Enabling pseudo-class styles without revealing personal information

US 9,092,536 B2
Filed: 04/04/2011
Issued: 07/28/2015
Est. Priority Date: 10/24/2007
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method comprising:

receiving, at a computing device, a web document having at least one element that when formatted according to styles associated with the web document is capable of impacting personally-identifiable information of a user of the computing device;

producing, from the web document, a calculated format that describes element formats;

ascertaining, from the calculated format that was produced by the producing, that the personally-identifiable information of the user of the computing device might be impacted by formatting the at least one element; and

producing, from the calculated format, a sanitized calculated format that sanitizes the at least one element to prevent the personally-identifiable information of the user of the computing device from being impacted.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Various embodiments enable particular CSS pseudo-classes to be employed, but limit particular functionality aspects of those pseudo-classes that can lead to divulging personally identifiable information. Thus, various embodiments can change how a CSS pseudo-class is allowed to function. For example, in at least some embodiments, CSS pseudo-classes are permitted to be used to make the visual formatting changes to a web page, but not structural formatting changes. That is, changes that do not affect the structure of content within a web document are allowed, while changes that affect the structure of the content are not allowed.

18 Citations

19 Claims

1. A computer-implemented method comprising:
- receiving, at a computing device, a web document having at least one element that when formatted according to styles associated with the web document is capable of impacting personally-identifiable information of a user of the computing device;
  
  producing, from the web document, a calculated format that describes element formats;
  
  ascertaining, from the calculated format that was produced by the producing, that the personally-identifiable information of the user of the computing device might be impacted by formatting the at least one element; and
  
  producing, from the calculated format, a sanitized calculated format that sanitizes the at least one element to prevent the personally-identifiable information of the user of the computing device from being impacted.
- View Dependent Claims (2)
- - 2. The method of claim 1, wherein said producing the calculated format comprises severing connections between script access to the calculated format and connections between the calculated format and an image fetcher component.

3. One or more hardware computer-readable memories storing computer-readable instructions that are executable by a computing device to perform operations comprising:
- receiving, at the computing device, a web document having at least one element that when formatted according to styles associated with the web document is capable of impacting personally-identifiable information of a user of the computing device;
  
  producing, from the web document, a calculated format that describes element formats;
  
  ascertaining, from the calculated format that was produced by the producing, that the personally-identifiable information of the user of the computing device might be impacted by formatting the at least one element; and
  
  producing, from the calculated format, a sanitized calculated format that sanitizes the at least one element to prevent the personally-identifiable information of the user of the computing device from being impacted.
- View Dependent Claims (4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 4. The one or more hardware computer readable memories of claim 3, wherein said ascertaining comprises identifying whether particular pseudo-classes are used in a style sheet associated with the web document.
  - 5. The one or more hardware computer readable memories of claim 3, wherein said ascertaining comprises identifying whether particular pseudo-classes are used in a style sheet associated with the web document, wherein one pseudo-class comprises a “
    - ;
      
      link”
      
      pseudo-class.
  - 6. The one or more hardware computer readable memories of claim 3, wherein said ascertaining comprises identifying whether particular pseudo-classes are used in a style sheet associated with the web document, wherein one pseudo-class comprises a “
    - ;
      
      visited”
      
      pseudo-class.
  - 7. The one or more hardware computer readable memories of claim 3, wherein personally-identifiable information can be impacted by an image fetch operation to a remote source.
  - 8. The one or more hardware computer readable memories of claim 3, wherein said ascertaining comprises ascertaining whether the calculated format includes structural formatting information.
  - 9. The one or more hardware computer readable memories of claim 3, wherein said ascertaining comprises ascertaining whether the calculated format includes structural formatting information, wherein said producing produces a sanitized calculated format in which one or more structural changes described in the calculated format are not allowed.
  - 10. The one or more hardware computer readable memories of claim 3, wherein personally-identifiable information can be impacted if the calculated format contains information that describes links visited by the user.
  - 11. The one or more hardware computer readable memories of claim 3, wherein said ascertaining comprises ascertaining whether the calculated information contains one or more pseudo-class properties other than acceptable properties.
  - 12. The one or more hardware computer readable memories of claim 3, wherein said ascertaining comprises ascertaining whether the calculated format contains one or more pseudo-class properties other than acceptable properties, wherein acceptable properties can include properties associated with color, background color and text decoration.

13. A computing device comprising:
- one or more hardware computer-readable memories;
  
  computer-readable instructions stored on the one or more hardware computer readable memories which, when executed, provide;
  
  a web browser of the computing device; and
  
  a mitigation component utilized by the web browser to perform operations at the computing device comprising;
  
  receiving a web document having a style sheet that is associated with the web document, wherein the web document includes at least one element that when formatted according to pseudo-classes used by the style sheet is capable of impacting personally-identifiable information of a user of the computing device;
  
  producing, from the web document and the style sheet, a calculated format that describes element formats;
  
  ascertaining from the calculated format that the personally-identifiable information of the user of the computing device might be impacted by formatting the at least one element according to the pseudo-classes used by the style sheet that affect the web document'"'"'s structural format; and
  
  producing, from the calculated format, a sanitized calculated format to protect the personally-identifiable information of the user in which the at least one element is not allowed to be formatted according to the pseudo-classes that affect the web document'"'"'s structural format.
- View Dependent Claims (14, 15, 16, 17, 18, 19)
- - 14. The computing device of claim 13, wherein the operations further comprise identifying whether the pseudo-classes used by the style sheet include a “
    - ;
      
      link”
      
      pseudo-class.
  - 15. The computing device of claim 13, wherein the operations further comprise identifying whether the pseudo-classes used by the style sheet include a “
    - ;
      
      visited”
      
      pseudo-class.
  - 16. The computing device of claim 13, wherein the operations further comprise producing the sanitized calculated format without using image fetch operations to a remote source that impact personally-identifiable information.
  - 17. The computing device of claim 13, wherein the operations further comprise severing connections between script access to the calculated format and connections between the calculated format and an image fetcher component.
  - 18. The computing device of claim 13, wherein the pseudo-classes used by the style sheet comprise a pseudo-class that applies to links that have not been visited by a user and a pseudo-class that applies to links that have been visited by a user, and wherein the operations further comprise producing the sanitized calculated format without using properties of the pseudo-class that applies to links that have been visited that impact personally identifiable information.
  - 19. The computing device of claim 13, wherein the operations further comprise producing the sanitized calculated format using pseudo-class properties that are associated with color, background color and text decoration.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Zhigu Holdings Limited
Original Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Inventors
Rogers, Justin, Mielke, Markus
Primary Examiner(s)
Baderman, Scott
Assistant Examiner(s)
AMIN, MUSTAFA A

Application Number

US13/079,308
Publication Number

US 20110179349A1
Time in Patent Office

1,576 Days
Field of Search

715/204
US Class Current

1/1
CPC Class Codes

G06F 16/958 Organisation or management ...

Enabling pseudo-class styles without revealing personal information

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

18 Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

Enabling pseudo-class styles without revealing personal information

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

18 Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links