1. Technical Field
This disclosure generally relates to a system for providing content to a user, and more specifically relates to a system for controlling execution of scripts that attempt to access different sections of a page.
2. Background Art
When the Internet was in its infancy, static information was presented to a web browser as a single stream of data called a “web page.” Later, web pages were enhanced so they could include dynamic information, such as stock quotes. These web pages were still presented in the form of a single stream of data, with the dynamic data being inserted by the server at the time the web page was requested. Newer advancements in web pages include scripting languages such as JavaScript that allow content in a web page to be acted upon in a browser via scripts. In addition, the notion of content aggregation allows a user to define a page that includes content from many different sources. A particular source of content on a page is sometimes referred to as a “portlet”. Thus, a user could create a page that includes many portlets that each retrieves data from different content providers, such as web sites. Even with dynamic information from many different web sites that includes scripts, the final web page rendered to the user is a single stream of data after the web page is assembled by the server.
The ability to manipulate content via a script in the browser provides a way for a hacker to attack a user. For example, let's assume a user defines a web page with two portlets, one for online banking and one for online games. Let's further assume the web site that hosts the online games contains malware that attempts to send a user's personal information to a hacker that wrote the malware. In this scenario, a script in the game portal could interrogate a Document Object Model (DOM) for the web page, and determine that personal and banking information is available on the portlet for online banking The user's personal and banking information could then be accessed and sent by the script to the hacker. Thus, the complexity of multiple portlets and scripts makes the user potentially vulnerable to hacker attacks.