公开(公告)号：US20160323309A1

公开(公告)日：2016-11-03

申请号：US14700456

申请日：2015-04-30

Applicant: Yahoo! Inc.

Inventor： Vibha Sethi ,  Binu Ramakrishnan ,  Christopher Harrell

IPC: H04L29/06 ,  G06F17/30 ,  H04L29/08

Abstract: The present teaching relates to blocking malicious third party site tagging using content security policy (CSP). A request to access a web page is first received for obtaining a page resource associated with the web page. One or more tags are further added to the page resource, and one or more tag sources corresponding to the one or more tags are interpreted. Based on the one or more tag sources, at least one content security policy is constructed and enforced on the page resource. The web page is presented to the user with whitelisted tags in accordance with the enforced at least one content security policy.

Abstract translation: 本教程涉及使用内容安全策略（CSP）阻止恶意第三方站点标记。 首先接收访问网页的请求以获得与网页相关联的页面资源。 将一个或多个标签进一步添加到页面资源中，并且解释与一个或多个标签对应的一个或多个标签源。 基于一个或多个标签源，在页面资源上构建和实施至少一个内容安全策略。 根据强制执行的至少一个内容安全策略，该网页被呈现给具有白名单标签的用户。