Secure component-based web applications

US 10,129,258 B2
Filed: 11/30/2016
Issued: 11/13/2018
Est. Priority Date: 11/30/2016
Status: Active Grant

First Claim

Patent Images

1. A system comprising:

a processor; and

a memory storing instructions configurable to cause;

obtaining a plurality of documents for a web-based application, the web-based application comprising one or more of a plurality of custom components and one or more application programming interface (API) components;

processing a document object model (DOM) corresponding to the web-based application, wherein the one or more custom components and the one or more API components are modeled in hierarchical form; and

for each custom component;

assigning a key to the custom component, the key constituting an object reference of the custom component such that the custom component is accessible only to other components capable of providing the key in accordance with one or more rules of capability security,identifying one or more accessible custom components for which the custom component is capable of providing a key assigned to the one or more accessible custom components,generating a virtual DOM for the custom component corresponding to the web-based application, wherein the custom component and the identified one or more accessible custom components are modeled in hierarchical form, andrestricting access of the custom component to all inaccessible custom components for which the custom component is not capable of providing a key assigned to an inaccessible custom component.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Disclosed are examples of systems, apparatus, methods and computer program products for providing a security model for component-based web applications. Documents for a web-based application are received, with the application containing custom components and Application Programming Interface (API) components. A Document Object Model (DOM) is processed corresponding to the web-based application, with the custom and API components modeled in hierarchical form. For each custom component, a key is assigned in accordance with the rules of capability security, accessible custom components are identified for which the custom component can provide the assigned key, a virtual DOM is generated for the custom component with the component and identified accessible custom components being modeled in hierarchical form, and the custom component is prohibited access to all inaccessible custom components.

217 Citations

20 Claims

1. A system comprising:
- a processor; and
  
  a memory storing instructions configurable to cause;
  
  obtaining a plurality of documents for a web-based application, the web-based application comprising one or more of a plurality of custom components and one or more application programming interface (API) components;
  
  processing a document object model (DOM) corresponding to the web-based application, wherein the one or more custom components and the one or more API components are modeled in hierarchical form; and
  
  for each custom component;
  
  assigning a key to the custom component, the key constituting an object reference of the custom component such that the custom component is accessible only to other components capable of providing the key in accordance with one or more rules of capability security,identifying one or more accessible custom components for which the custom component is capable of providing a key assigned to the one or more accessible custom components,generating a virtual DOM for the custom component corresponding to the web-based application, wherein the custom component and the identified one or more accessible custom components are modeled in hierarchical form, andrestricting access of the custom component to all inaccessible custom components for which the custom component is not capable of providing a key assigned to an inaccessible custom component.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The system of claim 1, the instructions further configurable to cause:
    - for each custom component, further restricting access of the custom component to the DOM corresponding to the web-based application.
  - 3. The system of claim 1, the instructions further configurable to cause:
    - for each API component, determining whether the API component is a private API component or a public API component; and
      
      for each custom component;
      
      restricting access of the custom component to all private API components.
  - 4. The system of claim 3, wherein generating the virtual DOM for the custom component comprises modeling public API components in hierarchical form.
  - 5. The system of claim 1, the instructions further configurable to cause:
    - for each custom component, determining one or more namespace identifications for a developer associated with the custom component.
  - 6. The system of claim 5, wherein the key is assigned to each custom component based on the one or more namespace identifications, and wherein identifying the one or more accessible custom components corresponds at least in part to the one or more namespace identifications.
  - 7. The system of claim 1, the instructions further configurable to cause:
    - assigning a strict mode to the plurality of documents such that global objects cannot be accessed through the one or more components.
  - 8. The system of claim 1, the instructions further configurable to cause:
    - assigning a content security policy to the plurality of documents such that converting a string of code into executable code within the plurality of documents is prohibited.
  - 9. The system of claim 1, the instructions further configurable to cause:
    - for each custom component, storing the key assigned to the custom component in the memory.

10. A method comprising:
- receiving a plurality of documents for a web-based application, the web-based application comprising one or more of a plurality of custom components and one or more application programming interface (API) components;
  
  processing a document object model (DOM) corresponding to the web-based application, wherein the one or more custom components and the one or more API components are modeled in hierarchical form; and
  
  for each custom component;
  
  assigning a key to the custom component, the key constituting an object reference of the custom component such that the custom component is accessible only to other components capable of providing the key in accordance with one or more rules of capability security,identifying one or more accessible custom components for which the custom component is capable of providing a key assigned to the one or more accessible custom components,generating a virtual DOM for the custom component corresponding to the web-based application, wherein the custom component and the identified one or more accessible custom components are modeled in hierarchical form, andrestricting access of the custom component to all inaccessible custom components for which the custom component is not capable of providing a key assigned to an inaccessible custom component.
- View Dependent Claims (11, 12, 13, 14, 15, 16)
- - 11. The method of claim 10, further comprising:
    - for each custom component, further restricting access of the custom component to the DOM corresponding to the web-based application.
  - 12. The method of claim 10, further comprising:
    - for each API component, determining whether the API component is a private API component or a public API component; and
      
      for each custom component;
      
      restricting access of the custom component to all private API components.
  - 13. The method of claim 10, further comprising:
    - for each custom component, determining one or more namespace identifications for a developer associated with the custom component.
  - 14. The method of claim 13, wherein the key is assigned to each custom component based on the one or more namespace identifications, and wherein identifying the one or more accessible custom components corresponds at least in part to the one or more namespace identifications.
  - 15. The method of claim 10, further comprising:
    - assigning a strict mode to the plurality of documents such that global objects cannot be accessed through one or more components.
  - 16. The method of claim 10, further comprising:
    - assigning a content security policy to the plurality of documents such that converting a string of code into executable code within the plurality of documents is prohibited.

17. A computer program product comprising a non-transitory computer-readable medium storing computer-readable program code capable of being executed by one or more processors, the program code comprising instructions configurable to cause:
- obtaining a plurality of documents for a web-based application, the web-based application comprising one or more of a plurality of custom components and one or more application programming interface (API) components;
  
  processing a document object model (DOM) corresponding to the web-based application, wherein the one or more custom components and the one or more API components are modeled in hierarchical form; and
  
  for each custom component;
  
  assigning a key to the custom component, the key constituting an object reference of the custom component such that the custom component is accessible only to other components capable of providing the key in accordance with one or more rules of capability security,identifying one or more accessible custom components for which the custom component is capable of providing a key assigned to the one or more accessible custom components,generating a virtual DOM for the custom component corresponding to the web-based application, wherein the custom component and the identified one or more accessible custom components are modeled in hierarchical form, andrestricting access of the custom component to all inaccessible custom components for which the custom component is not capable of providing a key assigned to an inaccessible custom component.
- View Dependent Claims (18, 19, 20)
- - 18. The computer program product of claim 17, the instructions further configurable to cause:
    - for each custom component, further restricting access of the custom component to the DOM corresponding to the web-based application.
  - 19. The computer program product of claim 17, the instructions further configurable to cause:
    - for each API component, determining whether the API component is a private API component or a public API component; and
      
      for each custom component;
      
      restricting access of the custom component to all private API components.
  - 20. The computer program product of claim 19, wherein generating the virtual DOM for the custom component comprises modeling public API components in hierarchical form.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Salesforce.com, Inc.
Original Assignee
Salesforce.com, Inc.
Inventors
Chasman, Doug, Patino, Caridy, Bliss, Trevor James, Gorbaty, Sergey
Primary Examiner(s)
Paliwal, Yogesh

Application Number

US15/364,939
Publication Number

US 20180152450A1
Time in Patent Office

713 Days
Field of Search
US Class Current
CPC Class Codes

G06F 16/80   of semi-structured data, e....

G06F 16/93   Document management systems

G06F 16/9535   Search customisation based ...

G06F 21/6227   where protection concerns t...

G06F 21/629   to features or functions of...

H04L 63/06   for supporting key manageme...

H04L 63/10   for controlling access to d...

H04L 63/102   Entity profiles

H04L 63/20   for managing network securi...

Secure component-based web applications

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

217 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Secure component-based web applications

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

217 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links