backup/EWF
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Moved XSS protection to WSF_EXTENSION.

Browse Source 
Updated code to protect meta_variables.
Fixed typos.
Updated ecf's to use 1-16-0.
This commit is contained in:
jvelilla
2017-11-13 15:06:02 -03:00
parent 25446cac12 5fedad7f2e
commit 8b90241986
10 changed files with 114 additions and 46 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
library/server/wsf/tests/src/test_xss_patterns.e
View File

@@ -97,8 +97,8 @@ alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//--
r.match (s)
assert ("No quotes and no semicolon", r.has_matched)
end
test_case_insensitive_xss_vector
local
r: REGULAR_EXPRESSION
@@ -168,7 +168,7 @@ alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//--
r.match (s)
assert ("Malformed A tags", r.has_matched)
end
test_malformed_img
local
@@ -196,7 +196,7 @@ alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//--
r.match (s)
assert ("fromCharCode", r.has_matched)
end
test_default_src_tag
local
@@ -246,6 +246,6 @@ alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//--
feature {NONE} -- Implementation
xss_pattern: WSF_XSS_PROTECTION_PATTERNS
xss_pattern: WSF_PROTECTION_PATTERNS
end