backup/EWF
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Moved XSS protection to WSF_EXTENSION.

Browse Source 
Updated code to protect meta_variables.
Fixed typos.
Updated ecf's to use 1-16-0.
This commit is contained in:
jvelilla
2017-11-13 15:06:02 -03:00
parent 25446cac12 5fedad7f2e
commit 8b90241986
10 changed files with 114 additions and 46 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
library/server/wsf/tests/src/test_xss_patterns.e
View File

@@ -97,8 +97,8 @@ alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//--
r.match (s)
assert ("No quotes and no semicolon", r.has_matched)
end
test_case_insensitive_xss_vector
local
r: REGULAR_EXPRESSION
@@ -168,7 +168,7 @@ alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//--
r.match (s)
assert ("Malformed A tags", r.has_matched)
end
test_malformed_img
local
@@ -196,7 +196,7 @@ alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//--
r.match (s)
assert ("fromCharCode", r.has_matched)
end
test_default_src_tag
local
@@ -246,6 +246,6 @@ alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//--
feature {NONE} -- Implementation
xss_pattern: WSF_XSS_PROTECTION_PATTERNS
xss_pattern: WSF_PROTECTION_PATTERNS
end

3
library/server/wsf/tests/tests.ecf
View File

@@ -1,5 +1,5 @@
<?xml version="1.0" encoding="ISO-8859-1"?>
<system xmlns="http://www.eiffel.com/developers/xml/configuration-1-17-0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.eiffel.com/developers/xml/configuration-1-17-0 http://www.eiffel.com/developers/xml/configuration-1-17-0.xsd" name="wsf_tests" uuid="C4FF9CDA-B4E4-4841-97E0-7F799B85B657">
<system xmlns="http://www.eiffel.com/developers/xml/configuration-1-16-0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.eiffel.com/developers/xml/configuration-1-16-0 http://www.eiffel.com/developers/xml/configuration-1-16-0.xsd" name="wsf_tests" uuid="C4FF9CDA-B4E4-4841-97E0-7F799B85B657">
<target name="server">
<root class="TEST" feature="make"/>
<file_rule>
@@ -28,6 +28,7 @@
<assertions precondition="true" postcondition="true" check="true" supplier_precondition="true"/>
</option>
</library>
<library name="wsf_extension" location="..\wsf_extension.ecf" readonly="false"/>
<library name="wsf_standalone" location="..\..\wsf\connector\standalone.ecf" readonly="false"/>
<cluster name="server" location=".\server\" recursive="true"/>
</target>