The present invention relates to computer security, and more specifically, to cross-domain access prevention.
Cross-site scripting (XSS) and cross-site request forgery (XSRF) are examples of client-side computer security issues associated with accessing web pages. XSS and XSRF can occur in web applications that allow script or code injection by malicious users into the web pages viewed by other users. XSS and XSRF typically rely on malicious scripts (such as JavaScript) or code running on the victim's web browser to gather data from the web browser itself (e.g., cookies) and from additional requests submitted from the web browser on behalf of the victim. The gathered information is then passed on to hackers via the Internet or other means. The malicious scripts and/or code do not merely gather data but can also perform actions on the victim's behalf, for instance, transferring funds from bank accounts, forwarding emails, and initiating other web-based mischief.