Method, system, and computer program product for avoiding cross-site scripting attacks

US 8,112,799 B1
Filed: 08/22/2006
Issued: 02/07/2012
Est. Priority Date: 08/24/2005
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method for avoiding a network attack, the method comprising:

executing a client program in a client computer system, wherein the client program executes to;

receive a uniform resource locator (URL) in a request to access the URL, wherein the URL references a server computer system;

in response to receiving the URL, automatically analyze the URL to determine whether the URL includes scripting code, wherein said analyzing comprises analyzing the URL to detect whether the URL includes one or more of;

scripting code elements defined by a first scripting language;

keywords identifying scripting code; and

tags identifying scripting code;

inhibit access to the URL in response to determining that the URL includes scripting code.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method for protecting a user against a cross-site scripting attack or other network attack that relies on scripting code embedded within a uniform resource locator (URL) are described. Validation software executing on a client computer system may intercept a URL in response to a user providing the URL to a web browser or other client application. The validation software may analyze the URL to determine whether the URL includes scripting code. If the URL includes scripting code then the validation software may block the client application from accessing the URL or may otherwise inhibit access to the URL.

48 Citations

View as Search Results

19 Claims

1. A computer-implemented method for avoiding a network attack, the method comprising:
- executing a client program in a client computer system, wherein the client program executes to;
  
  receive a uniform resource locator (URL) in a request to access the URL, wherein the URL references a server computer system;
  
  in response to receiving the URL, automatically analyze the URL to determine whether the URL includes scripting code, wherein said analyzing comprises analyzing the URL to detect whether the URL includes one or more of;
  
  scripting code elements defined by a first scripting language;
  
  keywords identifying scripting code; and
  
  tags identifying scripting code;
  
  inhibit access to the URL in response to determining that the URL includes scripting code.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1,wherein said inhibiting access to the URL comprises automatically blocking access to the URL.
  - 3. The method of claim 1,wherein the keywords comprise keywords defined by a first markup language for identifying scripting code;
    - wherein the tags comprise tags defined by a first markup language for identifying scripting code.
  - 4. The method of claim 1,wherein said analyzing the URL to determine whether the URL includes scripting code comprises analyzing the URL to detect whether the URL includes one or more of:
    - hypertext markup language (HTML) keywords identifying scripting code; and
      
      /orhypertext markup language (HTML) tags identifying scripting code.
  - 5. The method of claim 1,wherein said receiving the URL comprises receiving the URL in response to user input specifying the URL.
  - 6. The method of claim 1,wherein said receiving the URL comprises intercepting the URL in response to user input providing the URL to a client application;
    - wherein said inhibiting access to the URL comprises inhibiting the client application from accessing the URL.

7. A computer-implemented method for avoiding a network attack, the method comprising:
- executing a client program in a client computer system, wherein the client program executes to;
  
  receive a uniform resource locator (URL) in a request to access the URL, wherein the URL references a server computer system;
  
  in response to receiving the URL, automatically analyze the URL to determine whether the URL includes scripting code, wherein said analyzing comprises analyzing the URL to detect whether the URL includes scripting code elements defined by a first scripting language; and
  
  inhibit access to the URL in response to determining that the URL includes scripting code;
  
  wherein said inhibiting access to the URL comprises;
  
  displaying information indicating that the URL includes scripting code;
  
  receiving user input indicating whether to block or allow access to the URL;
  
  and one of;
  
  blocking access to the URL if the user input indicates to block access to the URL;
  
  orallowing access to the URL if the user input indicates to allow access to the URL.

8. A tangible, non-transitory computer-readable storage medium storing program instructions executable by a client computer system to:
- receive a uniform resource locator (URL) in a request to access the URL, wherein the URL references a server computer system;
  
  in response to receiving the URL, automatically analyze the URL to determine whether the URL includes scripting code, wherein said analyzing comprises analyzing the URL to detect whether the URL includes one or more of;
  
  escape sequences for characters that do not need to be escaped;
  
  keywords identifying scripting code; and
  
  tags identifying scripting code;
  
  inhibit access to the URL in response to determining that the URL includes scripting code.
- View Dependent Claims (9, 10, 11)
- - 9. The computer-readable storage medium of claim 8, wherein said inhibiting access to the URL comprises automatically blocking access to the URL.
  - 10. The computer-readable storage medium of claim 8, wherein said inhibiting access to the URL comprises:
    - displaying information indicating that the URL includes scripting code;
      
      receiving user input indicating whether to block or allow access to the URL;
      
      and one of;
      
      blocking access to the URL if the user input indicates to block access to the URL;
      
      orallowing access to the URL if the user input indicates to allow access to the URL.
  - 11. The computer-readable storage medium of claim 8, wherein said receiving the URL comprises intercepting the URL in response to user input providing the URL to a client application;
    - wherein said inhibiting access to the URL comprises inhibiting the client application from accessing the URL.

12. A client computer system comprising:
- one or more processors; and
  
  memory storing program instructions;
  
  wherein the program instructions are executable by the one or more processors to;
  
  receive a uniform resource locator (URL) in a request to access the URL, wherein the URL references a server computer system;
  
  in response to receiving the URL, automatically analyze the URL to determine whether the URL includes scripting code, wherein said analyzing comprises analyzing the URL to detect whether the URL includes one or more of;
  
  scripting code elements defined by a first scripting language; and
  
  keywords identifying scripting code; and
  
  tags identifying scripting code;
  
  inhibit access to the URL in response to determining that the URL includes scripting code.
- View Dependent Claims (13)
- - 13. The system of claim 12,wherein said receiving the URL comprises intercepting the URL in response to user input providing the URL to a client application;
    - wherein said inhibiting access to the URL comprises inhibiting the client application from accessing the URL.

14. A computer-implemented method for avoiding a network attack, the method comprising:
- executing a client program in a client computer system, wherein the client program executes to;
  
  receive a uniform resource locator (URL) in a request to access the URL, wherein the URL references a server computer system;
  
  in response to receiving the URL, automatically analyze the URL to determine whether the URL includes scripting code, wherein said analyzing comprises analyzing the URL to determine whether the URL includes one or more of;
  
  HTML-reserved syntax that is used for introducing a script on a web page; and
  
  keywords identifying scripting code; and
  
  tags identifying scripting code;
  
  inhibit access to the URL in response to determining that the URL includes scripting code.

15. A computer-implemented method for avoiding a network attack, the method comprising:
- executing a client program in a client computer system, wherein the client program executes to;
  
  receive a uniform resource locator (URL) in a request to access the URL, wherein the URL references a server computer system;
  
  in response to receiving the URL, automatically analyze the URL to determine whether the URL includes scripting code, wherein said analyzing comprises analyzing the URL to detect whether the URL includes one or more of;
  
  escape sequences for characters that do not need to be escaped; and
  
  keywords identifying scripting code; and
  
  tags identifying scripting code;
  
  inhibit access to the URL in response to determining that the URL includes scripting code.

16. A tangible, non-transitory computer-readable storage medium storing program instructions executable by a client computer system to:
- receive a uniform resource locator (URL) in a request to access the URL, wherein the URL references a server computer system;
  
  in response to receiving the URL, automatically analyze the URL to determine whether the URL includes scripting code, wherein said analyzing comprises analyzing the URL to detect whether the URL includes one or more of;
  
  scripting code elements defined by a first scripting language;
  
  keywords identifying scripting code; and
  
  tags identifying scripting codeinhibit access to the URL in response to determining that the URL includes scripting code.

17. A tangible, non-transitory computer-readable storage medium storing program instructions executable by a client computer system to:
- receive a uniform resource locator (URL) in a request to access the URL, wherein the URL references a server computer system;
  
  in response to receiving the URL, automatically analyze the URL to determine whether the URL includes scripting code, wherein said analyzing comprises analyzing the URL to determine whether the URL includesone or more of;
  
  HTML-reserved syntax that is used for introducing a script on a web page;
  
  keywords identifying scripting code; and
  
  tags identifying scripting code;
  
  inhibit access to the URL in response to determining that the URL includes scripting code.

18. A client computer system comprising:
- one or more processors; and
  
  memory storing program instructions;
  
  wherein the program instructions are executable by the one or more processors to;
  
  receive a uniform resource locator (URL) in a request to access the URL, wherein the URL references a server computer system;
  
  in response to receiving the URL, automatically analyze the URL to determine whether the URL includes scripting code, wherein said analyzing comprises analyzing the URL to determine whether the URL includes one or more of;
  
  HTML-reserved syntax that is used for introducing a script on a web page; and
  
  keywords identifying scripting code; and
  
  tags identifying scripting code;
  
  inhibit access to the URL in response to determining that the URL includes scripting code.

19. A client computer system comprising:
- one or more processors; and
  
  memory storing program instructions;
  
  wherein the program instructions are executable by the one or more processors to;
  
  receive a uniform resource locator (URL) in a request to access the URL, wherein the URL references a server computer system;
  
  in response to receiving the URL, automatically analyze the URL to determine whether the URL includes scripting code, wherein said analyzing comprises analyzing the URL to detect whether the URL includes one or more of;
  
  escape sequences for characters that do not need to be escaped;
  
  keywords identifying scripting code; and
  
  tags identifying scripting code;
  
  inhibit access to the URL in response to determining that the URL includes scripting code.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Symantec Corporation (NortonLifeLock Inc.)
Original Assignee
Symantec Corporation (NortonLifeLock Inc.)
Inventors
Loiodice, Luca, Patterson, Justin William
Primary Examiner(s)
Truong, Thanhnga

Application Number

US11/508,076
Time in Patent Office

1,995 Days
Field of Search

726 22- 26, 726 2- 3, 709/203, 709/227, 709/228, 709/219, 709223-226, 707/10, 715/700, 725/52, 370/464, 713/194
US Class Current

726/22
CPC Class Codes

G06F 21/51   at application loading time...

G06F 2221/2119   Authenticating web pages, e...

H04L 63/1466   Active attacks involving in...

H04L 63/168   above the transport layer

Method, system, and computer program product for avoiding cross-site scripting attacks

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

48 Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

Method, system, and computer program product for avoiding cross-site scripting attacks

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

48 Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links