[or-cvs] r15834: Update tags with some interesting ones from http://ha.ckers. (torflow/branches/gsoc2008)

mikeperry at seul.org mikeperry at seul.org
Fri Jul 11 10:26:25 UTC 2008


Author: mikeperry
Date: 2008-07-11 06:26:24 -0400 (Fri, 11 Jul 2008)
New Revision: 15834

Modified:
   torflow/branches/gsoc2008/soat.py
Log:

Update tags with some interesting ones from
http://ha.ckers.org/xss.html. Hopefully 'body' doesn't cause
too many false positives...



Modified: torflow/branches/gsoc2008/soat.py
===================================================================
--- torflow/branches/gsoc2008/soat.py	2008-07-11 09:30:16 UTC (rev 15833)
+++ torflow/branches/gsoc2008/soat.py	2008-07-11 10:26:24 UTC (rev 15834)
@@ -71,9 +71,11 @@
 ]
 
 # tags and attributes to check in the http test: XXX these should be reviewed
-
-tags_to_check = ['a', 'area', 'base', 'applet', 'embed', 'form', 'frame', 
-                 'iframe', 'img', 'link', 'object', 'script']
+# See also: http://ha.ckers.org/xss.html
+# Note: the more we add, the greater the potential for false positives...  
+# We also only care about the ones that work for FF2/FF3. 
+tags_to_check = ['a', 'area', 'base', 'applet', 'embed', 'form', 'frame',
+                 'iframe', 'img', 'link', 'object', 'script', 'meta', 'body']
 attrs_to_check = ['onclick', 'ondblclick', 'onmousedown', 'onmouseup', 'onmouseover',
                   'onmousemove', 'onmouseout', 'onkeypress','onkeydown','onkeyup']
 #



More information about the tor-commits mailing list