def can_break(self): # If we can break out of the context then we're done if super(CSSText, self).can_break(): return True css_text = self.get_context_content() for css_context in get_css_context_iter(css_text, self.payload): # At least one of the contexts where the payload is echoed in the # CSS text needs to be escaped from if css_context.can_break(): return True return False
def can_break(self): # If we can break out of the context then we're done if super(CSSText, self).can_break(): return True css_text = self.get_context_content() for css_context in get_css_context_iter(css_text, self.payload): # At least one of the contexts where the payload is echoed in the # CSS text needs to be escaped from if css_context.can_break(): return True return False
def is_executable_style(self): """ Handle cases like this: <h1 style="color:blue;text-align:PAYLOAD">This is a header</h1> """ if self.name != 'style': return False # Delegate the is_executable to the CSS parser css_text = self.get_context_content() for css_context in get_css_context_iter(css_text, self.payload): # At least one of the contexts where the payload is echoed in the # CSS text needs to be escaped from if css_context.is_executable(): return True return False
def is_executable_style(self): """ Handle cases like this: <h1 style="color:blue;text-align:PAYLOAD">This is a header</h1> """ if self.name != 'style': return False # Delegate the is_executable to the CSS parser css_text = self.get_context_content() for css_context in get_css_context_iter(css_text, self.payload): # At least one of the contexts where the payload is echoed in the # CSS text needs to be escaped from if css_context.is_executable(): return True return False