Protection and communication abstractions for web browsers
First Claim
1. A system comprising at least one processor coupled to a non-transitory computer-readable storage medium storing instructions executable by the at least one processor to implement:
- a browser configured to integrate first content from a first server associated with a first domain with second content comprising restricted content from a second server associated with a second domain different from the first domain;
a resource management component, at the browser, configured to provide a sandbox for the second content comprising the restricted content, wherein the resource management component is further configured to prevent the restricted content from directly accessing the first content from the first server associated with the first domain and yet allow the restricted content to communicate with the first content from the first server associated with the first domain using a messaging function implemented using browser-side communication across domains using a port-based naming scheme; and
wherein, the browser is further configured to isolate third content from a third server via a browser-side abstraction, different from the sandbox, and wherein the browser-side abstraction is configured to display at least a portion of the third content.
2 Assignments
0 Petitions
Accused Products
Abstract
Systems and methodologies for accessing resources associated with a Web-based application in accordance with one or more embodiments disclosed herein may include a browser that obtains at least first resources from a first domain and second resources from a second domain and a resource management component that facilitates controlled communication between the first resources and the second resources and prevents the first resources and the second resources from accessing other resources that the first resources and the second resources are not permitted to access. The resource management component may be further operable to contain restricted services in a sandbox containment structure and/or to isolate access-controlled resources in a service instance. In addition, the resource management component may be operable to facilitate the flexible display of resources from disparate domains and/or controlled communication therebetween.
344 Citations
20 Claims
-
1. A system comprising at least one processor coupled to a non-transitory computer-readable storage medium storing instructions executable by the at least one processor to implement:
-
a browser configured to integrate first content from a first server associated with a first domain with second content comprising restricted content from a second server associated with a second domain different from the first domain; a resource management component, at the browser, configured to provide a sandbox for the second content comprising the restricted content, wherein the resource management component is further configured to prevent the restricted content from directly accessing the first content from the first server associated with the first domain and yet allow the restricted content to communicate with the first content from the first server associated with the first domain using a messaging function implemented using browser-side communication across domains using a port-based naming scheme; and wherein, the browser is further configured to isolate third content from a third server via a browser-side abstraction, different from the sandbox, and wherein the browser-side abstraction is configured to display at least a portion of the third content. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A method implemented by at least one processor, the method comprising:
-
obtaining content, via a browser, comprising restricted content from a server; at the browser, providing a sandbox for the content comprising the restricted content; using a browser-side resource management component, preventing the restricted content from directly accessing any non-sandboxed content and yet allowing the restricted content to communicate with the non-sandboxed content using a messaging function implemented using browser-side communication; and using a browser-side abstraction, different from the sandbox, isolating additional content obtained via the browser, wherein the browser-side abstraction is configured to display at least a portion of the additional content. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A non-transitory computer-readable medium storing instructions executable by a processor to:
-
obtain content, via a browser, comprising a first restricted content and a second restricted content from a server; and at the browser, provide a first sandbox for the first restricted content and provide a second sandbox for the second restricted content, wherein each of the first sandbox and the second sandbox is implemented using hypertext markup language (HTML) and a resource containment functionality provided by the browser; using a browser-side resource management component;
(1) prevent the first restricted content from directly accessing the second restricted content and yet allow the first restricted content to communicate with the second restricted content using a messaging function implemented using a port-based naming scheme and prevent the second restricted content from directly accessing the first restricted content and yet allow the second restricted content to communicate with the first restricted content using the messaging function implemented using the port-based naming scheme; andusing a browser-side abstraction, wherein the browser-side abstraction is different from the sandbox, isolate additional content obtained via the browser, wherein the browser-side abstraction is configured to display at least a portion of the additional content. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification