Who is the assignee on this patent?

Pieczul Olgierd, Mcgloin Mark Alexander, Zurko Mary Ellen, and 1 more

What technology area does this patent fall under?

Primary CPC classification G06F21/51. Mapped technology areas include Physics.

When was this patent published?

Publication date Tue Aug 06 2019 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.

What related patents are in patentsdb?

We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).

Method and apparatus for dynamic content marking to facilitate context-aware output escaping

US10375107B2 · US · B2

Patent metadata
Field	Value
Publication number	US-10375107-B2
Application number	US-84181410-A
Country	US
Kind code	B2
Filing date	Jul 22, 2010
Priority date	Jul 22, 2010
Publication date	Aug 6, 2019
Grant date	Aug 6, 2019

How to read this patent

A practical reading order for non-experts. Skip the full description unless you need deep technical detail.

Title
What the patent document calls the invention.
Abstract
A short plain-language summary of the technical disclosure.
Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
Key dates
Filing, priority, publication, and grant dates set the timeline.
First independent claim
The legal scope of protection — read this for what is actually claimed.
CPC / IPC classifications
Technology tags used to group this patent with similar filings.
Citations and related patents
Prior art links and similar publications in this corpus.

Abstract

Official abstract text for this publication.

A technique to provide runtime output sanitization filtering of web application content that contains multiple contexts in which dynamic output is included. To facilitate this operation, dynamically-generated content is prepared for sanitization in advance, preferably by being “marked” by the web application itself (or by middleware). Preferably, given dynamically-generated content is marked by enclosing it between dynamic content indicators. After the document generation is completed but before it is output, the application-generated content is processed by a content sanitization filter. The filter uses the dynamic content identifiers to identify and locate the content that needs output escaping. The filter detects the appropriate context within which the dynamically-generated content has been placed and applies escaping. The output content is prepared for escaping in advance even if assembled from multiple sources that do not operate in the same runtime environment.

First claim

Opening claim text (preview).

The invention claimed is: 1. A method, comprising: generating a dynamic output marking, by a dynamic content marking function, to selectively mark a plurality of pieces of dynamically-generated content being output by a web application to obtain a set of marked content, the dynamic content marking function being associated with a sanitization filter function deployed separately from, and not integrated with, the dynamic content marking function; outputting, by the dynamic content marking function, the set of marked content to an output buffer; determining that the set of marked content in the output buffer represents a full set of content; responsive to the determination that the set of marked content in the output buffer represents a full set of content, providing the full set of content from the output buffer to the sanitization filter function, the sanitization filter function having been further configured to identify the full set of content using one or more string values included with the full set of content; wherein: lack of integration of the dynamic marking content function and the sanitization filter function decouples: (i) a determination about a need to sanitize the plurality of pieces of dynamically-generated content affected by the selective marking of the dynamic content marking function, and (ii) sanitization performed by the sanitization filter function; and the lack of integration of the dynamic content marking function and the sanitization filter function allows the sanitizing, by the sanitization filter function, to occur after the full set of content is ready to be examined, as determined using the one or more string values. 2. The method as defined in claim 1 wherein the dynamic content marking function is located at a remote location with respect to the sanitization function. 3. The method as defined in claim 1 wherein the dynamic content marking function is implemented as a library function that is called by the web application. 4. An apparatus, comprising: a processor; computer memory holding computer program instructions that when executed by the processor perform operations, comprising: generating a dynamic output marking, by a dynamic content marking function, to selectively mark a plurality of pieces of dynamically-generated content being output by a web application to obtain a set of marked content, the dynamic content marking function being associated with a sanitization filter function deployed separately from, and not integrated with, the dynamic content marking function; outputting, by the dynamic content marking function, the set of marked content to an output buffer; determining that the set of marked content in the output buffer represents a full set of content; responsive to the determination that the set of marked content in the output buffer represents a full set of content, providing the full set of content from the output buffer to the sanitization filter function, the sanitization filter function having been further configured to identify the full set of content using one or more string values included with the full set of content; wherein: lack of integration of the dynamic marking content function and the sanitization filter function decouples: (i) a determination about a need to sanitize the plurality of pieces of dynamically-generated content affected by the selective marking of the dynamic content marking function, and (ii) sanitization performed by the sanitization filter function; and the lack of integration of the dynamic content marking function and the sanitization filter function allows the sanitizing, by the sanitization filter function, to occur after the full set of content is ready to be examined, as determined using the one or more string values. 5. The apparatus as described in claim 4 wherein the dynamic content marking function is located at a remote location with respect to the sanitization function. 6. The apparatus as described in claim 4 wherein the dynamic content marking function is implemented as a library function that is called by the web application. 7. A computer program product in a non-transitory computer readable medium for use in a data processing system, the computer program product holding computer program instructions that when executed by the data processing system perform operations, comprising: generating a dynamic output marking, by a dynamic content marking function, to selectively mark a plurality of pieces of dynamically-generated content being output by a web application to obtain a set of marked content, the dynamic content marking function being associated with a sanitization filter function deployed separately from, and not integrated with, the dynamic content marking function; outputting, by the dynamic content marking function, the set of marked content to an output buffer; determining that the set of marked content in the output buffer represents a full set of content; responsive to the determination that the set of marked content in the output buffer represents a full set of content, providing the full set of content from the output buffer to the sanitization filter function, the sanitization filter function having been further configured to identify the full set of content using one or more string values included with the full set of content; wherein: lack of integration of the dynamic marking content function and the sanitization filter function decouples: (i) a determination about a need to sanitize the plurality of pieces of dynamically-generated content affected by the selective marking of the dynamic content marking function, and (ii) sanitization performed by the sanitization filter function; and the lack of integration of the dynamic content marking function and the sanitization filter function allows the sanitizing, by the sanitization filter function, to occur after the full set of content is ready to be examined, as determined using the one or more string values. 8. The computer program product as defined in claim 7 wherein the dynamic content marking function is located at a remote location with respect to the sanitization function. 9. The computer program product as defined in claim 7 wherein the dynamic content marking function is implemented as a library function that is called by the web application. 10. The method as defined in claim 1 wherein the sanitization filter function is deployed in a cloud computing operating environment. 11. The apparatus as defined in claim 4 wherein the sanitization filter function is deployed in a cloud computing operating environment. 12. The computer program product as defined in claim 7 wherein the sanitization filter function is deployed in a cloud computing operating environment.

Assignees

Inventors

Classifications

G06F21/51Primary
at application loading time, e.g. accepting, rejecting, starting or inhibiting executable software based on integrity or source reliability · CPC title
H04L67/02
based on web technology, e.g. hypertext transfer protocol [HTTP] · CPC title
H04L63/1466Primary
Active attacks involving interception, injection, modification, spoofing of data unit addresses, e.g. hijacking, packet injection or TCP sequence number attacks · CPC title
G06F2221/2119
Authenticating web pages, e.g. with suspicious links · CPC title
H04L63/14
for detecting or protecting against malicious traffic · CPC title

Patent family

Related publications grouped by family.

View patent family 44532769

External sources

Frequently asked questions

Answers are generated from the same data shown on this page.

What does patent US10375107B2 cover?: A technique to provide runtime output sanitization filtering of web application content that contains multiple contexts in which dynamic output is included. To facilitate this operation, dynamically-generated content is prepared for sanitization in advance, preferably by being “marked” by the web application itself (or by middleware). Preferably, given dynamically-generated content is marked by…
Who is the assignee on this patent?: Pieczul Olgierd, Mcgloin Mark Alexander, Zurko Mary Ellen, and 1 more
What technology area does this patent fall under?: Primary CPC classification G06F21/51. Mapped technology areas include Physics.
When was this patent published?: Publication date Tue Aug 06 2019 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
What related patents are in patentsdb?: We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).