Information Security/Privacy via a Decoupled Security Accessory to an Always Listening Device
US-2024048970-A1 · Feb 8, 2024 · US
Method and apparatus for context-aware output escaping using dynamic content marking
US10372899B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-10372899-B2 |
| Application number | US-84174710-A |
| Country | US |
| Kind code | B2 |
| Filing date | Jul 22, 2010 |
| Priority date | Jul 22, 2010 |
| Publication date | Aug 6, 2019 |
| Grant date | Aug 6, 2019 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
A technique to provide runtime output sanitization filtering of web application content that contains multiple contexts in which dynamic output is included. To facilitate this operation, dynamically-generated content is prepared for sanitization in advance, preferably by being “marked” by the web application itself (or by middleware). Preferably, given dynamically-generated content is marked by enclosing it between dynamic content indicators. After the document generation is completed but before it is output, the application-generated content is processed by a content sanitization filter. The filter uses the dynamic content identifiers to identify and locate the content that needs output escaping. The filter detects the appropriate context within which the dynamically-generated content has been placed and applies escaping. The output content is prepared for escaping in advance even if assembled from multiple sources that do not operate in the same runtime environment.
First claim
Opening claim text (preview).
The invention claimed is: 1. A method, comprising: deploying a run-time sanitization filter separately from a web application, the run-time sanitization filter being deployed to provide a sanitization function as a hosted service; receiving, by the run-time sanitization filter, a document that has been previously generated by the web application and determined to include a full set of marked content, the full set of marked content comprising at least a first portion of dynamic output that was generated by the web application in a first context, and a second portion of dynamic output that was generated by the web application in a second context, with the second context being different than the first context; configuring the run-time sanitization filter to identify the full set of marked content, the configuring using one or more string values included in the document; applying the run-time sanitization filter to the first portion of dynamic output that was generated in the first context; and applying the run-time sanitization filter to the second portion of dynamic output that was generated in the second context; wherein deploying the run-time sanitization filter separately from the web application and receiving the document that has been previously generated by the web application and determined to include the full set of marked content decouples (i) a determination about a need to sanitize the dynamic outputs generated by the web application, and (ii) sanitization performed as the hosted service by the run-time sanitization filter, the run-time sanitization filter thereby only sanitizing the document after the full set of marked content is ready to be examined. 2. The method as described in claim 1 wherein the first context is HTML and the second context is JavaScript. 3. The method as described in claim 1 further comprising: performing dynamic content marking by modifying application code to mark the first portion of dynamic output as being generated in the first context; and performing dynamic content marking by modifying application code to mark the second portion of dynamic output as being generated in the second context. 4. An apparatus, comprising: a processor; computer memory holding computer program instructions that when executed by the processor perform operations, comprising: deploying a run-time sanitization filter separately from a web application, the run-time sanitization filter being deployed to provide a sanitization function as a hosted service; receiving, by the run-time sanitization filter, a document that has been previously generated by the web application and determined to include a full set of marked content, the full set of marked content comprising at least a first portion of dynamic output that was generated by the web application in a first context, and a second portion of dynamic output that was generated by the web application in a second context, with the second context being different than the first context; configuring the run-time sanitization filter to identify the full set of marked content, the configuring using one or more string values included in the document; applying the run-time sanitization filter to the first portion of dynamic output that was generated in the first context; and applying the run-time sanitization filter to the second portion of dynamic output that was generated in the second context; wherein deploying the run-time sanitization filter separately from the web application and receiving the document that has been previously generated by the web application and determined to include the full set of marked content decouples (i) a determination about a need to sanitize the dynamic outputs generated by the web application, and (ii) sanitization performed as the hosted service by the run-time sanitization filter, the run-time sanitization filter thereby only sanitizing the document after the full set of marked content is ready to be examined. 5. The apparatus as described in claim 4 wherein the first context is HTML and the second context is JavaScript. 6. The apparatus as described in claim 4 wherein the computer instructions are executed by the processor to perform further operations comprising: performing dynamic content marking by modifying application code to mark the first portion of dynamic output as being generated in the first context; and performing dynamic content marking by modifying application code to mark the second portion of dynamic output as being generated in the second context. 7. A computer program product in a non-transitory computer readable medium for use in a data processing system, the computer program product holding computer program instructions that when executed by the data processing system perform operations, comprising: deploying a run-time sanitization filter separately from a web application, the run-time sanitization filter being deployed to provide a sanitization function as a hosted service; receiving, by the run-time sanitization filter, a document that has been previously generated by the web application and determined to include a full set of marked content, the full set of marked content comprising at least a first portion of dynamic output that was generated by the web application in a first context, and a second portion of dynamic output that was generated by the web application in a second context, with the second context being different than the first context; configuring the run-time sanitization filter to identify the full set of marked content, the configuring using one or more string values included in the document; applying the run-time sanitization filter to the first portion of dynamic output that was generated in the first context; and applying the run-time sanitization filter to the second portion of dynamic output that was generated in the second context; wherein deploying the run-time sanitization filter separately from the web application and receiving the document that has been previously generated by the web application and determined to include the full set of marked content decouples (i) a determination about a need to sanitize the dynamic outputs generated by the web application, and (ii) sanitization performed as the hosted service by the run-time sanitization filter, the run-time sanitization filter thereby only sanitizing the document after the full set of marked content is ready to be examined. 8. The computer program product as described in claim 7 wherein the first context is HTML and the second context is JavaScript. 9. The computer program product as described in claim 7 wherein the computer instructions are executed by the processor to perform further operations comprising: performing dynamic content marking by modifying application code to mark the first portion of dynamic output as being generated in the first context; and performing dynamic content marking by modifying application code to mark the second portion of dynamic output as being generated in the second context. 10. The method as described in claim 1 wherein the run-time sanitization filter is deployed in a cloud computing operating environment. 11. The apparatus as described in claim 4 wherein the run-time sanitization filter is deployed in a cloud computing operating environment. 12. The apparatus as described in claim 7 wherein the run-time sanitization filter is deployed in a cloud computing operating environment.
Assignees
Inventors
Classifications
by adding security routines or objects to programs · CPC title
Computer malware detection or handling, e.g. anti-virus arrangements · CPC title
Authenticating web pages, e.g. with suspicious links · CPC title
- G06F21/50Primary
Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems · CPC title
at application loading time, e.g. accepting, rejecting, starting or inhibiting executable software based on integrity or source reliability · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US10372899B2 cover?
- A technique to provide runtime output sanitization filtering of web application content that contains multiple contexts in which dynamic output is included. To facilitate this operation, dynamically-generated content is prepared for sanitization in advance, preferably by being “marked” by the web application itself (or by middleware). Preferably, given dynamically-generated content is marked by…
- Who is the assignee on this patent?
- Pieczul Olgierd, Mcgloin Mark Alexander, Zurko Mary Ellen, and 1 more
- What technology area does this patent fall under?
- Primary CPC classification G06F21/50. Mapped technology areas include Physics.
- When was this patent published?
- Publication date Tue Aug 06 2019 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).