Export to GitHub

html5security - issue #7

Add a field to the JSON format to exemplify how to automatically trigger the exploit.

Posted on Jun 25, 2012 by Happy Lion

So for example #1:

    'data'       : '&lt;form id=&quot;test&quot;&gt;&lt;/form&gt;&lt;button form=&quot;test&quot; formaction=&quot;%js_uri_alert%&quot;&gt;X&lt;/button&gt;',

Would now have:

    'data'       : '&lt;form id=&quot;test&quot;&gt;&lt;/form&gt;&lt;button form=&quot;test&quot; formaction=&quot;%js_uri_alert%&quot;&gt;X&lt;/button&gt;',
    'trigger'    : 'document.getElementsByTagName(&quot;button&quot;)[0].click()'

So if we wanted to automate verification of this exploits and on what browsers it's exploitable, it would be easy.

Also, it would be useful to remove the comments: /* ID 1 - XSS via formaction - requiring user interaction (1) */

As they are redundant, and force us to manually edit the JSON file (eg, if it's modified, it can't be trivially automatically generated, but that's not such an important feature.

Comment #1

Posted on Jun 26, 2012 by Massive Lion

Closed by #8

Status: Fixed

Labels:
Type-Defect Priority-Medium

Code

Archive

html5security - issue #7

Comment #1