Systems and methods for mitigating cross-site scripting
First Claim
Patent Images
1. In a system that includes a user computer that communicates with a server computer over a network, a method for mitigating a cross-site scripting attack, the method comprising:
- receiving a request from a user computer, wherein the request includes data derived from an outside source;
determining if the request from the user computer includes a marker of active content; and
refraining from executing the request if the request includes the marker of active content.
2 Assignments
0 Petitions
Accused Products
Abstract
Systems and methods for mitigating cross-site scripting attacks. When an HTTP request is received from a user computer, the HTTP request is evaluated to determine if it includes a script construct. Particularly, data derived from an outside source that is included in the HTTP request is examined for the presence of script constructs. The presence of a script construct indicates that a cross-site scripting attack is being executed and the server computer is able to prevent the attack from being carried out.
-
Citations
25 Claims
-
1. In a system that includes a user computer that communicates with a server computer over a network, a method for mitigating a cross-site scripting attack, the method comprising:
-
receiving a request from a user computer, wherein the request includes data derived from an outside source;
determining if the request from the user computer includes a marker of active content; and
refraining from executing the request if the request includes the marker of active content. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. In a system that includes a user computer that communicates with a server computer over a network, wherein the server computer generates dynamic content based on input from the user computer, a method for mitigating a cross-site scripting attack such that data submitted to the server computer is not sent back to the user computer as script, the method comprising:
-
receiving an HTTP request at a server computer, wherein the HTTP request includes input data that was not generated by the server computer;
evaluating the HTTP request to determine if the input data includes a script construct, wherein the script construct indicates that HTTP request is part of a cross-site scripting attack; and
preventing the cross-site scripting attack if the input data includes a script construct. - View Dependent Claims (9, 10, 11, 12, 13, 14, 15, 16, 17)
-
-
18. In a system that includes a user computer that communicates with a server computer over a network, wherein the server computer generates dynamic content based on input from the user computer, a computer program product for implementing a method for mitigating a cross-site scripting attack such that input data submitted to the server computer is not sent back to the user computer as script, the computer program product comprising:
a computer-readable medium having computer executable instructions for performing the method, the method comprising;
receiving an HTTP request at a server computer, wherein the HTTP request includes input data that was not generated by the server computer;
evaluating the HTTP request to determine if the input data includes a script construct that indicates a cross-site scripting attack; and
preventing the cross-site scripting attack if the input data includes a script construct. - View Dependent Claims (19, 20, 21, 22, 23, 24, 25)
Specification