libinjection
libinjection copied to clipboard
Published
20 hours ago •
client9
client9
XSS: reduce false positives on JavaScript GEHs (#151)
Directly adapted from Rainer Canavan code from #151
Still needs further code review
echo '<whatever oncancel="" ' | ./reader -x
stdin 1 True <whatever oncancel=""
Before
echo 'whatever.com/onedrive.aspx?id=test' | ./reader -x
stdin 1 True whatever.com/onedrive.aspx?id=test
After
echo 'whatever.com/onedrive.aspx?id=test' | ./reader -x
stdin 1 False whatever.com/onedrive.aspx?id=test
I have obviously overooked the note Each of these interfaces can, of course, add more event handlers in addition to the ones listed below when I had taken the list of handlers from https://developer.mozilla.org/en-US/docs/Web/API/GlobalEventHandlers
To get more coverage, the additional handlers in HTMLElement, Document, Window as well as WorkerGlobalScope could be added:
--- src/libinjection_xss.c 2021-01-14 15:59:15.681657566 +0100
+++ src/libinjection_xss.c 2021-01-14 16:00:07.926165955 +0100
@@ -63,6 +63,53 @@
, "ONTRANSITIONCANCEL"
, "ONTRANSITIONEND"
, "ONWHEEL"
+ , "ONCOPY"
+ , "ONCUT"
+ , "ONPASTE"
+ , "ONAFTERSCRIPTEXECUTE"
+ , "ONBEFORESCRIPTEXECUTE"
+ , "ONFULLSCREENCHANGE"
+ , "ONFULLSCREENERROR"
+ , "ONOFFLINE"
+ , "ONONLINE"
+ , "ONVISIBILITYCHANGE"
+ , "ONAFTERPRINT"
+ , "ONAPPINSTALLED"
+ , "ONBEFOREINSTALLPROMPT"
+ , "ONBEFOREPRINT"
+ , "ONBEFOREUNLOAD"
+ , "ONDEVICELIGHT"
+ , "ONDEVICEMOTION"
+ , "ONDEVICEORIENTATION"
+ , "ONDEVICEORIENTATIONABSOLUTE"
+ , "ONDEVICEPROXIMITY"
+ , "ONDRAGDROP"
+ , "ONGAMEPADCONNECTED"
+ , "ONGAMEPADDISCONNECTED"
+ , "ONHASHCHANGE"
+ , "ONLANGUAGECHANGE"
+ , "ONMESSAGE"
+ , "ONMESSAGEERROR"
+ , "ONMOZBEFOREPAINT"
+ , "ONPAINT"
+ , "ONPOPSTATE"
+ , "ONREJECTIONHANDLED"
+ , "ONSTORAGE"
+ , "ONUNHANDLEDREJECTION"
+ , "ONUNLOAD"
+ , "ONUSERPROXIMITY"
+ , "ONVRDISPLAYACTIVATE"
+ , "ONVRDISPLAYBLUR"
+ , "ONVRDISPLAYCONNECT"
+ , "ONVRDISPLAYDEACTIVATE"
+ , "ONVRDISPLAYDISCONNECT"
+ , "ONVRDISPLAYFOCUS"
+ , "ONVRDISPLAYPOINTERRESTRICTED"
+ , "ONVRDISPLAYPOINTERUNRESTRICTED"
+ , "ONVRDISPLAYPRESENTCHANGE"
+ , "ONLANGUAGECHANGE"
+ , "ONOFFLINE"
+ , "ONONLINE"
, NULL
};
