[or-cvs] r15834: Update tags with some interesting ones from http://ha.ckers. (torflow/branches/gsoc2008)
mikeperry at seul.org
mikeperry at seul.org
Fri Jul 11 10:26:25 UTC 2008
Author: mikeperry
Date: 2008-07-11 06:26:24 -0400 (Fri, 11 Jul 2008)
New Revision: 15834
Modified:
torflow/branches/gsoc2008/soat.py
Log:
Update tags with some interesting ones from
http://ha.ckers.org/xss.html. Hopefully 'body' doesn't cause
too many false positives...
Modified: torflow/branches/gsoc2008/soat.py
===================================================================
--- torflow/branches/gsoc2008/soat.py 2008-07-11 09:30:16 UTC (rev 15833)
+++ torflow/branches/gsoc2008/soat.py 2008-07-11 10:26:24 UTC (rev 15834)
@@ -71,9 +71,11 @@
]
# tags and attributes to check in the http test: XXX these should be reviewed
-
-tags_to_check = ['a', 'area', 'base', 'applet', 'embed', 'form', 'frame',
- 'iframe', 'img', 'link', 'object', 'script']
+# See also: http://ha.ckers.org/xss.html
+# Note: the more we add, the greater the potential for false positives...
+# We also only care about the ones that work for FF2/FF3.
+tags_to_check = ['a', 'area', 'base', 'applet', 'embed', 'form', 'frame',
+ 'iframe', 'img', 'link', 'object', 'script', 'meta', 'body']
attrs_to_check = ['onclick', 'ondblclick', 'onmousedown', 'onmouseup', 'onmouseover',
'onmousemove', 'onmouseout', 'onkeypress','onkeydown','onkeyup']
#
More information about the tor-commits
mailing list