xss-test-gem 0.2.0 → 0.2.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.


This version of xss-test-gem might be problematic. Click here for more details.

Files changed (2) hide show
  1. checksums.yaml +2 -2
  2. metadata +13 -10
checksums.yaml CHANGED
@@ -1,4 +1,4 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: b0e5d2fb7afd310e8e8a6f479c45e983daff6d46414b58ee9f6952cdd6f6e395
4
- data.tar.gz: 210ace3c6951aac4fd2c1ab819a10d7038f0b2be9a573a400bc4e59b97da4fa9
3
+ metadata.gz: ba000cbf3a59b9d53568043786511f8c0ebdd84abfe2a9d5d952d8a87cae19da
4
+ data.tar.gz: d06b809acfabed1d55da99ef8460fc3524e89e2e01695832488cee2ad3e31412
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: xss-test-gem
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.2.0
4
+ version: 0.2.3
5
5
  platform: ruby
6
6
  authors:
7
7
  - Testing Buffalo
@@ -9,18 +9,21 @@ email: testingbuffalo@apexblack.org
9
9
  homepage: https://rubygems.org/gems/xss-test-gem
10
10
  licenses:
11
11
  - MIT
12
- summary: Raw HTML passthrough test
12
+ summary: Protocol handling tests
13
13
  description: |
14
- == Raw HTML Passthrough Test
14
+ == Protocol Handling Tests
15
15
 
16
- <form action="https://github.com/login/oauth/authorize" method="GET">
17
- <input type="hidden" name="client_id" value="test">
18
- <input type="submit" value="Authorize">
19
- </form>
16
+ Bare data URL: data:image/svg+xml,<svg onload=alert(1)></svg>
20
17
 
21
- <script>alert(1)</script>
22
- <iframe src="https://evil.com"></iframe>
23
- <style>body{background:red}</style>
18
+ Bare FTP URL: ftp://evil.com/malware.exe
19
+
20
+ Bare file URL: file:///etc/passwd
21
+
22
+ Bare javascript URL: javascript:alert(1)
23
+
24
+ Image with data src: <img src="data:image/svg+xml,<svg onload=alert(1)>">
25
+
26
+ HTML img: <img src="https://evil.com/x.jpg">
24
27
 
25
28
  required_ruby_version: !ruby/object:Gem::Requirement
26
29
  requirements: