Security model for a layout engine and scripting engine

US 9,582,479 B2
Filed: 11/03/2014
Issued: 02/28/2017
Est. Priority Date: 05/24/2011
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method comprising:

creating at least one layout engine object in a layout engine memory space;

creating at least one scripting language object in a scripting engine memory space;

creating a custom object that is configured to represent relationships between objects in the scripting engine memory space and objects in the layout engine memory space, the custom object comprising a pointer to the at least one scripting language object and a pointer to the at least one scripting language object, and the custom object providing a linkage between the at least one scripting language object, and the at least one layout engine object; and

using at least one security module to provide secure information transfer during access to the at least one layout engine object and the at least one scripting language object, the security module configured to enable controlled access to an Application Programming Interface (API) associated with a scripting language of the scripting engine.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Various embodiments provide an interface between a Web browser'"'"'s layout engine and a scripting engine. The interface enables objects from the layout engine to be recognized by a memory manager in the scripting engine and interact in a streamlined, efficient manner. In accordance with one or more embodiments, the interface allows browser layout engine objects to be created as objects that are native to the scripting engine. Alternately or additionally, in some embodiments, the native objects are further configured to proxy functionality between the layout engine and the scripting engine.

155 Citations

20 Claims

1. A computer-implemented method comprising:
- creating at least one layout engine object in a layout engine memory space;
  
  creating at least one scripting language object in a scripting engine memory space;
  
  creating a custom object that is configured to represent relationships between objects in the scripting engine memory space and objects in the layout engine memory space, the custom object comprising a pointer to the at least one scripting language object and a pointer to the at least one scripting language object, and the custom object providing a linkage between the at least one scripting language object, and the at least one layout engine object; and
  
  using at least one security module to provide secure information transfer during access to the at least one layout engine object and the at least one scripting language object, the security module configured to enable controlled access to an Application Programming Interface (API) associated with a scripting language of the scripting engine.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The computer-implemented method of claim 1, wherein using at least one security module comprises using a security module configured to enable at least one object to be returned, across one or more domains, to a calling system without divulging type system information associated with the at least one object.
  - 3. The computer-implemented method of claim 1, wherein using at least one security module comprises using a security module configured to enable restricted access to the API associated with a scripting language.
  - 4. The computer-implemented method of claim 1, wherein using at least one security module comprises using a security module configured to enable at least one sub-window proxy object to assert security policies associated with a primary window object associated with the at least one layout engine object.
  - 5. The computer-implemented method of claim 1, wherein using at least one security module comprises using a security module configured to enable marking a function as safe for access, independent of cross-domain access to the function.
  - 6. The computer-implemented method of claim 1, wherein using at least one security module comprises using a security module configured to enable bypassing security checks based, at least in part, on a determination of the information transfer occurring in a same domain.
  - 7. The computer-implemented method of claim 1, wherein using at least one security module comprises using a security module configured to enable configurable access to at least one property descriptor.

8. A computer program product comprising one or more computer-readable hardware storage devices comprising computer readable instructions which, when executed, implement:
- a Web browser configured to enable rendering of a Web page, the Web browser being configured to create;
  
  at least one layout engine object in a layout engine memory space;
  
  at least one scripting language object in a scripting engine memory space;
  
  a custom object that is configured to represent relationships between objects in the scripting engine memory space and objects in the layout engine memory space, the custom object comprising a pointer to the at least one scripting language object and a pointer to the at least one scripting language object, and the custom object providing a linkage between the at least one scripting language object and the at least one layout engine object; and
  
  at least one security module configured to enable secure information transfer between the scripting engine memory space and the layout engine memory space.
- View Dependent Claims (9, 10, 11, 12, 13, 14, 15, 16)
- - 9. The computer program product of claim 8, wherein the at least one security module is configured to enable configurable access to at least one property descriptor.
  - 10. The computer program product of claim 9, wherein the at least one security module is further configured to configure the at least one property descriptor as mutable.
  - 11. The computer program product of claim 8, wherein the at least one security module is configured to enable secure cross-domain information transfer.
  - 12. The computer program product of claim 8, the at least one security module further configured to enable secure information transfer based, at least in part, on one or more interface definition language (IDL) files.
  - 13. The computer program product of claim 12, the one or more IDL files configured to include one or more attributes that enable control of security aspects associated with a property and/or an Application Programming Interface (API) associated with the at least one scripting language object.
  - 14. The computer program product of claim 13, the one or more attributes comprising at least one attribute configured to enable marking the property and/or API as being safe to access across multiple domains.
  - 15. The computer program product of claim 12, the one or more attributes comprising at least one attribute configured to enable control of visibility of the property and/or API, at least one attribute configured to control mutability of the property and/or API, and at least one attributed configured to control conditional access to the property and/or API.
  - 16. The computer program product of claim 15, the conditional access based, at least in part, on a domain accessing the property and/or API.

17. A computing device comprising:
- one or more processors; and
  
  one or more computer-readable storage media comprising computer readable instructions which, when executed upon the one or more processors, implement a method comprising;
  
  creating at least one layout engine object in a layout engine memory space;
  
  creating at least one scripting language object in a scripting engine memory space;
  
  creating a custom object that is configured to represent relationships between objects in the scripting engine memory space and objects in the layout engine memory space, the custom object comprising a pointer to the at least one scripting language object and a pointer to the at least one scripting language object, and the custom object providing a linkage between the at least one scripting language object and the at least one layout engine object; and
  
  using at least one security module to provide secure information transfer during access to the at least one layout engine object and the at least one scripting language object, the security module configured to enable controlled access to an Application Programming Interface (API) associated with a scripting language of the scripting engine.
- View Dependent Claims (18, 19, 20)
- - 18. The computing device of claim 17, wherein using at least one security module comprises using a security module configured to enable at least one object to be returned, across one or more domains, to a calling system without divulging type system information associated with the at least one object.
  - 19. The computing device of claim 17, wherein the at least one security module is configured to enable configurable access to at least one property descriptor, wherein the at least one security module is further configured to configure the at least one property descriptor as mutable.
  - 20. The computing device of claim 17, the at least one security module further configured to enable secure information transfer based, at least in part, on one or more interface definition language (IDL) files configured to include one or more attributes that enable control of security aspects associated with a property and/or the API, the one or more attributes comprising at least one attribute configured to enable marking the property and/or the API as being safe to access across multiple domains.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Inventors
Leithead, Travis, Rogers, Justin E., Pavlicic, Miladin, Man, Curtis Cheng-Cheng, Qu, Yong, Furtwangler, Nathan J. E., Nourai, Reza A., Lucco, Steven Edward
Primary Examiner(s)
Hailu, Teshome

Application Number

US14/531,974
Publication Number

US 20150058924A1
Time in Patent Office

848 Days
Field of Search

726/1
US Class Current

1/1
CPC Class Codes

G06F 40/143   Markup, e.g. Standard Gener...

G06F 8/30   Creation or generation of s...

G06F 9/45508   Runtime interpretation or e...

G06F 9/45512   Command shells

G06F 9/541   via adapters, e.g. between ...

H04L 63/04   for providing a confidentia...

Security model for a layout engine and scripting engine

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

155 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Security model for a layout engine and scripting engine

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

155 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links