Separate script context to isolate malicious script
First Claim
1. A computer-implemented method comprising:
- starting a first scripting context that has access to at least some resources associated with a computer;
loading at least one script into the first scripting context;
identifying a reference to remote content within the at least one script, the remote content being remote from the computer;
responsive to identifying the reference to remote content, starting a second scripting context that does not have access to the at least some resources associated with the computer;
loading the remote content into the second scripting context for execution; and
transferring data associated with the remote content from the second scripting context to the first scripting context.
2 Assignments
0 Petitions
Accused Products
Abstract
Various embodiments provide an ability to isolate execution of trusted content and/or script from execution of untrusted content and/or script. Separate contexts and/or execution environments can be used for the trusted content and untrusted content, respectively. A trusted context and/or execution environment associated with execution of trusted content can be configured to enable access to sensitive resources associated with a computing device. An untrusted context and/or execution environment associated with execution of untrusted content can be configured with limited and/or no access to the sensitive resources. Alternately or additionally, data generated within the untrusted context can be transferred to the trusted context in a benign manner.
6 Citations
20 Claims
-
1. A computer-implemented method comprising:
-
starting a first scripting context that has access to at least some resources associated with a computer; loading at least one script into the first scripting context; identifying a reference to remote content within the at least one script, the remote content being remote from the computer; responsive to identifying the reference to remote content, starting a second scripting context that does not have access to the at least some resources associated with the computer; loading the remote content into the second scripting context for execution; and transferring data associated with the remote content from the second scripting context to the first scripting context. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. One or more computer-readable storage memory comprising computer-readable instructions that are executable to:
-
identify an attribute associated with remote content that is referenced within at least one scripting file, the at least one scripting file being local to a computing device, the remote content being remote from the computing device; responsive to identifying the attribute, start a scripting context that does not have access to at least some resources associated with the computing device; load the remote content into the scripting context, the remote content being configured to generate at least some data; and transfer the at least some data to a second scripting context in a trusted format. - View Dependent Claims (10, 11, 12, 13, 14, 15)
-
-
16. One or more computer-readable storage memory comprising computer readable instructions which, responsive to execution by at least one processor, implement:
-
one or more global scripting context modules configured to; execute packaged content associated with a web application; and enable identification of remotely referenced and accessible content within the packaged content; one or more limited scripting context modules configured to; process the remotely referenced and accessible content identified within the packaged content; and generate data associated with the remotely referenced and accessible content; and one or more proxy modules configured to; broker interactions between the one or more global scripting context modules and the one or more limited scripting context modules; and enable transfer of the data associated with the remotely referenced and accessible content, in a benign format, from a limited scripting context associated with the one or more limited scripting context modules to a global scripting context associated with the one or more global scripting context modules. - View Dependent Claims (17, 18, 19, 20)
-
Specification