Patent · US Active

Protecting websites from cross-site scripting

US9553865B2 · kind B2 · utility

0Cited by

3References

20Claims

0Family size

Assignee

AMAZON TECHNOLOGIES, INC. · US

Inventors

Brian Evan Maher · Issaquah, US
Sachin Purushottam Joglekar · Dallas, US
Jesper Mikael Johansson · Redmond, US

Key dates

Filing date	May 11, 2015
Grant date	Jan 24, 2017
Priority date	—
Expiry date	Jul 15, 2035

Classification

Technology area (CPC H)Electricity
CPC primaryH04L67/02
WIPO fieldDigital communication
WIPO sectorElectrical engineering

Abstract

Methods and systems for protecting websites from cross-site scripting are disclosed. A request for a web page comprising a web page element is received from a client. It is determined if the web page comprises a data integrity token for the web page element. It is also determined if a value of the data integrity token matches an expected value. If the web page comprises the data integrity token and if the value matches the expected value, the web page comprising the web page element is sent to the client. If the web page does not comprise the data integrity token or if the value does not match the expected value, a protective operation is performed.

Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.