rayantony / html5security

Automatically exported from code.google.com/p/html5security
0 stars 0 forks source link

Add a field to the JSON format to exemplify how to automatically trigger the exploit. #7

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago
So for example #1:

        'data'       : '<form id="test"></form><button form="test" formaction="%js_uri_alert%">X</button>',

Would now have:

        'data'       : '<form id="test"></form><button form="test" formaction="%js_uri_alert%">X</button>',
        'trigger'    : 'document.getElementsByTagName("button")[0].click()'

So if we wanted to automate verification of this exploits and on what browsers 
it's exploitable, it would be easy.

Also, it would be useful to remove the comments:
/* ID 1 - XSS via formaction - requiring user interaction (1) */

As they are redundant, and force us to manually edit the JSON file (eg, if it's 
modified, it can't be trivially automatically generated, but that's not such an 
important feature.

Original issue reported on code.google.com by evn@google.com on 25 Jun 2012 at 6:54

GoogleCodeExporter commented 9 years ago
Closed by #8

Original comment by Mario.He...@googlemail.com on 26 Jun 2012 at 6:45