Users today rely on the Internet for a variety of things. Users can find information on more mundane matters, such as checking for a recipe on how to make a particular dish or on more serious matters such as finding a new job, maintaining professional contacts, or finding people with the right qualifications to hire. This has led to very sophisticated Websites that include many features, often from different developers. These developers can be in-house (e.g., developers who work directly for the Website operator) or third-party developers (e.g., developers who create material for use with the Website but are not employed directly by the Website operator).
Especially for these feature rich Websites, securing them has become a particularly difficult task. Different features can be created by different developers, but they all need to work well together on each respective Website. An example of an error that can occur include encoding errors. For example, features on the Website may need to communicate with other features or data resources to exchange, update, create, or delete information. To do this, the features need to select the proper filters to make sure that the information is properly encoded. Failure to do this can result in duplication (or double encoding) of input information or execution of malicious scripts that can damage a computer or steal user information. However, due to the difficulty in identifying and properly fixing these errors, these errors are often undetected or, even when detected, improper fixes applied.
Therefore, there is a need for improved detection methods to prevent errors that occur when exchanging information among different features that may exist on a Website, such as analyzing Web page templates in source code without rendering the template.
The approaches described in this section are approaches that could be pursued, but not necessarily approaches that have been previously conceived or pursued. Therefore, unless otherwise indicated, it should not be assumed that any of the approaches described in this section qualify as prior art merely by virtue of their inclusion in this section.