Cross-site scripting defense using document object model template
US-9699142-B1 · Jul 4, 2017 · US
Analyzing structure of web application
US2016078146A1 · US · A1
| Field | Value |
|---|---|
| Publication number | US-2016078146-A1 |
| Application number | US-201314762939-A |
| Country | US |
| Kind code | A1 |
| Filing date | Jan 29, 2013 |
| Priority date | Jan 29, 2013 |
| Publication date | Mar 17, 2016 |
| Grant date | — |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Example embodiments disclosed herein relate to analyzing a web application. A web application is loaded. User actions are simulated on user interface elements of the web application. A structure of the web application is traversed based on rules to determine a set of actionable tokens. The respective actionable tokens include a portion of the web application that can change a user interface presented based on the web application.
First claim
Opening claim text (preview).
What is claimed is: 1 . A system comprising: a browser layout engine to load a web application; a scanner to simulate user actions on user interface elements of the web application; and a document analyzer to traverse a structure of the web application based on rules and to transform complex Document Object Model of the web application into a set of actionable tokens, wherein the respective actionable tokens include a portion of the web application that can change a user interface presented based on the web application. 2 . The system of claim 1 , wherein the portion includes a valid target of at least one of: a keyboard event, a click event, and a JavaScript object. 3 . The system of claim 1 , wherein the rules include at least one selector, and the at least one selector returns at least one of the actionable tokens. 4 . The system of claim 3 , wherein the document analyzer determines from one of the actionable tokens that a set of selectors is relevant; and enabling the set of selectors based on the relevancy determination, and wherein the relevancy determination is based, at least in part, on a cache of the browser layout engine. 5 . The system of claim 1 , wherein the respective actionable tokens include a locator and a set of permitted actions. 6 . The system of claim 5 , wherein the scanner or another scanner includes an event handler to consume the actionable tokens, wherein the scanner or the other scanner uses the actionable tokens to determine a set of tests to execute on the web application. 7 . The system of claim 6 , wherein the scanner or the other scanner executes the tests on the web application based on the actionable tokens by executing, for each of the actionable tokens, a test located based on the respective locator and the respective permitted actions at the locator. 8 . The system of claim 5 , wherein the document analyzer determines that a particular type of code is executable on the web application, and wherein the document analyzer determines at least one of the permitted actions based on the particular type. 9 . Anon-transitory machine-readable storage medium storing instructions that, if executed by at least one processor of a computing system, cause the computing system to: load a web application; simulate a user actions on user interlace elements of the web application; and traverse a structure of the web application based on rules and the user actions and to analyze complex Document Object Model (DOM) of the web application to determine a set of actionable tokens, wherein the respective actionable tokens include a portion of the web application that can change a user interface presented based on the web application, and wherein the respective actionable tokens include a locator and a set of permitted actions. 10 . The non-transitory machine-readable storage medium of claim 9 , further comprising instructions that, if executed by the at least one processor, cause the computing system to: consume the actionable tokens to determine a set of tests to execute on the web application; and execute, for each of the actionable tokens, a test located based on the respective locator and the respective permitted actions associated with the locator. 11 . The non-transitory machine-readable storage medium of claim 9 , further comprising instructions that, if executed by the at least one processor, cause the computing system to: determine from one of the actionable tokens that a set of selectors is relevant; enable the set of selectors based on the relevancy determination; and further analyze the DOM based on the selectors to generate additional sets of the actionable tokens. 12 . The non-transitory machine-readable storage medium of claim 9 , wherein the portion includes a valid target of a JavaScript object. 13 . A method comprising: loading a web application; simulating a user actions on user interface elements of the web application; and traversing a structure of the web application based on rules and to analyze complex Document Object Model (DOM) of the web application to determine a set of actionable tokens, wherein the respective actionable tokens include a portion of the web application that can change a user interface presented based on the web application, and wherein each of the actionable tokens include a respective locator and a respective set of permitted actions. 14 . The method of claim 13 , further comprising: consuming the actionable tokens to determine a set of tests to execute on the web application for each of the actionable tokens; and executing, for each of the actionable tokens, the respective set of tests located based on the respective locators and the respective permitted actions associated with the respective locators. 15 . The method of claim 13 , wherein the portion includes a valid target of at least one of: a keyboard event and a click event.
Assignees
Inventors
Classifications
Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines · CPC title
Test or assess software · CPC title
for implementing user interfaces · CPC title
Authenticating web pages, e.g. with suspicious links · CPC title
- G06F21/51Primary
at application loading time, e.g. accepting, rejecting, starting or inhibiting executable software based on integrity or source reliability · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US2016078146A1 cover?
- Example embodiments disclosed herein relate to analyzing a web application. A web application is loaded. User actions are simulated on user interface elements of the web application. A structure of the web application is traversed based on rules to determine a set of actionable tokens. The respective actionable tokens include a portion of the web application that can change a user interface pre…
- Who is the assignee on this patent?
- Hewlett Packard Development Co
- What technology area does this patent fall under?
- Primary CPC classification G06F21/51. Mapped technology areas include Physics.
- When was this patent published?
- Publication date Thu Mar 17 2016 00:00:00 GMT+0000 (Coordinated Universal Time) (A1). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 3 related publications on this page (citations in our corpus or others sharing the same primary CPC).