mirror of
https://github.com/ezyang/htmlpurifier.git
synced 2024-11-09 15:28:40 +00:00
Add a variableWidthAttack smoketest, and add analysis to some smoketests.
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@294 48356398-32a2-884e-a903-53898d9a118a
This commit is contained in:
parent
66ddc4cc5a
commit
af0de616ae
@ -1,4 +1,9 @@
|
||||
<!DOCTYPE html
|
||||
<?php
|
||||
|
||||
// there must not be a byte order mark
|
||||
header('Content-type: text/html; charset=UTF-8');
|
||||
|
||||
?><!DOCTYPE html
|
||||
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
|
||||
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
|
||||
<html>
|
||||
@ -27,5 +32,10 @@ $string = '
|
||||
<?php echo $string; ?>
|
||||
<h2>Purified</h2>
|
||||
<?php echo $purifier->purify($string); ?>
|
||||
<h2>Analysis</h2>
|
||||
<p>The content in <strong>Raw</strong> should be equivalent to the content
|
||||
in <strong>Purified</strong>. If <strong>Purified</strong> is mangled, there
|
||||
is likely trouble a-brewing in the library. If
|
||||
both are mangled, check to see that this file was not corrupted.</p>
|
||||
</body>
|
||||
</html>
|
62
smoketests/variableWidthAttack.php
Normal file
62
smoketests/variableWidthAttack.php
Normal file
@ -0,0 +1,62 @@
|
||||
<?php
|
||||
|
||||
header('Content-type: text/html; charset=UTF-8');
|
||||
|
||||
?><!DOCTYPE html
|
||||
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
|
||||
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
|
||||
<html>
|
||||
<head>
|
||||
<title>HTMLPurifier Variable Width Attack Smoketest</title>
|
||||
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
|
||||
</head>
|
||||
<body>
|
||||
<h1>HTMLPurifier Variable Width Attack Smoketest</h1>
|
||||
<p>For more information, see
|
||||
<a href="http://applesoup.googlepages.com/bypass_filter.txt">Cheng Peng Su's
|
||||
original advisory.</a> This particular exploit code appears only to work
|
||||
in Internet Explorer, if it works at all.</p>
|
||||
<h2>Test</h2>
|
||||
<?php
|
||||
|
||||
set_include_path('../library' . PATH_SEPARATOR . get_include_path());
|
||||
require_once 'HTMLPurifier.php';
|
||||
$purifier = new HTMLPurifier();
|
||||
|
||||
function escape($string) {
|
||||
$string = htmlspecialchars($string, ENT_COMPAT, 'UTF-8');
|
||||
$string = iconv('UTF-8', 'UTF-8//IGNORE', $string);
|
||||
return $string;
|
||||
}
|
||||
|
||||
?>
|
||||
<table>
|
||||
<thead><tr><th>ASCII</th><th width="30%">Raw</th><th>Output</th><th>Render</th></tr></thead>
|
||||
<tbody>
|
||||
<?php
|
||||
|
||||
for ($i = 0; $i < 256; $i++) {
|
||||
$c = chr($i);
|
||||
$html = '<img src="" alt="X' . $c . '"';
|
||||
$html .= '>A"'; // in our out the attribute? ;-)
|
||||
$html .= "onerror=alert('$i')>O";
|
||||
$pure_html = $purifier->purify($html);
|
||||
?>
|
||||
<tr>
|
||||
<td><?php echo $i; ?></td>
|
||||
<td style="font-size:8pt;"><?php echo escape($html); ?></td>
|
||||
<td style="font-size:8pt;"><?php echo escape($pure_html); ?></td>
|
||||
<td><?php echo $pure_html; ?></td>
|
||||
</tr>
|
||||
<?php } ?>
|
||||
</tbody>
|
||||
</table>
|
||||
|
||||
<h2>Analysis</h2>
|
||||
|
||||
<p>This test currently passes the XSS aspect but fails the validation aspect
|
||||
due to generalized encoding issues. An augmented UTF-8 smoketest is
|
||||
pending, until then, consider this a pass.</p>
|
||||
|
||||
</body>
|
||||
</html>
|
@ -1,10 +1,14 @@
|
||||
<!DOCTYPE html
|
||||
<?php
|
||||
|
||||
header('Content-type: text/html; charset=UTF-8');
|
||||
|
||||
?><!DOCTYPE html
|
||||
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
|
||||
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
|
||||
<html>
|
||||
<head>
|
||||
<title>HTMLPurifier XSS Attacks Smoketest</title>
|
||||
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
|
||||
<title>HTMLPurifier XSS Attacks Smoketest</title>
|
||||
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
|
||||
</head>
|
||||
<body>
|
||||
<h1>HTMLPurifier XSS Attacks Smoketest</h1>
|
||||
@ -13,6 +17,8 @@
|
||||
<p>The last segment of tests regarding blacklisted websites is not
|
||||
applicable at the moment, but when we add that functionality they'll be
|
||||
relevant.</p>
|
||||
<p>Most of the XSS broadcasts its presence by spawning an alert dialogue.</p>
|
||||
<h2>Test</h2>
|
||||
<?php
|
||||
|
||||
if (version_compare(PHP_VERSION, '5', '<')) exit('<p>Requires PHP 5.</p>');
|
||||
@ -24,6 +30,7 @@ $xml = simplexml_load_file('xssAttacks.xml');
|
||||
$purifier = new HTMLPurifier();
|
||||
|
||||
?>
|
||||
<!-- form is used so that we can use textareas and stay valid -->
|
||||
<form method="post" action="xssAttacks.php">
|
||||
<table>
|
||||
<thead><tr><th>Name</th><th width="30%">Raw</th><th>Output</th><th>Render</th></tr></thead>
|
||||
|
Loading…
Reference in New Issue
Block a user