Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

XSS: reduce false positives on JavaScript GEHs (#151) #153

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

pmjdebruijn
Copy link

Directly adapted from Rainer Canavan code from #151

Still needs further code review

Directly adapted from Rainer Canavan code from client9#151
@pmjdebruijn
Copy link
Author

echo '<whatever oncancel="" ' | ./reader -x
stdin	1	True	<whatever oncancel=""

@pmjdebruijn
Copy link
Author

pmjdebruijn commented Dec 9, 2020

Before

echo 'whatever.com/onedrive.aspx?id=test' | ./reader -x
stdin	1	True	whatever.com/onedrive.aspx?id=test

After

echo 'whatever.com/onedrive.aspx?id=test' | ./reader -x
stdin	1	False	whatever.com/onedrive.aspx?id=test

@rcanavan
Copy link

I have obviously overooked the note Each of these interfaces can, of course, add more event handlers in addition to the ones listed below when I had taken the list of handlers from https://developer.mozilla.org/en-US/docs/Web/API/GlobalEventHandlers

To get more coverage, the additional handlers in HTMLElement, Document, Window as well as WorkerGlobalScope could be added:

--- src/libinjection_xss.c	2021-01-14 15:59:15.681657566 +0100
+++ src/libinjection_xss.c	2021-01-14 16:00:07.926165955 +0100
@@ -63,6 +63,53 @@
     , "ONTRANSITIONCANCEL"
     , "ONTRANSITIONEND"
     , "ONWHEEL"
+    , "ONCOPY"
+    , "ONCUT"
+    , "ONPASTE"
+    , "ONAFTERSCRIPTEXECUTE"
+    , "ONBEFORESCRIPTEXECUTE"
+    , "ONFULLSCREENCHANGE"
+    , "ONFULLSCREENERROR"
+    , "ONOFFLINE"
+    , "ONONLINE"
+    , "ONVISIBILITYCHANGE"
+    , "ONAFTERPRINT"
+    , "ONAPPINSTALLED"
+    , "ONBEFOREINSTALLPROMPT"
+    , "ONBEFOREPRINT"
+    , "ONBEFOREUNLOAD"
+    , "ONDEVICELIGHT"
+    , "ONDEVICEMOTION"
+    , "ONDEVICEORIENTATION"
+    , "ONDEVICEORIENTATIONABSOLUTE"
+    , "ONDEVICEPROXIMITY"
+    , "ONDRAGDROP"
+    , "ONGAMEPADCONNECTED"
+    , "ONGAMEPADDISCONNECTED"
+    , "ONHASHCHANGE"
+    , "ONLANGUAGECHANGE"
+    , "ONMESSAGE"
+    , "ONMESSAGEERROR"
+    , "ONMOZBEFOREPAINT"
+    , "ONPAINT"
+    , "ONPOPSTATE"
+    , "ONREJECTIONHANDLED"
+    , "ONSTORAGE"
+    , "ONUNHANDLEDREJECTION"
+    , "ONUNLOAD"
+    , "ONUSERPROXIMITY"
+    , "ONVRDISPLAYACTIVATE"
+    , "ONVRDISPLAYBLUR"
+    , "ONVRDISPLAYCONNECT"
+    , "ONVRDISPLAYDEACTIVATE"
+    , "ONVRDISPLAYDISCONNECT"
+    , "ONVRDISPLAYFOCUS"
+    , "ONVRDISPLAYPOINTERRESTRICTED"
+    , "ONVRDISPLAYPOINTERUNRESTRICTED"
+    , "ONVRDISPLAYPRESENTCHANGE"
+    , "ONLANGUAGECHANGE"
+    , "ONOFFLINE"
+    , "ONONLINE"
     , NULL
 };

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants