The present invention relates generally to the rendering of web pages, and more specifically to securing objects on a rendered web page.
Client installed scripts (CIS) are a class of computer programs run on a client computer by a web browser to modify web pages and user interactions with web pages provided to the client computer from a web server. After a user requests a web page from the web server, the client installed script intercepts the web page and makes modifications to the HyperText Markup Language (HTML) or Dynamic HyperText Markup Language (DHTML) behind the web page and then presents the modified web page to the client web browser for rendering. Client installed scripts may contain instructions for the browser to follow if the user interacts with the document in a certain way, e.g., entering a username or a password. These instructions can be followed without further communication with the web server or interaction on the user's behalf.
A popular client installed script is GREASEMONKEY. GREASEMONKEY allows users to install client scripts that render changes to a web page every time the web page is loaded. CIS can be used for adding new functions to web pages such as fixing rendering bugs, removing specific content, such as advertising and popups, adding links, buttons, and other HTML elements to a web page, combining data from multiple web pages, etc. These scripts manipulate the content of a web page via the Document Object Model (DOM) interface.
Client installed scripts may also exhibit malicious behavior. That is, some CIS may be programmed as malware for the express purpose of comprising user names and passwords, or for stealing other sensitive information from a user. Client installed scripts can be easily programmed to surreptitiously record user information and pass this user information to another computer without the consent of the user.
Thus, there is a need in the art for a software program or method that prevents client installed scripts from exhibiting malicious behavior and compromising sensitive user information.