Web browsers are increasingly becoming a single-stop resource for computing needs including information access, personal communications, e-commerce and much more. Consequently, web pages are designed to combine data and functionality from two or more external sources to create a new service. In the related art, such web pages are known as “mashup pages.”
The mashup technology allows integrating data and functionality into a web page using one or more open application programming interfaces (APIs). A prime example of a mashup web page is an online advertisement hosted within a page, typically in a form of a banner. The banner generally promotes a specific vendible product and when it is clicked upon, the user is linked, for example, to the advertiser's site, where more detailed information is provided about the vendible product. An online advertisement is typically displayed as a combination of text, audio, still images, animation, video, and interactivity content forms. Different content types may be different objects of a rich-media advertisement. Rich media content can be downloadable or may be embedded in a webpage and can be viewed using a media player. The media player may be a plug-in or an offline application. An example for a rich media format and player is Flash provided by Adobe®.
The mashup web page is typically referred to as a “hosting web page” and the external objects as “third party modules.” The drawback of the mashup architecture is that the hosting web page is vulnerable to attacks from third party modules, as these modules have full access to APIs of the hosting web page. In the related art, solutions to a secure hosting web page include, for example, browser abstractions. The browser abstractions facilitate resource management and access control. The browser abstractions are implemented using dedicated HTML tags, e.g., <sandbox> and a script proxy provided as an extension of a web browser.
The disadvantage of this approach is that APIs of hosting pages are still exposed to malicious third party modules. In addition, in order to secure hosting web pages, a web browser installed in each client should be updated to include the script proxy. In today's environment, where different vendors provide different web versions, the security approach of web browser abstractions is not feasible.
It would therefore be advantageous to provide an efficient solution for securing web pages hosting third party modules.