xss-test-gem 0.2.0 → 0.2.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (2) hide show
  1. checksums.yaml +2 -2
  2. metadata +9 -10
checksums.yaml CHANGED
@@ -1,4 +1,4 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: b0e5d2fb7afd310e8e8a6f479c45e983daff6d46414b58ee9f6952cdd6f6e395
4
- data.tar.gz: 210ace3c6951aac4fd2c1ab819a10d7038f0b2be9a573a400bc4e59b97da4fa9
3
+ metadata.gz: ca5a5516789f01aed293fa6a4d4f486a6169962194a7863964eb4ac5720a5adf
4
+ data.tar.gz: c1132c93d805239179d09906c7ab5a5522813bd8f3f51f2dcf6519b5091d66ec
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: xss-test-gem
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.2.0
4
+ version: 0.2.2
5
5
  platform: ruby
6
6
  authors:
7
7
  - Testing Buffalo
@@ -9,18 +9,17 @@ email: testingbuffalo@apexblack.org
9
9
  homepage: https://rubygems.org/gems/xss-test-gem
10
10
  licenses:
11
11
  - MIT
12
- summary: Raw HTML passthrough test
12
+ summary: Data URI tests
13
13
  description: |
14
- == Raw HTML Passthrough Test
14
+ == Data URI and Protocol Tests
15
15
 
16
- <form action="https://github.com/login/oauth/authorize" method="GET">
17
- <input type="hidden" name="client_id" value="test">
18
- <input type="submit" value="Authorize">
19
- </form>
16
+ Data URI image: {image}[data:image/svg+xml,<svg xmlns="http://www.w3.org/2000/svg" onload="alert(1)"></svg>]
20
17
 
21
- <script>alert(1)</script>
22
- <iframe src="https://evil.com"></iframe>
23
- <style>body{background:red}</style>
18
+ SVG data URI: {image}[data:image/svg+xml;base64,PHN2ZyBvbmxvYWQ9YWxlcnQoMSk+PC9zdmc+]
19
+
20
+ FTP image: {image}[ftp://evil.com/test.jpg]
21
+
22
+ File protocol: {image}[file:///etc/passwd]
24
23
 
25
24
  required_ruby_version: !ruby/object:Gem::Requirement
26
25
  requirements: