Static detection of context-sensitive cross-site scripting vulnerabilities
Number of patents in Portfolio can not be more than 2000
United States of America Patent
Stats
-
Jun 18, 2019
Grant Date -
Jan 25, 2018
app pub date -
Sep 30, 2016
filing date -
Jul 19, 2016
priority date (Note) -
In Force
status (Latency Note)
Importance
Abstract
A method for statically analyzing a web application program may include obtaining a control flow graph for the web application program. Each control flow graph node may correspond to a statement in the web application program. The method may further include obtaining a sanitizer sequence including one or more sanitizers followed by an output statement, obtaining a placeholder corresponding to the sanitizer sequence, and generating control flow paths including an output node that corresponds to the output statement. The method may further include generating documents for each control flow path. Each document may include a sanitized value corresponding to the output statement. The method may further include inserting the placeholder into each document at a location of the sanitized value, and reporting a potential cross-site scripting flaw when the sanitizer sequence is insufficient for the output context sequence of the sanitized value.
First Claim
Family
International Classification(s)
- [Classification Symbol]
- [Patents Count]
Cited Art Landscape
Patent Citation Ranking
Recipient Email Address
Recipient Email Address
Comment
Recipient Email Address
Add to Portfolio(s)
To add this patent to one, or more, of your portfolios, simply click the add button.
This Patent is in these Portfolios:
Add to additional portfolios:
Last Refreshed On:
Changes done successfully