xsshunter-express icon indicating copy to clipboard operation
xsshunter-express copied to clipboard

Published 20 hours ago verified publisher icon mandatoryprogrammer

Collected Pages - Download Raw HTML truncated

Open Techbrunch opened this issue 4 years ago • 1 comments

For some reasons the download file is truncated but we can see the full page when using View Raw HTML in new Tab.

I'll see if I can create a pull request when I have the time.

Techbrunch avatar Jun 21 '21 12:06 Techbrunch

It is because of the presence of '#' character in the HTML. The '#' represents a fragment identifier in HTML. In the file: https://github.com/mandatoryprogrammer/xsshunter-express/blob/main/front-end/src/pages/CollectedPages.vue specifically in line: 106 there is a function 'download_html'


download_html(input_html) {
            const link = document.createElement('a');
            link.href = `data:text/html,${input_html}`;
            link.download = 'xss-page-contents.html';
            link.click();
        },

When constructing a data: the URL with '#', everything after the '#' is treated as a fragment, which explains why the content gets truncated.

To solve this you can encode the HTML content properly using encodeURIComponent(), which will ensure that all special characters, including #, are treated correctly.

Solution:

download_html(input_html) {
     const encodedHtml = encodeURIComponent(input_html);
     const link = document.createElement('a');
     link.href = `data:text/html,${encodedHtml}`;
     link.download = 'xss-page-contents.html';
     link.click();
}

4ag2 avatar Sep 05 '24 09:09 4ag2