mirror of
https://github.com/ezyang/htmlpurifier.git
synced 2024-09-19 10:45:18 +00:00
[1.2.0] XSS attacks smoketest given facelift.
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@516 48356398-32a2-884e-a903-53898d9a118a
This commit is contained in:
Edward Z. Yang
parent
9668ac1e38
commit
e1b29d7c25
1
NEWS
1
NEWS
@ -11,6 +11,7 @@ NEWS ( CHANGELOG and HISTORY ) HTMLPurifier
|
||||
1.2.0, unknown projected release date
|
||||
! Added MODx plugin <http://modxcms.com/forums/index.php/topic,6604.0.html>
|
||||
! Added percent encoding normalization
|
||||
! XSS attacks smoketest given facelift
|
||||
- Documentation updated
|
||||
+ TODO added request Phalanger
|
||||
+ TODO added request Native compression
|
||||
|
||||
@ -2,6 +2,19 @@
|
||||
|
||||
require_once('common.php');
|
||||
|
||||
function formatCode($string) {
|
||||
return
|
||||
str_replace(
|
||||
array("\t", '»', '\0(null)'),
|
||||
array('<strong>\t</strong>', '<span class="linebreak">»</span>', '<strong>\0</strong>'),
|
||||
escapeHTML(
|
||||
str_replace("\0", '\0(null)',
|
||||
wordwrap($string, 28, " »\n", true)
|
||||
)
|
||||
)
|
||||
);
|
||||
}
|
||||
|
||||
?><!DOCTYPE html
|
||||
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
|
||||
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
|
||||
@ -9,15 +22,26 @@ require_once('common.php');
|
||||
<head>
|
||||
<title>HTMLPurifier XSS Attacks Smoketest</title>
|
||||
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
|
||||
<style type="text/css">
|
||||
.scroll {overflow:auto; width:100%;}
|
||||
.even {background:#EAEAEA;}
|
||||
thead th {border-bottom:1px solid #000;}
|
||||
pre strong {color:#00C;}
|
||||
pre .linebreak {color:#AAA;font-weight:100;}
|
||||
</style>
|
||||
</head>
|
||||
<body>
|
||||
<h1>HTMLPurifier XSS Attacks Smoketest</h1>
|
||||
<p>XSS attacks are from
|
||||
<a href="http://ha.ckers.org/xss.html">http://ha.ckers.org/xss.html</a>.</p>
|
||||
<p>The last segment of tests regarding blacklisted websites is not
|
||||
<p><strong>Caveats:</strong>
|
||||
The last segment of tests regarding blacklisted websites is not
|
||||
applicable at the moment, but when we add that functionality they'll be
|
||||
relevant.</p>
|
||||
<p>Most of the XSS broadcasts its presence by spawning an alert dialogue.</p>
|
||||
relevant. Most XSS broadcasts its presence by spawning an alert dialogue.
|
||||
The displayed code is not strictly correct, as linebreaks have been forced for
|
||||
readability. Linewraps have been marked with <tt>»</tt>. Some tests are
|
||||
omitted for your convenience. Not all control characters are displayed.</p>
|
||||
|
||||
<h2>Test</h2>
|
||||
<?php
|
||||
|
||||
@ -27,24 +51,35 @@ $xml = simplexml_load_file('xssAttacks.xml');
|
||||
$purifier = new HTMLPurifier();
|
||||
|
||||
?>
|
||||
<!-- form is used so that we can use textareas and stay valid -->
|
||||
<form method="post" action="xssAttacks.php">
|
||||
<table>
|
||||
<table cellspacing="0" cellpadding="2">
|
||||
<thead><tr><th>Name</th><th width="30%">Raw</th><th>Output</th><th>Render</th></tr></thead>
|
||||
<tbody>
|
||||
<?php
|
||||
|
||||
$i = 0;
|
||||
foreach ($xml->attack as $attack) {
|
||||
$code = $attack->code;
|
||||
|
||||
// custom code for null byte injection tests
|
||||
if (substr($code, 0, 7) == 'perl -e') {
|
||||
$code = substr($code, $i=strpos($code, '"')+1, strrpos($code, '"') - $i);
|
||||
$code = str_replace('\0', "\0", $code);
|
||||
}
|
||||
|
||||
// disable vectors we cannot test in any meaningful way
|
||||
if ($code == 'See Below') continue; // event handlers, whitelist defeats
|
||||
if ($attack->name == 'OBJECT w/Flash 2') continue; // requires ActionScript
|
||||
if ($attack->name == 'IMG Embedded commands 2') continue; // is an HTTP response
|
||||
|
||||
// custom code for US-ASCII, which couldn't be expressed in XML without encoding
|
||||
if ($attack->name == 'US-ASCII encoding') $code = urldecode($code);
|
||||
?>
|
||||
<tr>
|
||||
<tr<?php if ($i++ % 2) {echo ' class="even"';} ?>>
|
||||
<td><?php echo escapeHTML($attack->name); ?></td>
|
||||
<td><textarea readonly="readonly" cols="20" rows="2"><?php echo escapeHTML($code); ?></textarea></td>
|
||||
<td><pre><?php echo formatCode($code); ?></pre></td>
|
||||
<?php $pure_html = $purifier->purify($code); ?>
|
||||
<td><textarea readonly="readonly" cols="20" rows="2"><?php echo escapeHTML($pure_html); ?></textarea></td>
|
||||
<td><?php echo $pure_html ?></td>
|
||||
<td><pre><?php echo formatCode($pure_html); ?></pre></td>
|
||||
<td><div class="scroll"><?php echo $pure_html ?></div></td>
|
||||
</tr>
|
||||
<?php
|
||||
}
|
||||
@ -52,6 +87,5 @@ foreach ($xml->attack as $attack) {
|
||||
?>
|
||||
</tbody>
|
||||
</table>
|
||||
</form>
|
||||
</body>
|
||||
</html>
|
||||
Loading…
Reference in New Issue
Block a user