def can_break(self):
# If we can break out of the context then we're done
if super(CSSText, self).can_break():
return True
css_text = self.get_context_content()
for css_context in get_css_context_iter(css_text, self.payload):
# At least one of the contexts where the payload is echoed in the
# CSS text needs to be escaped from
if css_context.can_break():
return True
return False
def can_break(self):
# If we can break out of the context then we're done
if super(CSSText, self).can_break():
return True
css_text = self.get_context_content()
for css_context in get_css_context_iter(css_text, self.payload):
# At least one of the contexts where the payload is echoed in the
# CSS text needs to be escaped from
if css_context.can_break():
return True
return False
def is_executable_style(self):
"""
Handle cases like this:
<h1 style="color:blue;text-align:PAYLOAD">This is a header</h1>
"""
if self.name != 'style':
return False
# Delegate the is_executable to the CSS parser
css_text = self.get_context_content()
for css_context in get_css_context_iter(css_text, self.payload):
# At least one of the contexts where the payload is echoed in the
# CSS text needs to be escaped from
if css_context.is_executable():
return True
return False
def is_executable_style(self):
"""
Handle cases like this:
<h1 style="color:blue;text-align:PAYLOAD">This is a header</h1>
"""
if self.name != 'style':
return False
# Delegate the is_executable to the CSS parser
css_text = self.get_context_content()
for css_context in get_css_context_iter(css_text, self.payload):
# At least one of the contexts where the payload is echoed in the
# CSS text needs to be escaped from
if css_context.is_executable():
return True
return False
