It is increasingly common for computer-based software applications to provide web page browsing capabilities within their user-interfaces, typically using embedded web browser software. However, whereas stand-alone web browser applications typically employ numerous security features to shield the user from malicious attacks, other types of software applications that provide web page browsing capabilities, such as media players, typically do not.
In one well-known type of malicious attack that is often referred to as a cross-application scripting attack, data obtained from an untrusted source is sent unfiltered from a trusted application to a web browser. In this type of attack an attacker can, for example, insert malicious content, such as in the form of a JavaScript™ script, into a document, such as one containing Hypertext Markup Language (HTML) source code. If an application accesses the document and does not remove or otherwise quarantine the malicious content before providing it to its browser, the script might be executed by the browser, potentially exposing the host computer to known security breaches, such as where the script is granted access to local resources, cookies and data that stand-alone web browser applications do not provide.