0
0
mirror of https://github.com/ezyang/htmlpurifier.git synced 2024-11-08 06:48:42 +00:00

Add a variableWidthAttack smoketest, and add analysis to some smoketests.

git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@294 48356398-32a2-884e-a903-53898d9a118a
This commit is contained in:
Edward Z. Yang 2006-08-17 23:36:35 +00:00
parent 66ddc4cc5a
commit af0de616ae
3 changed files with 83 additions and 4 deletions

View File

@ -1,4 +1,9 @@
<!DOCTYPE html
<?php
// there must not be a byte order mark
header('Content-type: text/html; charset=UTF-8');
?><!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
@ -27,5 +32,10 @@ $string = '
<?php echo $string; ?>
<h2>Purified</h2>
<?php echo $purifier->purify($string); ?>
<h2>Analysis</h2>
<p>The content in <strong>Raw</strong> should be equivalent to the content
in <strong>Purified</strong>. If <strong>Purified</strong> is mangled, there
is likely trouble a-brewing in the library. If
both are mangled, check to see that this file was not corrupted.</p>
</body>
</html>

View File

@ -0,0 +1,62 @@
<?php
header('Content-type: text/html; charset=UTF-8');
?><!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<title>HTMLPurifier Variable Width Attack Smoketest</title>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
</head>
<body>
<h1>HTMLPurifier Variable Width Attack Smoketest</h1>
<p>For more information, see
<a href="http://applesoup.googlepages.com/bypass_filter.txt">Cheng Peng Su's
original advisory.</a> This particular exploit code appears only to work
in Internet Explorer, if it works at all.</p>
<h2>Test</h2>
<?php
set_include_path('../library' . PATH_SEPARATOR . get_include_path());
require_once 'HTMLPurifier.php';
$purifier = new HTMLPurifier();
function escape($string) {
$string = htmlspecialchars($string, ENT_COMPAT, 'UTF-8');
$string = iconv('UTF-8', 'UTF-8//IGNORE', $string);
return $string;
}
?>
<table>
<thead><tr><th>ASCII</th><th width="30%">Raw</th><th>Output</th><th>Render</th></tr></thead>
<tbody>
<?php
for ($i = 0; $i < 256; $i++) {
$c = chr($i);
$html = '<img src="" alt="X' . $c . '"';
$html .= '>A"'; // in our out the attribute? ;-)
$html .= "onerror=alert('$i')>O";
$pure_html = $purifier->purify($html);
?>
<tr>
<td><?php echo $i; ?></td>
<td style="font-size:8pt;"><?php echo escape($html); ?></td>
<td style="font-size:8pt;"><?php echo escape($pure_html); ?></td>
<td><?php echo $pure_html; ?></td>
</tr>
<?php } ?>
</tbody>
</table>
<h2>Analysis</h2>
<p>This test currently passes the XSS aspect but fails the validation aspect
due to generalized encoding issues. An augmented UTF-8 smoketest is
pending, until then, consider this a pass.</p>
</body>
</html>

View File

@ -1,10 +1,14 @@
<!DOCTYPE html
<?php
header('Content-type: text/html; charset=UTF-8');
?><!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<title>HTMLPurifier XSS Attacks Smoketest</title>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<title>HTMLPurifier XSS Attacks Smoketest</title>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
</head>
<body>
<h1>HTMLPurifier XSS Attacks Smoketest</h1>
@ -13,6 +17,8 @@
<p>The last segment of tests regarding blacklisted websites is not
applicable at the moment, but when we add that functionality they'll be
relevant.</p>
<p>Most of the XSS broadcasts its presence by spawning an alert dialogue.</p>
<h2>Test</h2>
<?php
if (version_compare(PHP_VERSION, '5', '<')) exit('<p>Requires PHP 5.</p>');
@ -24,6 +30,7 @@ $xml = simplexml_load_file('xssAttacks.xml');
$purifier = new HTMLPurifier();
?>
<!-- form is used so that we can use textareas and stay valid -->
<form method="post" action="xssAttacks.php">
<table>
<thead><tr><th>Name</th><th width="30%">Raw</th><th>Output</th><th>Render</th></tr></thead>