Today, when a user or client machine, e.g., a computer or a mobile device, requests a webpage on the Internet via a web browser, e.g., a resource name through a Hypertext Transfer Protocol (HTTP) GET command to a web server, content is sent from the web server or other location on the Internet and is rendered the web browser. Content can include both active content and passive content. Active content, including forms or other dynamic scripts (e.g. embedded script in JavaScript or AJAX), may be embedded in web pages that are received over the Internet. JavaScript instructions that are embedded in web pages can be executed by a web browser when the web page is selected. As more and more users are interconnected over the Internet, computer security becomes increasingly more important as active content in web pages can include malicious software (malware). In some cases, a user may forego security measures from certain websites and implicitly trust that the content being delivered will not harm the user's machine. However, third-parties can circumvent web server security and insert bad content or manipulate active content in web pages during transit from trusted web domains to the user. For example, active content that has the potential to steal information from the user machine can be inserted through cross-site scripting via a gateway or man-in-the middle (MITM) injection.
Prior art solutions on computer security have focused on requiring users to have “special” browsers to view web pages or requiring web site providers to implement excessive and expensive technology to counteract the malware. In other instances, a Hypertext Transfer Protocol Secure (HTTPS) protocol is used to protect the data connection between a web browser and a client by using session keys to encrypt the data flow between the two. However, HTTPS does not protect the user from scripts that are embedded within a web page. Additionally, conventional solutions cannot selectively disable “untrusted” active content within a web page. Other conventional solutions use content security policy (CSP) within a web browser to inform a browser to ignore inline JavaScript or prevent loading image files, audio files, or the like. However, these solutions do not add a trust factor to active content embedded within a web page. A way of ensuring trustworthy active content in web pages that are received by a user client over the internet through a signature method would be desirable.