Security model for a layout engine and scripting engine

US 8,904,474 B2
Filed: 10/19/2012
Issued: 12/02/2014
Est. Priority Date: 05/24/2011
Status: Active Grant

First Claim

Patent Images

1. A computing device comprising:

one or more processors;

one or more computer-readable hardware storage memories comprising computer readable instructions which, when executed by the one or more processors, implement;

a security module configured to enable secure information transfer between a web content scripting engine and layout engine, the security module comprising;

a module configured to enable restricted access to at least one Application Programming Interface (API) associated with a scripting language of the scripting engine;

a module configured to enable at least one object to be returned cross-domain to a calling system, via the scripting engine and the layout engine, without divulging type system information associated with the at least one object; and

a module configured to enable at least one sub-window proxy object to assert security policies associated with a primary window object associated with the layout engine.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Various embodiments provide an interface between a Web browser'"'"'s layout engine and a scripting engine. The interface enables objects from the layout engine to be recognized by a memory manager in the scripting engine and interact in a streamlined, efficient manner. In accordance with one or more embodiments, the interface allows browser layout engine objects to be created as objects that are native to the scripting engine. Alternately or additionally, in some embodiments, the native objects are further configured to proxy functionality between the layout engine and the scripting engine.

138 Citations

30 Claims

1. A computing device comprising:
- one or more processors;
  
  one or more computer-readable hardware storage memories comprising computer readable instructions which, when executed by the one or more processors, implement;
  
  a security module configured to enable secure information transfer between a web content scripting engine and layout engine, the security module comprising;
  
  a module configured to enable restricted access to at least one Application Programming Interface (API) associated with a scripting language of the scripting engine;
  
  a module configured to enable at least one object to be returned cross-domain to a calling system, via the scripting engine and the layout engine, without divulging type system information associated with the at least one object; and
  
  a module configured to enable at least one sub-window proxy object to assert security policies associated with a primary window object associated with the layout engine.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
- - 2. The system of claim 1, the security module further comprising:
    - a module configured to enable the scripting engine configurable access to at least one property descriptor.
  - 3. The system of claim 1, the security module further comprising:
    - a module configured to enable marking at least one function as safe for access.
  - 4. The system of claim 3, wherein access to the at least one function comprises cross-domain access.
  - 5. The system of claim 1, the security module further comprising:
    - a module configured to enable bypassing security checks based, at least in part, on a determination of the information transfer occurring in a same domain.
  - 6. The system of claim 1, wherein the module configured to enable restricted access to the at least one API is further configured to conditionally restrict access in cross-domain conditions.
  - 7. The system of claim 1, wherein the module configured to enable the at least one object to be returned across the one or more domains is configured to return a proxy object associated with the at least one object, the proxy object created in a type system associated with the calling system.
  - 8. The system of claim 7, the at least one object associated with the proxy object comprising a function.
  - 9. The system of claim 7, the type system associated with the calling system being a different type system than a type system of the at least one object'"'"'s origin.
  - 10. The system of claim 1, wherein the at least one sub-window proxy object is configured to defer security requests to the primary window object.
  - 11. The system of claim 1, wherein the scripting engine comprises a JavaScript engine.
  - 12. The system of claim 1, the computer readable instructions further configured to implement:
    - a binding module configured to enable unified programming access between the web browser'"'"'s scripting engine and layout engine, the binding module comprising a module configured to enable one or more properties associated with the layout engine to be virtually replaced by the scripting engine.
  - 13. The system of claim 12, at least one property of the one or more properties associated with the layout engine comprising a read-only value.
  - 14. The system of claim 12, at least one property of the one or more properties associated with the layout engine comprising a method.
  - 15. The computing device of claim 1, wherein the web content scripting engine comprises a web browser scripting engine.

16. A computer implemented method comprising:
- enabling, via a security module, secure information transfer between a web content scripting engine and layout engine, said enabling comprising;
  
  enabling restricted access to at least one Application Programming Interface (API) associated with a scripting language of the scripting engine;
  
  enabling at least one object to be returned cross-domain to a calling system, via the scripting engine and the layout engine, without divulging type system information associated with the at least one object; and
  
  enabling at least one sub-window proxy object to assert security policies associated with a primary window object associated with the layout engine.
- View Dependent Claims (17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30)
- - 17. The method of claim 16, further comprising enabling, via the security module, the scripting engine to have configurable access to at least one property descriptor.
  - 18. The method of claim 16, further comprising enabling marking at least one function as safe for access.
  - 19. The method of claim 18, wherein access to the at least one function comprises cross-domain access.
  - 20. The method of claim 16, further comprising enabling bypassing security checks based, at least in part, on a determination of the information transfer occurring in a same domain.
  - 21. The method of claim 16, wherein enabling restricted access to the at least one API is performed by conditionally restricting access in cross-domain conditions.
  - 22. The method of claim 16, wherein enabling the at least one object to be returned across the one or more domains is performed by returning a proxy object associated with the at least one object, the proxy object created in a type system associated with the calling system.
  - 23. The method of claim 22, the at least one object associated with the proxy object comprising a function.
  - 24. The method of claim 22, the type system associated with the calling system being a different type system than a type system of the at least one object'"'"'s origin.
  - 25. The method of claim 16, wherein the at least one sub-window proxy object is configured to defer security requests to the primary window object.
  - 26. The method of claim 16, wherein the scripting engine comprises a JavaScript engine.
  - 27. The method of claim 16, further comprising:
    - enabling unified programming access between the web content scripting engine and layout engine and enabling one or more properties associated with the layout engine to be virtually replaced by the scripting engine.
  - 28. The method of claim 27, at least one property of the one or more properties associated with the layout engine comprising a read-only value.
  - 29. The method of claim 27, at least one property of the one or more properties associated with the layout engine comprising a method.
  - 30. The method of claim 16, wherein the web content scripting engine comprises a web browser scripting engine.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Leithead, Travis, Rogers, Justin E., Pavlicic, Miladin, Man, Curtis Cheng-Cheng, Qu, Yong, Furtwangler, Nathan J. E., Nourai, Reza A., Lucco, Steven Edward
Primary Examiner(s)
Hailu, Teshome

Application Number

US13/656,156
Publication Number

US 20130047258A1
Time in Patent Office

774 Days
Field of Search

726/1
US Class Current

726/1
CPC Class Codes

G06F 40/143   Markup, e.g. Standard Gener...

G06F 8/30   Creation or generation of s...

G06F 9/45508   Runtime interpretation or e...

G06F 9/45512   Command shells

G06F 9/541   via adapters, e.g. between ...

H04L 63/04   for providing a confidentia...

Security model for a layout engine and scripting engine

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

138 Citations

30 Claims

Specification

Solutions

Use Cases

Quick Links

Security model for a layout engine and scripting engine

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

138 Citations

30 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links