Patent · US Active

Automatic context-sensitive sanitization

US9882923B2 · kind B2 · utility

1Cited by

1References

20Claims

0Family size

Assignee

MICROSOFT TECHNOLOGY LICENSING, LLC · US

Inventors

David Molnar · Seattle, US
Benjamin Livshits · Kirkland, US
Patrice Godefroid · Naperville, US
Prateek Saxena · Berkeley, US

Key dates

Filing date	Nov 24, 2014
Grant date	Jan 30, 2018
Priority date	—
Expiry date	Jun 26, 2035

Classification

Technology area (CPC H)Electricity
CPC primaryH04L63/1433
WIPO fieldComputer technology
WIPO sectorElectrical engineering

Abstract

An automatic context-sensitive sanitization technique detects errors due to the mismatch of a sanitizer sequence with a browser parsing context. A pre-deployment analyzer automatically detects violating paths that contain a sanitizer sequence that is inconsistent with a browsing context associated with outputting an untrusted input. The pre-deployment analyzer determines a correct sanitizer sequence which is stored in a sanitization cache. During the runtime execution of the web application, a path detector tracks execution of the web application in relation to the violating paths. The correct sanitizer sequence can be applied when the runtime execution follows a violating path.

Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.