Cross-site scripting prevention in dynamic content
First Claim
1. A method in a computing environment utilizing a processor and memory for suppressing cross-site scripting in a content delivery system, the method comprising:
- identifying, at a server, a scripted item within content requested by a user, at a user computing device;
determining, at the server, the scripted item includes an identifier, wherein the identifier is able to be used to identify authorized scripting elements within the content;
determining, at the server, the identifier is not an appropriate identifier; and
in response to determining that the identifier is not an appropriate identifier, preventing communication of the scripted item to the user, wherein preventing communication of the scripted item to the user comprises at least one of;
(1) altering the scripted item to prevent execution of the scripted item by a computing device associated with the user, or(2) removing the scripted item from the content.
3 Assignments
0 Petitions
Accused Products
Abstract
Embodiment relate to systems, methods, and computer storage media for suppressing cross-site scripting in a content delivery system. A request is received for content that includes a scripted item or scripted items. The scripted item is identified within the content. An identifier is associated with the scripted element when the scripted element is an intended scripted element to be associated with the content. The identifier may be a hash value based from a hash function and the scripted item. Prior to communicating the content to a user, the scripted item is identified again to determine if an identifier is associated with the scripted item. If an identifier is associated with the scripted item, the identifier is evaluated to determine if the identifier is appropriate. When the identifier is determined to not be appropriate, the scripted item is prevented from being communicated to a user.
-
Citations
18 Claims
-
1. A method in a computing environment utilizing a processor and memory for suppressing cross-site scripting in a content delivery system, the method comprising:
-
identifying, at a server, a scripted item within content requested by a user, at a user computing device; determining, at the server, the scripted item includes an identifier, wherein the identifier is able to be used to identify authorized scripting elements within the content; determining, at the server, the identifier is not an appropriate identifier; and in response to determining that the identifier is not an appropriate identifier, preventing communication of the scripted item to the user, wherein preventing communication of the scripted item to the user comprises at least one of; (1) altering the scripted item to prevent execution of the scripted item by a computing device associated with the user, or (2) removing the scripted item from the content. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. One or more computer-readable media devices having computer-executable instructions embodied thereon, that when executed by a computing system having a processor and memory, cause the computing system to perform a method for identifying a scripted item within content requested by a user, the method comprising:
-
receiving, at a server, a request for content from a user, at a user computing device; determining, at the server, a first hash value for a scripted item of the content, wherein the first hash value is based on a hash function and the scripted item; applying, at the server, the first hash value to the scripted item; determining, at the server, a second hash value for the scripted item, wherein the second hash value is based on the hash function and the scripted item; determining, at the server, the scripted item is not proper based on the first hash value and the second hash value; and in response to determining that the scripted item is not proper, preventing communication of the scripted item to the user, wherein preventing communication of the scripted item to the user comprises at least one of; (1) altering the scripted item to prevent execution of the scripted item by a computing device associated with the user, or (2) removing the scripted item from the content. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16, 17)
-
-
18. One or more computer-readable media devices having computer-executable instructions embodied thereon, that when executed by a computing system having a processor and memory, cause the computing system to perform a method for identifying a scripted item within content requested by a user, the method comprising:
-
receiving, at a server, a request for markup language content from a user, at a user computing device, wherein the markup language content is provided by the server associated with the computing system; in response to receiving the markup language content request at the server, generating a unique identifier; identifying, at the server, within the markup language content, a first scripted item; associating, at the server, the unique identifier to the first scripted item; prior to communicating the markup language content to the user, identifying at the server, one or more scripted items to be communicated to the user, wherein the one or more scripted items includes the first scripted item; determining, at the server, a second scripted item of the one or more scripted items is not associated with the unique identifier; preventing, at the server, communication of the second scripted item to the user, wherein preventing communication of the second scripted item to the user comprises at least one of; (1) altering the second scripted item to prevent execution of the second scripted item by the user computing device, or (2) removing the second scripted item from the markup language content; removing, at the server, the association between the first scripted item and the unique identifier prior to communicating the first identifier to the user; and communicating the first scripted item to the user.
-
Specification