As is well known, an HTML injection of a web or WAP page (hereinafter collectively referred to as a “HTML page”) refers to an action maliciously faking a file information in the HTML page or replacing the file information in the HTML page with an entirely new false information on a network. This action may be variously motivated by, e.g., making a financial profit, a pure curiosity about hacking a network, and so on.
In a prior art, an anti HTML injection, which is a technique to block the HTML injection, has been implemented in a server side and a network side. A typical example of the anti HTML injection includes an agent system installed in the server.
Such an agent system generates an agent using a java applet, which can be automatically downloaded into a browser of an approaching user, and causes the agent to transmit information about the approaching user via a socket within the agent. The server detects the original location of a trespasser concealing one's location by comparing HTTP (Hyper Text Transfer Protocol) header information for the approaching user and the trespasser accessing the server to trace the trespasser. Also, the server can pursue an intermediate route through the HTTP header information. The HTTP header information received from the agent can also be used to pursue a malicious user who uploads an unfair data or reply in a storage room or a notice board. In addition, the HTTP header information can also be used to prevent the access of a user who intends to conceal his or her information by using intermediate routes.
However, the above-mentioned agent system greatly affects availability of the server. Recently, there occurs an event to attack a web page of a financial agency through the use of a separate HTML injection technique, in which it renders the HTML page to fake by accessing a client side. Nevertheless, the existing anti HTML injections cannot protect itself from the direct attack from the client side through the HTML injection.