mirrors/htmlpurifier
0
0
Fork 0
mirror of https://github.com/ezyang/htmlpurifier.git synced 2025-01-08 23:11:52 +00:00
Code Releases Activity
b63b0be21f
htmlpurifier/smoketests/xssAttacks.php
Edward Z. Yang 73a1e31fad [1.3.0] Added spiffy new smoketest printDefinition.php, which lets you twiddle with the configuration settings and see how the internal rules are affected. (currently only complete for HTMLDefinition). 
- HTMLPurifier -> HTML Purifier
. HTMLPurifier_Config->getBatch($namespace) added
. More lenient casting to bool from string in HTMLPurifier_ConfigSchema
. <?xml ... tags added to all smoketests

git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@578 48356398-32a2-884e-a903-53898d9a118a
2006-11-24 06:26:02 +00:00

91 lines
3.0 KiB
PHP
Raw Blame History

<?php
require_once('common.php');
function formatCode($string) {
return
str_replace(
array("\t", '»', '\0(null)'),
array('<strong>\t</strong>', '<span class="linebreak">»</span>', '<strong>\0</strong>'),
escapeHTML(
str_replace("\0", '\0(null)',
wordwrap($string, 28, " »\n", true)
)
)
);
}
?><!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<title>HTML Purifier XSS Attacks Smoketest</title>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<style type="text/css">
.scroll {overflow:auto; width:100%;}
.even {background:#EAEAEA;}
thead th {border-bottom:1px solid #000;}
pre strong {color:#00C;}
pre .linebreak {color:#AAA;font-weight:100;}
</style>
</head>
<body>
<h1>HTML Purifier XSS Attacks Smoketest</h1>
<p>XSS attacks are from
<a href="http://ha.ckers.org/xss.html">http://ha.ckers.org/xss.html</a>.</p>
<p><strong>Caveats:</strong>
The last segment of tests regarding blacklisted websites is not
applicable at the moment, but when we add that functionality they'll be
relevant. Most XSS broadcasts its presence by spawning an alert dialogue.
The displayed code is not strictly correct, as linebreaks have been forced for
readability. Linewraps have been marked with <tt>»</tt>. Some tests are
omitted for your convenience. Not all control characters are displayed.</p>
<h2>Test</h2>
<?php
if (version_compare(PHP_VERSION, '5', '<')) exit('<p>Requires PHP 5.</p>');
$xml = simplexml_load_file('xssAttacks.xml');
$purifier = new HTMLPurifier();
?>
<table cellspacing="0" cellpadding="2">
<thead><tr><th>Name</th><th width="30%">Raw</th><th>Output</th><th>Render</th></tr></thead>
<tbody>
<?php
$i = 0;
foreach ($xml->attack as $attack) {
$code = $attack->code;
// custom code for null byte injection tests
if (substr($code, 0, 7) == 'perl -e') {
$code = substr($code, $i=strpos($code, '"')+1, strrpos($code, '"') - $i);
$code = str_replace('\0', "\0", $code);
}
// disable vectors we cannot test in any meaningful way
if ($code == 'See Below') continue; // event handlers, whitelist defeats
if ($attack->name == 'OBJECT w/Flash 2') continue; // requires ActionScript
if ($attack->name == 'IMG Embedded commands 2') continue; // is an HTTP response
// custom code for US-ASCII, which couldn't be expressed in XML without encoding
if ($attack->name == 'US-ASCII encoding') $code = urldecode($code);
?>
<tr<?php if ($i++ % 2) {echo ' class="even"';} ?>>
<td><?php echo escapeHTML($attack->name); ?></td>
<td><pre><?php echo formatCode($code); ?></pre></td>
<?php $pure_html = $purifier->purify($code); ?>
<td><pre><?php echo formatCode($pure_html); ?></pre></td>
<td><div class="scroll"><?php echo $pure_html ?></div></td>
</tr>
<?php
}
?>
</tbody>
</table>
</body>
</html>
View Git Blame Copy Permalink