×

Detection of DOM-based cross-site scripting vulnerabilities

  • US 8,683,596 B2
  • Filed: 10/28/2011
  • Issued: 03/25/2014
  • Est. Priority Date: 10/28/2011
  • Status: Active Grant
First Claim
Patent Images

1. A system comprising:

  • a computer-readable memory having computer-readable program code embodied therewith;

    a processor coupled to the computer-readable memory, wherein responsive to executing the computer-readable program code, the processor is configured to perform executable operations comprising;

    communicating at least one client request comprising a payload having a unique identifier to a Web-based application;

    receiving from the Web-based application response HTML and an associated Document Object Model (DOM) object;

    identifying in the received DOM object the unique identifier communicated to the web-based application in the payload; and

    responsive to identifying in the received DOM object the unique identifier communicated to the web-based application in the payload, identifying as un-trusted a section of the received DOM object comprising content corresponding to the payload, which is identified in the received DOM object via the unique identifier.

View all claims
  • 1 Assignment
Timeline View
Assignment View
    ×
    ×