Marking documents with executable text for processing by computing systems
First Claim
1. A computer-implemented method of maintaining or managing a document obtained by a computing system operable to process and execute executable text in the document, the computer-implemented method comprising:
- marking the document, by a server, of text in the document as untrusted text to indicate that the text is not trusted or is not fully trusted via marked textual portions of the document, wherein a client device receives the marked document to identify the untrusted text in the document solely based on the document;
wherein the marking of the untrusted text by the server comprises;
marking the untrusted text by a hypertext markup language (HTML) extension to permit the client device to determine at least one action for the marked document,wherein the marking of the untrusted text comprises;
providing in the document one or more attributes of the untrusted text, the attributes comprise one or more of a length attribute and an integrity attribute, and the integrity attribute is associated with an integrity value, the integrity value providing an indication of trustworthiness, and the length attribute is indicative of a length of untrusted text marked with a new HTML tag in a web page.
1 Assignment
0 Petitions
Accused Products
Abstract
Techniques for processing documents with executable text are disclosed. The techniques, among other things, can effectively address XSS attacks to Internet users when browsing web sites. Content deemed not to be trusted or fully trusted (“untrusted”) can be marked in a document that can include executable text. Remedial action, including not allowing execution of executable text marked as “untrusted” can be taken. In addition, when the document is processed, content deemed not to be trusted or fully trusted (“untrusted”) can be effectively monitored in order to identify executable text that may have been effectively produced by “untrusted” content and/or somehow may have been affected by “untrusted” content.
16 Citations
18 Claims
-
1. A computer-implemented method of maintaining or managing a document obtained by a computing system operable to process and execute executable text in the document, the computer-implemented method comprising:
-
marking the document, by a server, of text in the document as untrusted text to indicate that the text is not trusted or is not fully trusted via marked textual portions of the document, wherein a client device receives the marked document to identify the untrusted text in the document solely based on the document; wherein the marking of the untrusted text by the server comprises;
marking the untrusted text by a hypertext markup language (HTML) extension to permit the client device to determine at least one action for the marked document,wherein the marking of the untrusted text comprises;
providing in the document one or more attributes of the untrusted text, the attributes comprise one or more of a length attribute and an integrity attribute, and the integrity attribute is associated with an integrity value, the integrity value providing an indication of trustworthiness, and the length attribute is indicative of a length of untrusted text marked with a new HTML tag in a web page. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A communication or computing environment, comprising:
-
a first computing system including both hardware and software that includes a server operable to;
mark text in a document as untrusted text to indicate that the text is not trusted or is not fully trusted and form a marked version of the document, wherein a second computing system that is a client device identifies the text in the marked document as the untrusted text solely based on the marked document;wherein the document is marked by hypertext markup language (HTML) extension to permit the second computing system to determine at least one action for the marked document, wherein marking of the untrusted text includes providing in the marked document one or more attributes of the untrusted text, wherein the attributes comprise one or more of a length attribute and an integrity attribute, and wherein the integrity attribute is associated with an integrity value, the integrity value providing an indication of trustworthiness, and the length attribute is indicative of a length of untrusted text marked with a new HTML tag in a web page. - View Dependent Claims (12, 13, 14)
-
-
15. A computer readable storage device storing at least executable computer code for maintaining or managing a document obtained by a computing system operable to process and execute executable text in the document, wherein the computer readable storage device includes:
-
executable computer code for a server to mark text in the document as untrusted text to indicate that the text is not trusted or is not fully trusted and form a marked version of the document, wherein a second computing system that is a client device identifies the untrusted text in the marked document solely based on the marked document wherein the document is marked by hypertext markup language (HTML) to permit the second computing system to determine at least one action for the marked document, wherein marking of the untrusted text includes providing in the marked document one or more attributes of the untrusted text, and the attributes comprise one or more of a length attribute and an integrity attribute, and wherein the integrity attribute is associated with an integrity value, the integrity value providing an indication of trustworthiness, and the length attribute is indicative of a length of untrusted text marked with a new HTML tag in a web page. - View Dependent Claims (16, 17)
-
-
18. A computing system comprising:
a client device that includes both hardware and software, the client device receives a document that includes text marked as untrusted text which indicates that the text is not trusted or is not fully trusted, identifies the untrusted text in the document solely based on the document, and determines at least one action for the marked document, wherein the marked untrusted text includes one or more attributes of the untrusted text, the attributes comprise one or more of a length attribute and an integrity attribute, and the integrity attribute is associated with an integrity value, the integrity value providing an indication of trustworthiness, and the length attribute is indicative of a length of untrusted text marked with a new hypertext markup language (HTML) tag in a web page.
Specification