aboutsummaryrefslogtreecommitdiffstats
path: root/lib/htmlpurifier/smoketests/xssAttacks.php
diff options
context:
space:
mode:
Diffstat (limited to 'lib/htmlpurifier/smoketests/xssAttacks.php')
-rw-r--r--lib/htmlpurifier/smoketests/xssAttacks.php99
1 files changed, 0 insertions, 99 deletions
diff --git a/lib/htmlpurifier/smoketests/xssAttacks.php b/lib/htmlpurifier/smoketests/xssAttacks.php
deleted file mode 100644
index 2a4dd5e6e..000000000
--- a/lib/htmlpurifier/smoketests/xssAttacks.php
+++ /dev/null
@@ -1,99 +0,0 @@
-<?php
-
-require_once('common.php');
-
-function formatCode($string) {
- return
- str_replace(
- array("\t", '»', '\0(null)'),
- array('<strong>\t</strong>', '<span class="linebreak">»</span>', '<strong>\0</strong>'),
- escapeHTML(
- str_replace("\0", '\0(null)',
- wordwrap($string, 28, " »\n", true)
- )
- )
- );
-}
-
-?><!DOCTYPE html
- PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
- "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html>
-<head>
- <title>HTML Purifier XSS Attacks Smoketest</title>
- <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
- <style type="text/css">
- .scroll {overflow:auto; width:100%;}
- .even {background:#EAEAEA;}
- thead th {border-bottom:1px solid #000;}
- pre strong {color:#00C;}
- pre .linebreak {color:#AAA;font-weight:100;}
- </style>
-</head>
-<body>
-<h1>HTML Purifier XSS Attacks Smoketest</h1>
-<p>XSS attacks are from
-<a href="http://ha.ckers.org/xss.html">http://ha.ckers.org/xss.html</a>.</p>
-<p><strong>Caveats:</strong>
-<tt>Google.com</tt> has been programatically disallowed, but as you can
-see, there are ways of getting around that, so coverage in this area
-is not complete. Most XSS broadcasts its presence by spawning an alert dialogue.
-The displayed code is not strictly correct, as linebreaks have been forced for
-readability. Linewraps have been marked with <tt>»</tt>. Some tests are
-omitted for your convenience. Not all control characters are displayed.</p>
-
-<h2>Test</h2>
-<?php
-
-if (version_compare(PHP_VERSION, '5', '<')) exit('<p>Requires PHP 5.</p>');
-
-$xml = simplexml_load_file('xssAttacks.xml');
-
-// programatically disallow google.com for URI evasion tests
-// not complete
-$config = HTMLPurifier_Config::createDefault();
-$config->set('URI.HostBlacklist', array('google.com'));
-$purifier = new HTMLPurifier($config);
-
-?>
-<table cellspacing="0" cellpadding="2">
-<thead><tr><th>Name</th><th width="30%">Raw</th><th>Output</th><th>Render</th></tr></thead>
-<tbody>
-<?php
-
-$i = 0;
-foreach ($xml->attack as $attack) {
- $code = $attack->code;
-
- // custom code for null byte injection tests
- if (substr($code, 0, 7) == 'perl -e') {
- $code = substr($code, $i=strpos($code, '"')+1, strrpos($code, '"') - $i);
- $code = str_replace('\0', "\0", $code);
- }
-
- // disable vectors we cannot test in any meaningful way
- if ($code == 'See Below') continue; // event handlers, whitelist defeats
- if ($attack->name == 'OBJECT w/Flash 2') continue; // requires ActionScript
- if ($attack->name == 'IMG Embedded commands 2') continue; // is an HTTP response
-
- // custom code for US-ASCII, which couldn't be expressed in XML without encoding
- if ($attack->name == 'US-ASCII encoding') $code = urldecode($code);
-?>
- <tr<?php if ($i++ % 2) {echo ' class="even"';} ?>>
- <td><?php echo escapeHTML($attack->name); ?></td>
- <td><pre><?php echo formatCode($code); ?></pre></td>
- <?php $pure_html = $purifier->purify($code); ?>
- <td><pre><?php echo formatCode($pure_html); ?></pre></td>
- <td><div class="scroll"><?php echo $pure_html ?></div></td>
- </tr>
-<?php
-}
-
-?>
-</tbody>
-</table>
-</body>
-</html>
-<?php
-
-// vim: et sw=4 sts=4