MozillaWiki

Security/Features/XSS Filter: Difference between revisions

Page Discussion

Security/Features/XSS Filter (view source)

Revision as of 06:54, 24 June 2011

1 byte removed ,  24 June 2011
no edit summary
No edit summary
No edit summary
Line 21: Line 21:
[[File:architecture3.png|frame|XSS Filter Architecture]]
[[File:architecture3.png|frame|XSS Filter Architecture]]


The picture above shows how the filter interacts with the rest of the browser: it is tightly integrated into the Mozilla framework and it is able to interpose on calls to the JavaScript engine, which happen either when (a) a <script> node or some other HTML construct is parsed by the HTML engine, (b) JavaScript evaluates strings as code (e.g. using eval or setTimeout) and (c) JavaScript uses the DOM API to generate new HTML content that is fed into the parser.
The picture above shows how the filter interacts with the rest of the browser: it is tightly integrated into the Mozilla framework and it is able to interpose on calls to the JavaScript engine, which happen either when (a) a <script> node or some other HTML construct is parsed by the HTML engine, (b) JavaScript evaluates strings as code (e.g. using eval or setTimeout) or (c) JavaScript uses the DOM API to generate new HTML content that is fed into the parser.


For implementation details, please see the [https://intranet.mozilla.org/XSS_Filter intranet page]
For implementation details, please see the [https://intranet.mozilla.org/XSS_Filter intranet page]
Rpelizzi
18

edits

Retrieved from "https://wiki.allizom.org/Special:MobileDiff/322541"