Web扩展对于安全的一贯性具有综合影响.定义了影响安全模型的Web入侵、网络入侵与Gadget入侵的行为能力.提出了Web扩展模型具有Web概念的浏览器、服务器、协议的类、属性与方法.使用该扩展模型研究了重定向请求到入侵者服务器的交叉区域资源共享安全机制,以及相同区域源网站的引用验证安全机制,分析了两个机制的脆弱性,并提出了忽略重定向请求与禁止出口引用的解决方案.%Web extensions for security consistency have a comprehensive impact. It defines the effect of security model capacity in the Web Attacker, Network Attacker and Gadget Attacker. Web extension model proposed the concept of a Web browser, server, protocol type, properties and methods. Finally, it studied using the extended model intruder server redirects the request to cross-origin resource sharing security mechanisms, and the same-origin site refer validation security mechanism, analysis of the vulnerability of the two mechanisms, and proposes ignore redirect request and suppress all outgoing refer solutions.
展开▼