Security model for a layout engine and scripting engine

US 8,646,029 B2
Filed: 05/31/2011
Issued: 02/04/2014
Est. Priority Date: 05/24/2011
Status: Active Grant

First Claim

Patent Images

1. One or more computer-readable storage memories comprising computer readable instructions which, when executed, implement:

a security module configured to enable secure information transfer between a web browser'"'"'s scripting engine and layout engine, the security module comprising;

a module configured to enable restricted access to at least one Application Programming Interface (API) associated with a scripting language of the scripting engine;

a module configured to enable at least one object to be returned cross-domain to a calling system, via the scripting engine and the layout engine, without divulging type system information associated with the at least one object, the module configured to enable the at least one object to be returned across the one or more domains being configured to return a proxy object associated with the at least one object, the proxy object created in a type system associated with the calling system; and

a module configured to enable at least one sub-window proxy object to assert security policies associated with a primary window object associated with the layout engine.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Various embodiments provide an interface between a Web browser'"'"'s layout engine and a scripting engine. The interface enables objects from the layout engine to be recognized by a memory manager in the scripting engine and interact in a streamlined, efficient manner. In accordance with one or more embodiments, the interface allows browser layout engine objects to be created as objects that are native to the scripting engine. Alternately or additionally, in some embodiments, the native objects are further configured to proxy functionality between the layout engine and the scripting engine.

141 Citations

39 Claims

1. One or more computer-readable storage memories comprising computer readable instructions which, when executed, implement:
- a security module configured to enable secure information transfer between a web browser'"'"'s scripting engine and layout engine, the security module comprising;
  
  a module configured to enable restricted access to at least one Application Programming Interface (API) associated with a scripting language of the scripting engine;
  
  a module configured to enable at least one object to be returned cross-domain to a calling system, via the scripting engine and the layout engine, without divulging type system information associated with the at least one object, the module configured to enable the at least one object to be returned across the one or more domains being configured to return a proxy object associated with the at least one object, the proxy object created in a type system associated with the calling system; and
  
  a module configured to enable at least one sub-window proxy object to assert security policies associated with a primary window object associated with the layout engine.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The one or more computer-readable storage memories of claim 1, the security module further comprising:
    - a module configured to enable the scripting engine configurable access to at least one property descriptor.
  - 3. The one or more computer-readable storage memories of claim 1, the security module further comprising:
    - a module configured to enable marking at least one function as safe for access.
  - 4. The one or more computer-readable storage memories of claim 3, wherein access to the at least one function comprises cross-domain access.
  - 5. The one or more computer-readable storage memories of claim 1, the security module further comprising:
    - a module configured to enable bypassing security checks based, at least in part, on a determination of the information transfer occurring in a same domain.
  - 6. The one or more computer-readable storage memories of claim 1, wherein the module configured to enable restricted access to the at least one API is further configured to conditionally restrict access in cross-domain conditions.
  - 7. The one or more computer-readable storage memories of claim 1, wherein the at least one sub-window proxy object is configured to defer security requests to the primary window object.
  - 8. The one or more computer-readable storage memories of claim 1, wherein the scripting engine comprises a JavaScript engine.
  - 9. The one or more computer-readable storage memories of claim 1, the computer readable instructions further configured to implement:
    - a binding module configured to enable unified programming access between the web browser'"'"'s scripting engine and layout engine, the binding module comprising a module configured to enable one or more properties associated with the layout engine to be virtually replaced by the scripting engine.
  - 10. The one or more computer-readable storage memories of claim 9, at least one property of the one or more properties associated with the layout engine comprising a read-only value.
  - 11. The one or more computer-readable storage memories of claim 9, at least one property of the one or more properties associated with the layout engine comprising a method.
  - 12. The one or more computer-readable storage memories of claim 1, the at least one object associated with the proxy object comprising a function.
  - 13. The one or more computer-readable storage memories of claim 1, the type system associated with the calling system being a different type system than a type system of the at least one object'"'"'s origin.

14. A computing device comprising:
- one or more processors;
  
  one or more computer-readable storage memories comprising computer readable instructions which, when executed by the one or more processors, implement;
  
  a security module configured to enable secure information transfer between a web browser'"'"'s scripting engine and layout engine, the security module comprising;
  
  a module configured to enable restricted access to at least one Application Programming Interface (API) associated with a scripting language of the scripting engine;
  
  a module configured to enable at least one object to be returned cross-domain to a calling system, via the scripting engine and the layout engine, without divulging type system information associated with the at least one object, the module configured to enable the at least one object to be returned across the one or more domains being configured to return a proxy object associated with the at least one object, the proxy object created in a type system associated with the calling system; and
  
  a module configured to enable at least one sub-window proxy object to assert security policies associated with a primary window object associated with the layout engine.
- View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26)
- - 15. The computing device of claim 14, the security module further comprising:
    - a module configured to enable the scripting engine configurable access to at least one property descriptor.
  - 16. The computing device of claim 14, the security module further comprising:
    - a module configured to enable marking at least one function as safe for access.
  - 17. The computing device of claim 16, wherein access to the at least one function comprises cross-domain access.
  - 18. The computing device of claim 14, the security module further comprising:
    - a module configured to enable bypassing security checks based, at least in part, on a determination of the information transfer occurring in a same domain.
  - 19. The computing device of claim 14, wherein the module configured to enable restricted access to the at least one API is further configured to conditionally restrict access in cross-domain conditions.
  - 20. The computing device of claim 14, wherein the at least one sub-window proxy object is configured to defer security requests to the primary window object.
  - 21. The computing device of claim 14, wherein the scripting engine comprises a JavaScript engine.
  - 22. The computing device of claim 14, the computer readable instructions further configured to implement:
    - a binding module configured to enable unified programming access between the web browser'"'"'s scripting engine and layout engine, the binding module comprising a module configured to enable one or more properties associated with the layout engine to be virtually replaced by the scripting engine.
  - 23. The computing device of claim 22, at least one property of the one or more properties associated with the layout engine comprising a read-only value.
  - 24. The computing device of claim 22, at least one property of the one or more properties associated with the layout engine comprising a method.
  - 25. The computing device of claim 14, the at least one object associated with the proxy object comprising a function.
  - 26. The computing device of claim 14, the type system associated with the calling system being a different type system than a type system of the at least one object'"'"'s origin.

27. A computer-implemented method comprising:
- enabling, using a computing device, secure information transfer between a web browser'"'"'s scripting engine and layout engine, said enabling comprising;
  
  enabling restricted access to at least one Application Programming Interface (API) associated with a scripting language of the scripting engine;
  
  enabling at least one object to be returned cross-domain to a calling system, via the scripting engine and the layout engine, without divulging type system information associated with the at least one object, said enabling the at least one object to be returned cross-domain enabling return of a proxy object associated with the at least one object, the proxy object created in a type system associated with the calling system; and
  
  enabling at least one sub-window proxy object to assert security policies associated with a primary window object associated with the layout engine.
- View Dependent Claims (28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39)
- - 28. The computer-implemented method of claim 27, further comprising:
    - enabling the scripting engine to access to at least one property descriptor.
  - 29. The computer-implemented method of claim 27, further comprising:
    - enabling marking at least one function as safe for access.
  - 30. The computer-implemented method of claim 29, wherein access to the at least one function comprises cross-domain access.
  - 31. The computer-implemented method of claim 27, further comprising:
    - enabling bypassing security checks based, at least in part, on a determination of the information transfer occurring in a same domain.
  - 32. The computer-implemented method of claim 27, wherein enabling restricted access to the at least one API comprises conditionally restricting access in cross-domain conditions.
  - 33. The computer-implemented method of claim 27, wherein the at least one sub-window proxy object is configured to defer security requests to the primary window object.
  - 34. The computer-implemented method of claim 27, wherein the scripting engine comprises a JavaScript engine.
  - 35. The computer-implemented method of claim 27, further comprising:
    - enabling unified programming access between the web browser'"'"'s scripting engine and layout engine and enabling one or more properties associated with the layout engine to be virtually replaced by the scripting engine.
  - 36. The computer-implemented method of claim 35, at least one property of the one or more properties associated with the layout engine comprising a read-only value.
  - 37. The computer-implemented method of claim 35, at least one property of the one or more properties associated with the layout engine comprising a method.
  - 38. The computer-implemented method of claim 27, the at least one object associated with the proxy object comprising a function.
  - 39. The computer-implemented method of claim 27, the type system associated with the calling system being a different type system than a type system of the at least one object'"'"'s origin.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Leithead, Travis, Rogers, Justin, Pavlicic, Miladin, Man, Curtis Cheng-Cheng, Qu, Yong, Furtwangler, Nathan J. E., Nourai, Reza A., Lucco, Steven
Primary Examiner(s)
Hailu, Teshome

Application Number

US13/149,582
Publication Number

US 20120304303A1
Time in Patent Office

980 Days
Field of Search

726/1
US Class Current

726/1
CPC Class Codes

G06F 40/143   Markup, e.g. Standard Gener...

G06F 8/30   Creation or generation of s...

G06F 9/45508   Runtime interpretation or e...

G06F 9/45512   Command shells

G06F 9/541   via adapters, e.g. between ...

H04L 63/04   for providing a confidentia...

Security model for a layout engine and scripting engine

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

141 Citations

39 Claims

Specification

Use Cases

Quick Links

Others

Security model for a layout engine and scripting engine

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

141 Citations

39 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others