Last active
December 23, 2019 00:55
-
-
Save Column01/5a7d7e593dfba363f274ccf7bddeb3a2 to your computer and use it in GitHub Desktop.
Recursion hard at work sanitizing user input for XSS methods. Try to break it if you can!
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<html> | |
<head> | |
<title>Simple login</title> | |
<script src="//ajax.googleapis.com/ajax/libs/jquery/2.1.1/jquery.min.js"> </script> | |
</head> | |
<body> | |
<script> | |
function validateForm() { | |
var form = document.forms['testform']; | |
console.log(form) | |
const script = /(script)/gmi; | |
// Take the user and pass from the form and run the anti XSS stuff | |
var user = stripXssMethods(form[0].value); | |
var pass = stripXssMethods(form[1].value); | |
stripErroredImages() | |
if(user && pass) { | |
console.log(user + " logged in with the password: " + pass) | |
document.getElementById("output").innerHTML = "Welcome, " + user + ". We are glad to see you!" | |
} else { | |
document.getElementById("output").innerHTML = "You must provide a username and password to login." | |
} | |
} | |
function stripScripts(s) { | |
var re = /(script)/gm; | |
w = s.replace(re, ""); | |
// Check if the string contains "script" and if it doesn't, return it. If it does, keep running until all are removed. | |
if (!re.test(s)){ | |
return s | |
} else { | |
return stripScripts(w) | |
} | |
} | |
function stripOnError(s) { | |
var re = /(onerror)/gm; | |
w = s.replace(re, ""); | |
if (!re.test(s)) { | |
return s | |
} else { | |
return stripOnError(w) | |
} | |
} | |
function stripXssMethods(s) { | |
var re = /(onerror)/gm; | |
// test for on error and if it is present, strip that first. If it isn't, strip the script tags first | |
if (re.test(s)) { | |
return stripScripts(stripOnError(s)) | |
} else { | |
return stripOnError(stripScripts(s)) | |
} | |
} | |
function stripErroredImages() { | |
$("img").error(function() { | |
// Get id of image | |
var id = $(this).attr('id'); | |
// Remove image | |
$(this).remove(); | |
// Remove title | |
$("#"+id+"title").empty(); | |
}); | |
} | |
</script> | |
<h1>Sample user login Form</h1> | |
<p id="output"></p> | |
<form id="testform"> | |
Username: <br /> | |
<input type="TEXT" id="user" size="40"> | |
<br /> | |
Password: <br /> | |
<input type="password" id="password" size="40"> | |
<br /> | |
<input type="button" id="btn" value="Submit" onclick="validateForm();"> | |
</form> | |
</body> | |
</html> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment