The present invention relates generally to the field of content browsers. More particularly, the present invention relates to displaying data via an application executed on a computer. More particularly still, the present invention relates to restricting the size and position of content browser windows to preserve integrity.
A content browser (hereafter, “browser”) is an application used to locate and display web pages, or other content. A browser application retrieves web content elements (such as images, controls, text, etc.) and renders them in one or more user interface (UI) windows. The UI refers to what is displayed, or otherwise presented, to the user by the application through a display device or other output device.
A script is a list of commands that can be executed without user interaction. For example, a web page can include one or more scripts which can range in complexity from changing an image, to creating a new window, to entire online applications. Such scripts can be written in Java, perl, or other interpreted or compilable script language known to those skilled in the art, or in a combination thereof.
A window is a division of a computer display screen which has boundaries, and is usually a rectangular area. In a graphical user interface (GUI), windows can be typically be opened, closed, and moved around on the screen. The user can typically control the size and shape of the windows. Windows can overlap other windows partially or fully.
A popup window (hereafter, “popup”) is a type of window that appears on top of (over) the browser window, and is usually triggered by a script which is triggered by the content being browsed. Popups can be somewhat obtrusive, in that they often cover other windows, particularly the browser window that the user was in the process of reading. Popup ads are used extensively in advertising on the Web, though popups have other applications as well. Popups typically lack the normal controls associated with a browser window, such as a title bar, status bar, scrollbar, navigation controls, etc.
A parent window is the primary window of the application that launched the window. In the context of browsers, the parent window describes the portion of the browser window that contains the content being browsed, but generally does not include the title bar, status bar, navigation controls, scrollbar, address bar, or other non-content-controlled portions of the browser window.
Windows typically occupy a desktop, which is an on-screen work area that uses icons and menus to simulate the top of a desk.
One problem with existing windows is that script-created windows could be maliciously drawn to extend beyond the size of the display screen, and then cover important elements of the window. Moreover, such windows could also be made to appear to be operating system dialog windows, or even mimic the entire desktop. Further, these windows could also be used to fool the user into thinking that a trusted web site is currently being browsed. Such confusion could lead to even bigger problems if the user is tricked into giving confidential information to an untrusted site.
It is with respect to these considerations and others that the present invention has been made.
In accordance with the present invention, a computer-implemented method is provided for the preservation of browser window integrity. A position for a proposed script-created window is received. A size for the proposed window is also received. The position is adjusted as necessary to preserve critical data on the computer screen. The size is likewise adjusted as necessary to preserve critical data on the computer screen. Finally, the proposed window is drawn at the adjusted window position with the adjusted window size.
In accordance with other aspects, the present invention relates to a system for the preservation of browser window integrity. A receiving module receives window position and window size for a script-created window. A position adjustment module adjusts the position of the window as necessary to preserve browser window integrity. Likewise, a size adjustment module adjusts the size of the window as necessary to preserve browser window integrity. Finally, a display module displays the window at the adjusted position, and of the adjusted size.
In accordance with yet other aspects, the present invention relates to a method for popup sizing and placement wherein window integrity is preserved. First, the size of the popup is reduced such that the popup size is less than the vertical size of the popup's parent window.
Next, the popup position is adjusted so that the popup does not extend above the top of the popup's parent window. Next, the popup position is adjusted so that it does not extend below the bottom of the popup's parent window. The popup position is then adjusted so that the popup appears immediately above its parent window.
The invention may be implemented as a computer process, a computing system or as an article of manufacture such as a computer program product or computer readable media. The computer readable media may be a computer storage media readable by a computer system and encoding a computer program of instructions for executing a computer process. The computer program readable media may also be a propagated signal on a carrier readable by a computing system and encoding a computer program of instructions for executing a computer process.
These and various other features as well as advantages, which characterize the present invention, will be apparent from a reading of the following detailed description and a review of the associated drawings.
The embodiments of the invention described herein may be implemented as logical operations in a distributed processing system or network 100 having a client computer system 102 and, optionally, a network server computer system 104, as shown in
In the client-server environment 100 of an illustrated embodiment of the invention shown in
The browser on the computer 102 retrieves an electronic document 108 from its site, i.e., the web server 104 on the Internet 106, and displays the document on the computer screen or output device 216 (
In one embodiment of the present invention, the browser utilizes a graphical interface, generating the rectangular viewing or display area 114 on the screen of the computer's output device 216 (
The browser displays the electronic document 108 that the user is currently viewing in the document display area 118. If the electronic document is too large to completely fit within the document area 118 the browser displays a portion of the document in the document area 118 and presents a scroll bar 120 in the browser frame 116. The user can manipulate the scroll bar 120 with a mouse or other pointing device or input key commands on the keyboard to change the visible portion of the document that is shown by the browser within the document display area 118. Manipulating the scroll bar 120 generally does not change the size or position of the window. The display 114 also comprises an address bar 122. The address bar displays the URL for the document 108 currently being displayed in document area 118. A popup 124 appears on top of the frame 116. Popup 124 does not cover up the address bar 122, or any of the contents of the document area 118. However, it could just as readily cover strategic portions of the frame 116 to mislead the user as to the contents of frame 116.
Given that the present invention may be implemented as a computer system,
In addition to the memory 204, the system may include at least one other form of computer-readable media. Computer-readable media can be any available media that can be accessed by the system 200. By way of example, and not limitation, computer-readable media might comprise computer storage media and communication media.
Computer storage media includes volatile and nonvolatile, removable and non-removable media implemented in any method or technology for storage of information such as computer readable instructions, data structures, program modules or other data. Memory 204, removable storage 208, and non-removable storage 210 are all examples of computer storage media.
Computer storage media includes, but is not limited to, RAM, ROM, EPROM, EEPROM, flash memory or other memory technology, CD-ROM, digital versatile disks (DVD) or other optical storage, magnetic cassettes, magnetic tape, magnetic disk storage or other magnetic storage devices, or any other medium which can be used to store the desired information and which can accessed by system 200. Any such computer storage media may be part of system 200.
System 200 may also contain a communications connection(s) 212 that allow the system to communicate with other devices. The communications connection(s) 212 is an example of communication media. Communication media typically embodies computer readable instructions, data structures, program modules or other data in a modulated data signal such as a carrier wave or other transport mechanism and includes any information delivery media. The term “modulated data signal” means a signal that has one or more of its characteristics set or changed in such a manner as to encode information in the signal. By way of example, and not limitation, communication media includes wired media such as a wired network or direct-wired connection, and wireless media such as acoustic, RF, infrared and other wireless media. The term computer readable media as used herein includes both storage media and communication media.
In accordance with an embodiment, the system 200 includes peripheral devices, such as input device(s) 214 and/or output device(s) 216. Exemplary input devices 214 include, without limitation, keyboards, computer mice, pens, or styluses, voice input devices, tactile input devices and the like. Exemplary output device(s) 216 include, without limitation, devices such as displays, speakers, and printers. For the purposes of this invention, the display is a primary output device. Each of these devices is well know in the art and, therefore, not described in detail herein.
Receive operation 304 receives the position and size data for the proposed window. The position and size data may be expressed in pixels, inches, centimeters, millimeters, points, or similar discrete or non-discrete measurement units, or relative percentages thereof. Position may be expressed relative to a home position (for example, the bottom left of the screen or window). In one particular embodiment, receive operation 304 relates to a browser application receiving such size and location information from a particular script or second application requesting to display a window.
Upon receiving position information, and prior to actually opening or displaying the window, determine operation 306 determines whether the proposed position meets criteria for window integrity. In one embodiment of the present invention, determine operation 306 determines whether the window, including its title and status bars, is completely within the viewing area of the desktop region of the screen. Data regarding the dimensions of the viewing area of the desktop region may be queried via a graphical user interface service, read from a desktop configuration file, or other method known to those skilled in the art. If the proposed position meets the aforementioned criteria, more specifically that the window is completely within the viewing area of the desktop region of the screen, flow branches YES to determine operation 310, discussed below. Otherwise, if the proposed position does not allow the window to fit within the desktop region, flow branches NO to adjust operation 308.
Adjust operation 308 adjusts the position of the window according to the criteria for window integrity used by determine operation 306. In one embodiment, this may include shifting the window up, down, left or right, but not changing the size of the window. In a particular embodiment of the present invention, these criteria are the same as those used in determine operation 306, e.g., that the window, including its title and status bars, is completely within the viewing area of the desktop region of the screen. In alternative embodiments, other sets of criteria may be used by adjust operation 308. For example, a more limited set of criteria could be used to simultaneously enforce additional window placement goals related to, or unrelated to window integrity.
Following adjust operation 308, or in cases where determine operation 306 determines that the size criteria matches or falls within the predetermined position threshold values, determine operation 310 determines whether the proposed size meets criteria for window integrity. In one embodiment of the present invention, determine operation 310 determines whether the window, including its title and status bars, is completely within the viewing area of desktop region of the screen. If the proposed size meets the predetermined size criteria, flow branches YES to display operation 314. Otherwise, if the proposed size fails to meet or fall within the predetermined size values, flow branches NO to reduce operation 312.
Upon determining that the proposed size does not satisfy pretermined requirements, reduce operation 312 reduces the size of the window according to criteria for window integrity. In one embodiment, reduce operation may shrink the window lengthwise and/or heightwise, without modifying the position of the window. In a particular embodiment of the present invention, these criteria are the same as those used in determine operation 310, e.g., that the window, including its title and status bars, is completely within the viewing area of the desktop region of the screen. In alternate embodiments, other sets of criteria may be used by reduce operation 312. For example, a more limited set of criteria could be used to simultaneously enforce additional window placement goals related to, or unrelated to window integrity.
Finally, display operation 314 displays the proposed window. This operation typically includes drawing, or “rendering,” the window. In one embodiment of the present invention, display operation 314 relies on the browser application to render the window. In another embodiment, display operation 314 relies on operating system calls to render the render the window. In still another embodiment, display operation 314 relies on a set of graphical user interface services. For example, the browser application could make one or more calls to an application program interface (API), which is a set of routines, protocols, and tools that software applications can use to interface with an operating system or window manager.
One skilled in the art will appreciate that determine operation 306, and determine operation 310 could take place in the opposite order without departing from the scope of this invention. In an alternative embodiment, determine operation 306 and determine operation 310 could be combined into a single step. In a further alternative embodiment, position and size integrity criteria could be used to predetermine an acceptable area for window placement, and a single determine operation (not pictured) would choose a subset of that acceptable area into which the proposed window would be placed.
By ensuring that the proposed window is rendered completely within the viewable area of the desktop, malicious sites are prevented from spoofing an entire desktop. Prior to the claimed invention, a script could create a window with its controls, scrollbar, title bar, etc. off the screen (and thus not visible to the user), with the visible window content resembling a desktop. Users could then be fooled into selecting a potentially harmful control within the window content, thinking it was actually one of the icons or controls on their desktop.
Upon calling the popup creation function, receive operation 404 receives the position and size data for the proposed popup from call operation 402. The position and size data can be expressed by the script author in pixels, inches, centimeters, millimeters, points, or similar discrete or non-discrete measurement units, or relative percentages thereof. Position may be expressed relative to a home position (for example, the bottom left of the screen or window). The browser or its associated GUI services handle any unit conversion or relative computations that may be necessary.
Upon receiving the position and size information, determine operation 406 determines whether the size of the proposed popup is greater than the vertical size of the parent window. If it is not, then flow branches NO to determine operation 410. If the size of the proposed popup is greater than the vertical size of the parent window, then flow branches YES to reduce operation 408. Reduce operation 408 then reduces the size of the proposed popup so that it is less than or equal to the size of the parent window.
In some cases, reduce operation 408 reduces the vertical dimensions of the popup, while in other cases, reduce operation 408 reduces the horizontal dimensions of the popup. Of course, reduce operation 408 may also reduce both horizontal and vertical dimensions of the popup.
Following reduce operation 408 (or determine operation 406, in cases where no reduction is necessary), determine operation 410 determines whether the proposed popup will extend above the top, or below the bottom, of the parent window. If neither is true, flow branches NO to determine operation 414, discussed below. If either or both are true, flow branches YES to adjust operation 412.
Adjust operation 412 adjusts the position of the proposed popup so that it neither extends above the top of the parent window, nor extends below the bottom of the parent window. In an alternative embodiment of the present invention, adjust operation 412 also adjusts the size of the proposed popup. In another alternative embodiment, adjust operation 412 adjusts the size, but not the position, of the proposed popup.
Determine operation 414 determines whether the proposed popup will overlap the parent window by a specified amount. The existence of overlap serves to help the user associate the popup and the parent window. If the windows were instead disjointed, and the popup looked like an operating system dialog box, the user could easily be tricked into selecting a control within the popup that may have undesirable consequences. Therefore, overlap control and positioning helps provide continuity between the parent and the popup.
In one embodiment of the present invention, the described specified amount of overlap is specified by a browser application developer. In another embodiment, the specified amount is determined dynamically as a percentage of total screen size. In yet other embodiments, users may have some control over this feature. Those skilled in the art will appreciate that other static and dynamic specification methods can be used without departing from the scope of the claimed invention If the specified overlap will occur, flow branches YES to determine operation 418. However, if said overlap will not occur, flow branches NO to adjust operation 416.
Adjust operation 416 adjusts the position of the proposed popup so that it overlaps the parent window by a specified amount. Again, this specified amount can be set statically or dynamically, and need not be the exact same amount as used by determine operation 416. In an alternative embodiment of the present invention, adjust operation 416 also adjusts the size of the proposed popup to establish sufficient overlap with the parent window. In another alternative embodiment, adjust operation 416 adjusts the size, but not the position, of the proposed popup to establish overlap and thus congruency.
Following adjust operation 416 (or determine operation 414 in cases where such adjustment was not necessary) determine operation 418 determines whether the proposed popup appears substantially immediately above the parent window. In this case, substantially immediately above means that no other windows will appear between the parent window and the popup when the latter is created. The popup will stack on top of the browser window, with no interposing windows of any kind. This requirement prevents the popup from masking over a dialog box that is attempting to warn the user about a potentially unsafe operation that the browsed page is attempting to initiate, or a portion of that dialog box.
If the proposed popup will appear immediately above the parent window, flow branches YES to display operation 422. However, if the proposed popup will not appear immediately above the parent window, flow branches NO to adjust operation 420.
Adjust operation 420 adjusts the position of the proposed popup so that it appears immediately above the parent window. One way it can do this is by altering the proposed popup's position in the stack of windows on the user's screen. This position is often referred to as the “z coordinate” of a window.
One skilled in the art will appreciate that determine operations 406, 410, 414, and 418 could occur in other orders than the example presented herein, without departing from the scope of this invention. Further, in an alternative embodiment, two or more of determine operations 406, 410, 414, and 418 could be combined into a single step. In a further alternative embodiment, position and size integrity criteria could be used to predetermine an acceptable area for window placement according to the criteria given for each determine operation, and a single determine operation (not pictured) would choose a subset of that area into which the proposed window would be placed.
Display operation 422 renders the proposed popup on the screen. As described above, the size and position are determined by the position and size data received by receive operation 404, and by reduce operation 408 and adjust operations 412, 416, and 420, if they occurred. The window may be rendered or drawn on the screen by way of an application program interface (API) call, or other methods known to those skilled in the art.
The described operations prevent popup windows from spoofing web browser controls, desktop controls, and dialog boxes. Prior to the claimed invention, a popup window shaped and sized the same as a browser address bar could be used to obscure the true address of content being browsed. The user could thus be fooled into thinking they are accessing a trusted site, and divulging confidential information such as account numbers and passwords.
In another embodiment of the present invention, popups are forced to include a status bar to provide the user with further clarification regarding their nature. Using this restriction, window integrity is further protected, since a popup with a status bar cannot convincingly spoof several kinds of controls, such as browser address bar contents or a desktop icon. In such a case, the added status bar “baggage” would stand out, and destroy the illusion that the malicious script author seeks to create.
While the aforementioned exemplary embodiments were presented in the context of a browser application, one skilled in the art will appreciate that the claimed invention could be used in any other context or environment where windows are created by external content, or by a remote client, or any other environment where non-trusted content can create windows, without departing from the scope of the claimed invention.
The various embodiments described above are provided by way of illustration only and should not be construed to limit the invention. Those skilled in the art will readily recognize various modifications and changes that may be made to the present invention without following the example embodiments and applications illustrated and described herein, and without departing from the true spirit and scope of the present invention, which is set forth in the following claims.