1. Field of the Invention
Embodiments of the present invention relate to web browsers, and more particularly to cross-site scripting.
2. Background Art
Cross-site scripting (XSS) is a common type of security vulnerability found in internet content. Cross-site scripting for example, is a class of vulnerabilities in web-applications that allow user input to modify in unintended ways the structure of web pages returned by a server. Typically, this translates to arbitrary code execution in the context of a web browser of the user (e.g. JavaScript execution) at a client used by the user.
In some cases, an attacker exploits a XSS vulnerability to compromise a victim's account or steal a victim's data in different ways. A XSS vulnerability is usually caused when a server receives input from an un-trusted source and incorporates this as part of its output to a different user. Several web applications create their content based on input from their users. User generated content (UGC) could be created any time a web site incorporates input generated by users (blog posts, photos, comments, documents, etc.) as part of its own content. For example, a ‘blogging’ site allows users to post journal entries. This is an example where content provided by a user is included into content of a content provider for display to other users. Inclusion of user-generated content in such cases may create a XSS security vulnerability.
In order to exploit an XSS vulnerability, a user could send code or other executable content to be executed by another user, by first sending the dangerous content to a content provider (e.g. a ‘blogging’ site), which may then promptly distribute it to other users without proper safe guards.
The design of Hyper Text Mark-up Language (HTML) is such that web browsers are expected to execute all scripts on a given web page. This requires that any web site employing user-generated content must carefully control every instance such content is distributed to other users. Present methods of XSS defense include server-side measures which disable executable content or ‘scrub’ or remove executable content from a web page. Disabling executable content is not really an option (that is not an option for the server to instruct a browser to do that given currently available functionality in browsers). Another method is separating content into different domains but this is not possible in all cases and limits user experience.
However, these approaches are error-prone, difficult and fragile because they must be applied without exception to all cases of user-generated content and because the scrubbing requirements may vary based on the context UGC is being incorporated.
Additionally, disabling scripts completely is not viable because scripting is critical for many websites. Additionally, statically examining executable content and scripts (e.g. JavaScript) may not be sufficient because JavaScript allows new code to be dynamically fed to an interpreter using different commands. This means that even if all the script on the page is validated once at page load time, it can still receive un-trusted input and attempt to execute it, thereby exploiting any XSS vulnerabilities.