receiving module 601, for receiving the intermediate page of middleware agent apparatus transmission;
Parsing module 602 is run for parsing intermediate page by the JavaScript script in injection intermediate page;
Rendering module 603 when for rendering each first object element, restores the first mesh according to JavaScript script Attribute of an element value is marked, parent page is loaded out;
Wherein, intermediate page is middleware agent apparatus to each first object attribute of an element value in parent page into Row randomization, according to the attribute value before each first object element randomization and the attribute value after randomization Between mapping relations generate JavaScript script, JavaScript script is injected in parent page and is generated;First mesh Mark element is static elements.
It should be noted that the device can be client.
In another embodiment, the function of receiving module 601, parsing module 602 and rendering module 603 respectively include:
Receiving module 601, for receiving the intermediate page of middleware agent apparatus transmission;
Parsing module 602, for parsing intermediate page, operation by the JavaScript script in injection intermediate page, with When so that generating each third object element, using the character string generated at random as the third object element after randomization Attribute value;
Rendering module 603, when for rendering each third object element, the character string that will be generated at random replaces with operation The attribute value obtained in intermediate page for generating the JavaScript code of third object element, loads out parent page;
Wherein, intermediate page is that middleware agent apparatus is raw according to the information of each third object element in parent page At JavaScript script, by what is generated in the injection parent page of JavaScript script;Third object element is dynamic generation Element.
Safe web page protective device provided in an embodiment of the present invention, the net provided for executing the various embodiments described above of the present invention Page safety protecting method, each module which includes realize that the specific method of corresponding function and process are detailed in The embodiment of above-mentioned each safe web page means of defence, details are not described herein again.
The safe web page protective device is used for the safe web page means of defence of foregoing embodiments.Therefore, in aforementioned each reality The description and definition in the safe web page means of defence in example are applied, can be used for the reason of each execution module in the embodiment of the present invention Solution.
The embodiment of the present invention by middleware agent apparatus to the attribute value of the object element in parent page carry out with Machine can destroy positioning of the attacker to element, so as to protect webpage and web portal security, the safety for improving webpage and website Property, not needing server is modified web site contents, and applicability is more preferable;It is original by the JavaScript Script controlling of generation The page can normally be shown, not influence visual effect.Further, it is mainly realized by middleware agent apparatus, does not need to take Business device is modified web site contents, is convenient for large scale deployment and popularization, is particularly suitable for the old page for being difficult to modify Face carries out security protection.
Fig. 7 is the structural block diagram according to electronic equipment provided in an embodiment of the present invention.Content based on the above embodiment, such as Shown in Fig. 7, which may include: processor (processor) 701, memory (memory) 702 and bus 703;Its In, processor 701 and memory 702 pass through bus 703 and complete mutual communication;Processor 701 is stored in for calling In reservoir 702 and the computer program instructions that can be run on processor 701, to execute provided by above-mentioned each method embodiment Safe web page means of defence, for example, receive the parent page that server-side is sent;To each first object member in parent page The attribute value of element carries out randomization, according to the attribute value and randomization before each first object element randomization Mapping relations between attribute value later generate JavaScript script, and JavaScript script is injected in parent page, Generate intermediate page;Intermediate page is sent to client, so that client loads out original page by parsing intermediate page Face;It or include: the parent page for receiving server-side and sending;It is generated according to the information of each third object element in parent page JavaScript script injects JavaScript script in parent page, generates intermediate page;Intermediate page is sent to visitor Family end so that client carries out randomization by attribute value of the parsing intermediate page to each third object element, and adds Set out parent page.
Another embodiment of the present invention discloses a kind of computer program product, and computer program product is non-transient including being stored in Computer program on computer readable storage medium, computer program include program instruction, when program instruction is held by computer When row, computer is able to carry out safe web page means of defence provided by above-mentioned each method embodiment, for example, receives service Hold the parent page sent;Randomization is carried out to each first object attribute of an element value in parent page, according to each the Mapping relations between attribute value before one object element randomization and the attribute value after randomization generate JavaScript script injects JavaScript script in parent page, generates intermediate page;Intermediate page is sent to visitor Family end, so that client loads out parent page by parsing intermediate page;It or include: the original of reception server-side transmission The page;JavaScript script is generated according to the information of each third object element in parent page, by JavaScript script It injects in parent page, generates intermediate page;Intermediate page is sent to client, so that client passes through parsing intermediate page Attribute value in face of each third object element carries out randomization, and loads out parent page.
In addition, the logical order in above-mentioned memory 702 can be realized by way of SFU software functional unit and conduct Independent product when selling or using, can store in a computer readable storage medium.Based on this understanding, originally The technical solution of the inventive embodiments substantially part of the part that contributes to existing technology or the technical solution in other words It can be embodied in the form of software products, which is stored in a storage medium, including several fingers It enables and using so that a computer equipment (can be personal computer, server or the network equipment etc.) executes the present invention respectively The all or part of the steps of a embodiment method.And storage medium above-mentioned includes: USB flash disk, mobile hard disk, read-only memory (ROM, Read-Only Memory), random access memory (RAM, Random Access Memory), magnetic or disk Etc. the various media that can store program code.
Another embodiment of the present invention provides a kind of non-transient computer readable storage medium, non-transient computer readable storages Medium storing computer instruction, computer instruction make computer execute the protection of safe web page provided by above-mentioned each method embodiment Method, for example, receive the parent page that server-side is sent;To each first object attribute of an element value in parent page into Row randomization, according to the attribute value before each first object element randomization and the attribute value after randomization Between mapping relations generate JavaScript script, by JavaScript script inject parent page in, generate intermediate page; Intermediate page is sent to client, so that client loads out parent page by parsing intermediate page.
The apparatus embodiments described above are merely exemplary, wherein unit can be as illustrated by the separation member Or may not be and be physically separated, component shown as a unit may or may not be physical unit, i.e., It can be located in one place, or may be distributed over multiple network units.It can select according to the actual needs therein Some or all of the modules achieves the purpose of the solution of this embodiment.Those of ordinary skill in the art are not paying creative labor In the case where dynamic, it can understand and implement.
Through the above description of the embodiments, those skilled in the art can be understood that each embodiment can It realizes by means of software and necessary general hardware platform, naturally it is also possible to pass through hardware.Such understanding, above-mentioned skill Substantially the part that contributes to existing technology can be embodied in the form of software products art scheme in other words, the calculating Machine software product may be stored in a computer readable storage medium, such as ROM/RAM, magnetic disk, CD, including some instructions are used So that a computer equipment (can be personal computer, server or the network equipment etc.) executes above-mentioned each implementation The method of certain parts of example or embodiment.
Finally, it should be noted that the above embodiments are merely illustrative of the technical solutions of the present invention, rather than its limitations;Although Present invention has been described in detail with reference to the aforementioned embodiments, those skilled in the art should understand that: it still may be used To modify the technical solutions described in the foregoing embodiments or equivalent replacement of some of the technical features; And these are modified or replaceed, technical solution of various embodiments of the present invention that it does not separate the essence of the corresponding technical solution spirit and Range.

Claims (10)

1. a kind of safe web page means of defence characterized by comprising
Receive the parent page that server-side is sent;
Randomization is carried out to each first object attribute of an element value in the parent page, according to each first object Mapping relations between the attribute value after attribute value and randomization before element randomization generate JavaScript script injects the JavaScript script in the parent page, generates intermediate page;
The intermediate page is sent to client so that the client by parse the intermediate page load out it is described Parent page;
Wherein, the first object element is static elements.
2. safe web page means of defence according to claim 1, which is characterized in that described to receive the original of server-side transmission Between the page, with the generation intermediate page, further includes:
It is encrypted according to uniform resource identifier of the preset Encryption Algorithm to every one second object element;
Correspondingly, the intermediate page is sent to after client further include:
Receive the first resource acquisition request that the client is sent;
It is decrypted according to the encrypted uniform resource identifier that preset decipherment algorithm carries resource acquisition request;
Resource is obtained from the server-side according to decrypted result, and is forwarded to the client;
Wherein, second object element is the static elements for quoting external resource;The first resource acquisition request carries and appoints The one encrypted uniform resource identifier of second object element.
3. safe web page means of defence according to claim 1 or 2, which is characterized in that described according to each first mesh Mapping relations between attribute value before marking element randomization and the attribute value after randomization generate The specific steps of JavaScript script include:
According between the attribute value before each first object element randomization and the attribute value after randomization Mapping relations and the parent page in each third object element information, generate the JavaScript script;
Wherein, the third object element is the element of dynamic generation.
4. safe web page means of defence according to claim 3, which is characterized in that described according to each first object member The mapping relations and the original page between the attribute value after attribute value and randomization before plain randomization The information of each third object element in face, the specific steps for generating the JavaScript script include:
According between the attribute value before each first object element randomization and the attribute value after randomization Mapping relations, the information and the client of each third object element in the parent page needs according to preset encryption The information for each 4th object element that algorithm encrypts uniform resource identifier, generates the JavaScript script;
Correspondingly, the intermediate page is sent to after client further include:
Receive the Secondary resource acquisition request that the client is sent;
The encrypted uniform resource identifier that the Secondary resource acquisition request carries is carried out according to preset decipherment algorithm Decryption;
Resource is obtained from the server-side according to decrypted result, and is forwarded to the client;
Wherein, the 4th object element is the element for quoting the dynamic generation of external resource;The Secondary resource acquisition request, Carry the encrypted uniform resource identifier of any 4th object element.
5. a kind of safe web page means of defence characterized by comprising
Receive the parent page that server-side is sent;
JavaScript script is generated according to the information of each third object element in the parent page, it will be described JavaScript script injects in the parent page, generates intermediate page;
The intermediate page is sent to client, so that the client is by parsing the intermediate page to each described the The attribute value of three object elements carries out randomization, and loads out the parent page;
Wherein, the third object element is the element of dynamic generation.
6. safe web page means of defence according to claim 5, which is characterized in that described according in the parent page The specific steps that the information of each third object element generates JavaScript script include:
It needs to be calculated according to preset encryption according to the information of each third object element in the parent page and the client The information for each 4th object element that method encrypts uniform resource identifier, generates the JavaScript script;
Correspondingly, the intermediate page is sent to after client further include:
Receive the Secondary resource acquisition request that the client is sent;
The encrypted uniform resource identifier that the Secondary resource acquisition request carries is carried out according to preset decipherment algorithm Decryption;
Resource is obtained from the server-side according to decrypted result, and is forwarded to the client;
Wherein, the 4th object element is the element for quoting the dynamic generation of external resource;The Secondary resource acquisition request, Carry the encrypted uniform resource identifier of any 4th object element.
7. a kind of safe web page means of defence characterized by comprising
Receive the intermediate page that middleware agent apparatus is sent;
Parse the intermediate page, the JavaScript script that operation is injected in the intermediate page;
When rendering each first object element, the first object attribute of an element is restored according to the JavaScript script Value, loads out parent page;
Wherein, the intermediate page is the middleware agent apparatus to each first object member in the parent page Element attribute value carry out randomization, according to before each first object element randomization attribute value and randomization Mapping relations between attribute value after processing generate JavaScript script, will be described in JavaScript script injection It is generated in parent page;The first object element is static elements.
8. a kind of safe web page means of defence characterized by comprising
Receive the intermediate page that middleware agent apparatus is sent;
Parse the intermediate page, the JavaScript script that operation is injected in the intermediate page, so that generating each When third object element, using the character string generated at random as the attribute of the third object element after randomization Value;
When rendering each third object element, by the character string generated at random, the operation intermediate page is replaced with In for generate the third object element JAVASCRIPT code obtain attribute value, load out parent page;
Wherein, the intermediate page is the middleware agent apparatus according to each third target in the parent page The information of element generates JavaScript script, and the JavaScript script is injected and is generated in the parent page;Institute State the element that third object element is dynamic generation.
9. a kind of electronic equipment including memory, processor and stores the calculating that can be run on a memory and on a processor Machine program, which is characterized in that the processor realizes webpage as claimed in any one of claims 1 to 8 when executing described program The step of safety protecting method.
10. a kind of non-transient computer readable storage medium, is stored thereon with computer program, which is characterized in that the computer The step of safe web page means of defence as claimed in any one of claims 1 to 8 is realized when program is executed by processor.
CN201910349779.0A 2019-04-28 2019-04-28 Safe web page means of defence Pending CN110263533A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910349779.0A CN110263533A (en) 2019-04-28 2019-04-28 Safe web page means of defence

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910349779.0A CN110263533A (en) 2019-04-28 2019-04-28 Safe web page means of defence

Publications (1)

Publication Number Publication Date
CN110263533A true CN110263533A (en) 2019-09-20

Family

ID=67914008

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910349779.0A Pending CN110263533A (en) 2019-04-28 2019-04-28 Safe web page means of defence

Country Status (1)

Country Link
CN (1) CN110263533A (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111209544A (en) * 2019-12-17 2020-05-29 中移(杭州)信息技术有限公司 Web application security protection method and device, electronic equipment and storage medium
CN112182614A (en) * 2020-09-29 2021-01-05 北京天云海数技术有限公司 Dynamic Web application protection system
CN112291352A (en) * 2020-10-30 2021-01-29 杭州安恒信息安全技术有限公司 Protection method, device, equipment and medium for database collision and brute force cracking

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105979393A (en) * 2015-12-01 2016-09-28 乐视致新电子科技(天津)有限公司 Web page display method and device, and intelligent television system
CN107959660A (en) * 2016-10-17 2018-04-24 中兴通讯股份有限公司 A kind of static file access method and device based on Nginx
US20180121680A1 (en) * 2014-05-23 2018-05-03 Shape Security, Inc. Obfuscating web code
CN109150965A (en) * 2018-07-06 2019-01-04 百度在线网络技术(北京)有限公司 The anti-screen method of information resources, device, computer equipment and storage medium
CN109284104A (en) * 2018-09-28 2019-01-29 北京航空航天大学青岛研究院 Method based on webpage assembler language control page jump
CN109309677A (en) * 2018-09-28 2019-02-05 杭州电子科技大学 A kind of Web application dynamic security method based on semanteme collaboration
US20190081873A1 (en) * 2017-09-12 2019-03-14 Sophos Limited Dashboard for managing enterprise network traffic

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20180121680A1 (en) * 2014-05-23 2018-05-03 Shape Security, Inc. Obfuscating web code
CN105979393A (en) * 2015-12-01 2016-09-28 乐视致新电子科技(天津)有限公司 Web page display method and device, and intelligent television system
CN107959660A (en) * 2016-10-17 2018-04-24 中兴通讯股份有限公司 A kind of static file access method and device based on Nginx
US20190081873A1 (en) * 2017-09-12 2019-03-14 Sophos Limited Dashboard for managing enterprise network traffic
CN109150965A (en) * 2018-07-06 2019-01-04 百度在线网络技术(北京)有限公司 The anti-screen method of information resources, device, computer equipment and storage medium
CN109284104A (en) * 2018-09-28 2019-01-29 北京航空航天大学青岛研究院 Method based on webpage assembler language control page jump
CN109309677A (en) * 2018-09-28 2019-02-05 杭州电子科技大学 A kind of Web application dynamic security method based on semanteme collaboration

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
努力化猿的鼠: "Meta http-equiv属性详解", <HTTPS://WWW.CNBLOGS.COM/DREAMAKER/P/10576750.HTML> *
孙松柏等: "HTML5安全研究", 《计算机应用与软件》 *
邹学强等: "基于页面布局相似性的钓鱼网页发现方法", 《通信学报》 *

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111209544A (en) * 2019-12-17 2020-05-29 中移(杭州)信息技术有限公司 Web application security protection method and device, electronic equipment and storage medium
CN111209544B (en) * 2019-12-17 2022-07-01 中移(杭州)信息技术有限公司 Web application security protection method and device, electronic equipment and storage medium
CN112182614A (en) * 2020-09-29 2021-01-05 北京天云海数技术有限公司 Dynamic Web application protection system
CN112182614B (en) * 2020-09-29 2023-10-13 北京天云海数技术有限公司 Dynamic Web application protection system
CN112291352A (en) * 2020-10-30 2021-01-29 杭州安恒信息安全技术有限公司 Protection method, device, equipment and medium for database collision and brute force cracking

Similar Documents

Publication Publication Date Title
US11886619B2 (en) Apparatus and method for securing web application server source code
US9241004B1 (en) Alteration of web documents for protection against web-injection attacks
CN104166822B (en) A kind of method and apparatus of data protection
EP3391263B1 (en) Securing webpages, webapps and applications
CN104106073B (en) Security strategy editing machine
US9553865B2 (en) Protecting websites from cross-site scripting
CN105306473B (en) A kind of method for preventing injection attacks, client, server and system
CN105631355A (en) Data processing method and device
US9135469B2 (en) Information protection system
CN108322461A (en) Method, system, device, equipment and the medium of application program automated log on
CN105631359A (en) Control method and device of webpage operation
WO2015150391A1 (en) Software protection
Van Acker et al. FlashOver: Automated discovery of cross-site scripting vulnerabilities in rich internet applications
CN110263533A (en) Safe web page means of defence
EP2245821A2 (en) Authenticating a web page with embedded javascript
CN106331042B (en) Single sign-on method and device for heterogeneous user system
CN103778352A (en) Electronic evidence generation and verification method and device as well as electronic evidence generation system
CN110084038A (en) Prevent third party&#39;s JavaScript loophole
Peguero et al. CSRF protection in JavaScript frameworks and the security of JavaScript applications
US8892894B2 (en) Computer-implemented method and system for embedding and authenticating ancillary information in digitally signed content
Kerschbaumer et al. Towards precise and efficient information flow control in web browsers
US20220263828A1 (en) Client-side blocking and reporting of unauthorized network transmissions
CA2701776A1 (en) A computer-implemented method and system to enable out of band tracking for digital distribution
Caliwag et al. Integrating the escaping technique in preventing cross site scripting in an online inventory system
AU2007357078A1 (en) A computer-implemented method and system for embedding and authenticating ancillary information in digitally signed content

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
AD01 Patent right deemed abandoned

Effective date of abandoning: 20211112

AD01 Patent right deemed abandoned