Marking documents with executable text for processing by computing systems

US 9,058,489 B2
Filed: 01/25/2010
Issued: 06/16/2015
Est. Priority Date: 01/25/2010
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method of maintaining or managing a document obtained by a computing system operable to process and execute executable text in the document, the computer-implemented method comprising:

marking the document, by a server, of text in the document as untrusted text to indicate that the text is not trusted or is not fully trusted via marked textual portions of the document, wherein a client device receives the marked document to identify the untrusted text in the document solely based on the document;

wherein the marking of the untrusted text by the server comprises;

marking the untrusted text by a hypertext markup language (HTML) extension to permit the client device to determine at least one action for the marked document,wherein the marking of the untrusted text comprises;

providing in the document one or more attributes of the untrusted text, the attributes comprise one or more of a length attribute and an integrity attribute, and the integrity attribute is associated with an integrity value, the integrity value providing an indication of trustworthiness, and the length attribute is indicative of a length of untrusted text marked with a new HTML tag in a web page.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Techniques for processing documents with executable text are disclosed. The techniques, among other things, can effectively address XSS attacks to Internet users when browsing web sites. Content deemed not to be trusted or fully trusted (“untrusted”) can be marked in a document that can include executable text. Remedial action, including not allowing execution of executable text marked as “untrusted” can be taken. In addition, when the document is processed, content deemed not to be trusted or fully trusted (“untrusted”) can be effectively monitored in order to identify executable text that may have been effectively produced by “untrusted” content and/or somehow may have been affected by “untrusted” content.

16 Citations

18 Claims

1. A computer-implemented method of maintaining or managing a document obtained by a computing system operable to process and execute executable text in the document, the computer-implemented method comprising:
- marking the document, by a server, of text in the document as untrusted text to indicate that the text is not trusted or is not fully trusted via marked textual portions of the document, wherein a client device receives the marked document to identify the untrusted text in the document solely based on the document;
  
  wherein the marking of the untrusted text by the server comprises;
  
  marking the untrusted text by a hypertext markup language (HTML) extension to permit the client device to determine at least one action for the marked document,wherein the marking of the untrusted text comprises;
  
  providing in the document one or more attributes of the untrusted text, the attributes comprise one or more of a length attribute and an integrity attribute, and the integrity attribute is associated with an integrity value, the integrity value providing an indication of trustworthiness, and the length attribute is indicative of a length of untrusted text marked with a new HTML tag in a web page.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The computer-implemented method of claim 1, wherein the computer-implemented method further comprises:
    - identifying in the document the text not trusted or not fully trusted as the untrusted text;
      
      the client device using the marking to;
      
      determine remedial actions to safely execute a subset of the marked text.
  - 3. The computer-implemented method of claim 2, wherein the untrusted text includes an executable text portion, a non-executable text portion, or an executable test portion and a non-executable text portion that is replaceable by a second executable text portion executable by the client device when the document is processed or is being processed by the client device.
  - 4. The computer-implemented method of claim 2, wherein the computer-implemented method further comprises:
    - obtaining the document by the client device; and
      
      the client device implements the steps of;
      
      not executing executable text marked in the document as the untrusted text;
      
      processing the executable text as non-executable text;
      
      not allowing rich formatting of the executable text; and
      
      not processing tags of the executable text.
  - 5. The computer-implemented method of claim 1, wherein the identifying of the text in the document comprises one or more of the following:
    - determining the text not to be trusted or not to be fully trusted as the untrusted text; and
      
      determining at least partly based on input data the untrusted text, wherein the input data includes at least one of;
      
      configuration data, user input, and one or more user preferences.
  - 6. The computer-implemented method of claim 1, wherein the marking marks the untrusted text before allowing the document to be obtained by the client device.
  - 7. The computer-implemented method of claim 1, wherein the untrusted text includes one or more of the following:
    - text provided by or received from another computing system, text associated with input, and text associated with user input.
  - 8. The computer-implemented method of claim 1, wherein the document includes a web page, and wherein the language extension is an HTML extension provided with the length attribute indicative of length of the untrusted text such that the server marks the document via the HTML extension to indicate portions of the text based on the length of the portions that are untrusted.
  - 9. The computer-implemented method of claim 1, wherein the computer-implemented method further comprises performing by the client device the following steps to address propagation of tainted text:
    - determining whether executable text in the document has been derived from, affected by, or derived from and affected by the untrusted text marked in the document; and
      
      identifying the executable text as untrusted text not to be trusted or not fully trusted when the determining determines that the executable text has been derived from, affected by, or derived from and affected by untrusted text in the document.
  - 10. The computer-implemented method of claim 1, wherein the computer-implemented method further comprises performing by the client device the following steps to address propagation of tainted text:
    - effectively tracking the untrusted text marked in the document during the processing of the document; and
      
      marking, based on the tracking of the untrusted text, other content in the document determined to be derived from, affected by, or derived from and affected by the untrusted text as untrusted content.

11. A communication or computing environment, comprising:
- a first computing system including both hardware and software that includes a server operable to;
  
  mark text in a document as untrusted text to indicate that the text is not trusted or is not fully trusted and form a marked version of the document, wherein a second computing system that is a client device identifies the text in the marked document as the untrusted text solely based on the marked document;
  
  wherein the document is marked by hypertext markup language (HTML) extension to permit the second computing system to determine at least one action for the marked document,wherein marking of the untrusted text includes providing in the marked document one or more attributes of the untrusted text,wherein the attributes comprise one or more of a length attribute and an integrity attribute, andwherein the integrity attribute is associated with an integrity value, the integrity value providing an indication of trustworthiness, and the length attribute is indicative of a length of untrusted text marked with a new HTML tag in a web page.
- View Dependent Claims (12, 13, 14)
- - 12. The communication or computing environment of claim 11, further comprising:
    - the second computing system, wherein the second computing system is operable to;
      
      obtain the document; and
      
      not execute executable text in document marked as the untrusted text.
  - 13. The communication or computing environment of claim 11, wherein the document includes a web page, the first computing system is or includes a server, and the second computing system is or includes a client.
  - 14. The communication or computing environment of claim 11, wherein the second computing system is further operable to:
    - determine whether executable text in the document has been derived from, affected by, or derived from and affected by the untrusted text marked in the document; and
      
      identify the executable text as untrusted text not trusted or not fully trusted when the determining determines that the executable text has been derived from, affected by, or derived from and affected by untrusted content in the document.

15. A computer readable storage device storing at least executable computer code for maintaining or managing a document obtained by a computing system operable to process and execute executable text in the document, wherein the computer readable storage device includes:
- executable computer code for a server to mark text in the document as untrusted text to indicate that the text is not trusted or is not fully trusted and form a marked version of the document, wherein a second computing system that is a client device identifies the untrusted text in the marked document solely based on the marked document wherein the document is marked by hypertext markup language (HTML) to permit the second computing system to determine at least one action for the marked document,wherein marking of the untrusted text includes providing in the marked document one or more attributes of the untrusted text, and the attributes comprise one or more of a length attribute and an integrity attribute, andwherein the integrity attribute is associated with an integrity value, the integrity value providing an indication of trustworthiness, and the length attribute is indicative of a length of untrusted text marked with a new HTML tag in a web page.
- View Dependent Claims (16, 17)
- - 16. The computer readable storage medium of claim 15, wherein the computer readable storage medium further includes:
    - executable computer code to determine whether executable text in the document has been derived from, affected by, or derived from and affected by the untrusted text marked in the document; and
      
      executable computer code to identify the executable text as untrusted text not trusted or not fully trusted when the determining determines that the executable text has been derived from, affected by, or derived from and affected by untrusted text in the document.
  - 17. The computer readable storage medium of claim 16, wherein the executable computer code to mark the text is provided as a executable computer code for a first application or process, the executable computer code for the determining and identifying is provided as a executable computer code for a first application or process, and the first and second applications or processes are operable on the same computing system, computing device, or computing system and computing device.

18. A computing system comprising:
- a client device that includes both hardware and software, the client device receives a document that includes text marked as untrusted text which indicates that the text is not trusted or is not fully trusted, identifies the untrusted text in the document solely based on the document, and determines at least one action for the marked document, wherein the marked untrusted text includes one or more attributes of the untrusted text, the attributes comprise one or more of a length attribute and an integrity attribute, and the integrity attribute is associated with an integrity value, the integrity value providing an indication of trustworthiness, and the length attribute is indicative of a length of untrusted text marked with a new hypertext markup language (HTML) tag in a web page.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Samsung Electronics Co. Ltd.
Original Assignee
Samsung Electronics Co. Ltd.
Inventors
Aciicmez, Onur, Tang, Shuo
Primary Examiner(s)
Patel, Manglesh M

Application Number

US12/693,168
Publication Number

US 20110185271A1
Time in Patent Office

1,968 Days
Field of Search

715/200, 715/237, 715/760, 715/234
US Class Current

1/1
CPC Class Codes

G06F 21/563 by source code analysis

G06F 2221/2119 Authenticating web pages, e...

Marking documents with executable text for processing by computing systems

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

16 Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Marking documents with executable text for processing by computing systems

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

16 Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links