search

neraliu / tainted-phantomjs

Tainted PhantomJS
BSD 3-Clause "New" or "Revised" License
53 stars 12 forks source link

unexpected value of tainted numbers found #12

Closed neraliu closed 10 years ago

neraliu commented 10 years ago

during the execution of detection, some large number of tainted numbers are reported, it is unexpected value, need to investigate the root cause (in 64 bit branch)

./bin/phantomjs scripts/domxss_epitome.js 'http://todomvc.com/labs/architecture-examples/epitome/#!/'

[Fri, 11 Apr 2014 06:17:32 GMT] [TPJS] [CONSOLE] [TRACE] propagate,268041968,stringProtoFuncReplace,String.replace,function() [Fri, 11 Apr 2014 06:17:32 GMT] [TPJS] [CONSOLE] [TRACE] propagate,268041968,JSString,constructor,function()); [Fri, 11 Apr 2014 06:17:32 GMT] [TPJS] [CONSOLE] [TRACE] propagate,72764592,stringProtoFuncReplace,String.replace,function() [Fri, 11 Apr 2014 06:17:32 GMT] [TPJS] [CONSOLE] [TRACE] propagate,72764592,JSString,constructor,function());

neraliu commented 10 years ago

fixed in the latest development branch https://github.com/neraliu/tpjs/commit/b5201f6d955bf49e0e7bf6279e763cc29cb74f4a