pauljt
commented
10 years ago Scanjs supports multiple rule files now. So I read this issue as "Create a rules file for revewing juery apps "
Closed pwnetrationguru closed 10 years ago
pauljt
commented
10 years ago Scanjs supports multiple rule files now. So I read this issue as "Create a rules file for revewing juery apps "
pauljt
commented
10 years ago So yes, now that read your whole comment, the answer to your question is "create a jquery JSON ruleset" :)
pwnetrationguru
commented
10 years ago Cool! Will do :)
mozfreddyb
commented
10 years ago Thanks for raising this @pwnetrationguru!
A first stab at this could just bake the entries from the DOM XSS Wiki into a rules file. The last update on the wiki page is from January, so it might be worthwhile to look into the jQuery API for a second iteration.
So I've been using ScanJS, and its been really awesome! I did notice that things like
jQuery.html()aren't flagged since we really didn't care to much about jQuery stuffs.I'd be happy to start finding the functions and start working on a PR, but I wanted to get some feedback from @mozfreddyb and @pauljt about whether we would merge that in or if I would just be better off using a custom defined JSON ruleset and uploading it. :)