def is_executable(self): script_text = self.get_context_content() for js_context in get_js_context_iter(script_text, self.payload): # At least one of the contexts where the payload is echoed in the # script text needs to be executable if js_context.is_executable(): return True return False
def is_executable(self): script_text = self.get_context_content() for js_context in get_js_context_iter(script_text, self.payload): # At least one of the contexts where the payload is echoed in the # script text needs to be executable if js_context.is_executable(): return True return False
def can_break(self): # If we can break out of the context then we're done if super(ScriptText, self).can_break(): return True script_text = self.get_context_content() for js_context in get_js_context_iter(script_text, self.payload): # At least one of the contexts where the payload is echoed in the # script text needs to be escaped from if js_context.can_break(): return True return False
def can_break(self): # If we can break out of the context then we're done if super(ScriptText, self).can_break(): return True script_text = self.get_context_content() for js_context in get_js_context_iter(script_text, self.payload): # At least one of the contexts where the payload is echoed in the # script text needs to be escaped from if js_context.can_break(): return True return False
def is_executable_js_event(self): """ Handle cases like this: <h1 onmouseover="do_something(PAYLOAD)">This is a header</h1> """ if self.name not in JS_EVENTS: return False # Here I replace the javascript: at the beginning, which might not # be there (not required by browsers) but supported in some script_text = self.extract_code() # Delegate the can_break to the JavaScript parser for js_context in get_js_context_iter(script_text, self.payload): # At least one of the contexts where the payload is echoed in the # script text needs to be escaped from if js_context.is_executable(): return True return False
def is_executable_js_event(self): """ Handle cases like this: <h1 onmouseover="do_something(PAYLOAD)">This is a header</h1> """ if self.name not in JS_EVENTS: return False # Here I replace the javascript: at the beginning, which might not # be there (not required by browsers) but supported in some script_text = self.extract_code() # Delegate the can_break to the JavaScript parser for js_context in get_js_context_iter(script_text, self.payload): # At least one of the contexts where the payload is echoed in the # script text needs to be escaped from if js_context.is_executable(): return True return False
def is_executable_html_attr_with_js_protocol(self): """ Handle cases like this: <a href="javascript:do_something(PAYLOAD)">This is a link</a> """ if self.name not in EXECUTABLE_ATTRS: return False script_text = self.extract_code() if self.value == script_text: # We get here when the attribute value DOES NOT start with # javascript: return False # Delegate the is_executable to the JavaScript parser for js_context in get_js_context_iter(script_text, self.payload): # At least one of the contexts where the payload is echoed in the # script text needs to be escaped from if js_context.is_executable(): return True return False
def is_executable_html_attr_with_js_protocol(self): """ Handle cases like this: <a href="javascript:do_something(PAYLOAD)">This is a link</a> """ if self.name not in EXECUTABLE_ATTRS: return False script_text = self.extract_code() if self.value == script_text: # We get here when the attribute value DOES NOT start with # javascript: return False # Delegate the is_executable to the JavaScript parser for js_context in get_js_context_iter(script_text, self.payload): # At least one of the contexts where the payload is echoed in the # script text needs to be escaped from if js_context.is_executable(): return True return False