| CPC G06F 21/53 (2013.01) [G06F 9/547 (2013.01); G06F 2221/033 (2013.01)] | 20 Claims |
|
1. A system, comprising:
at least one processor and a memory configured to execute a web browser, the web browser configured to:
embed an insecure web application within a host web application, wherein the insecure web application comprises one or more accesses to an application back-end, wherein the insecure web application requires Content Security Policy (CSP) rules excluded from the host web application to allow the one or more accesses to the application back-end, and wherein to embed the insecure web application the web browser is configured to load the insecure web application in a sandboxed iframe to create a sandboxed security zone for the insecure web application different from a host security zone for the host web application;
submit, to the host web application by the wrapped insecure application via a Remote Procedure Call (RPC) interface, a request to perform an operation, wherein the operation cannot be performed within the sandboxed security zone; and
perform the requested operation by the host web application in compliance with the strict security policy in the host security zone.
|