CROSS-SITE SCRIPTING FILTER
First Claim
1. A computer-implemented system for processing a cross-site scripting (XSS) attack, comprising:
- a communications component for processing traffic between a client and a server; and
a filter component for filtering a reflected XSS attack from the traffic.
2 Assignments
0 Petitions
Accused Products
Abstract
A reflected cross-site scripting (XSS) mitigation technique that can be implemented wholly on the client by installing a client-side filter that prevents reflected XSS vulnerabilities. XSS filtering performed entirely on the client-side enables web browsers to defend against XSS involving servers which may not have sufficient XSS mitigations in place. The technique accurately identifies XSS attacks using carefully selected heuristics and matching suspect portions of URLs and POST data with reflected page content. The technique used by the filter quickly identifies and passes through traffic which is deemed safe, keeping performance impact from the filter to a minimum. Non-HTML MIME types can be passed through quickly as well as requests which are same-site. For the remaining requests, regular expressions are not run across the full HTTP response unless XSS heuristics are matched in the HTTP request URL or POST data.
-
Citations
20 Claims
-
1. A computer-implemented system for processing a cross-site scripting (XSS) attack, comprising:
-
a communications component for processing traffic between a client and a server; and a filter component for filtering a reflected XSS attack from the traffic. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A computer-implemented system for processing an XSS attack, comprising:
-
a client browser for processing a request and a response between a client and a server; and a filter component as part of the client browser for analyzing the request using heuristics and the response using signatures generated from the heuristics, and filtering a reflected XSS attack from the response traffic based on the signatures.
-
-
12. A computer-implemented method of filtering a reflected XSS attack, comprising:
-
sending a request to a server; processing the request using heuristics to determine if a signature is generated; receiving a response from the server; and filtering the response as a reflected XSS attack based on the generation of the signature. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20)
-
Specification