Beispiel #1
0
        public static ReadOnlyUrl GetReferrerUrl(this string url, ReadOnlyUrl requestedUrl)
        {
            // It may be external, but must not contain script.

            if (string.IsNullOrEmpty(url))
            {
                return(null);
            }

            var referrerUrl = TryParseUrl(url);

            if (referrerUrl != null)
            {
                if (requestedUrl != null && referrerUrl.ToString().IndexOf(requestedUrl.AbsolutePath) != -1)
                {
                    return(null);
                }
                if (HtmlUtil.ContainsScript(referrerUrl.ToString()))
                {
                    return(null);
                }
            }

            return(referrerUrl);
        }
Beispiel #2
0
        protected override bool IsValid(object value)
        {
            if (!(value is string || value is string[]))
            {
                return(true);
            }

            var s = value as string;

            if (s != null)
            {
                if (s.Length != 0 && HtmlUtil.ContainsScript(s))
                {
                    return(false);
                }
            }
            else
            {
                var a = value as string[];
                foreach (var v in a)
                {
                    if (v.Length != 0 && HtmlUtil.ContainsScript(v))
                    {
                        return(false);
                    }
                }
            }

            return(true);
        }
Beispiel #3
0
        public void TestCleanScriptAndEventTags()
        {
            const string doubleApostrophes           = "This job ad's content contains a two apostrophes. It's getting truncated.";
            const string doubleApostrophesWithScript = "This job ad's content contains some <script>alert(0)</script>."
                                                       + " It's getting truncated.";

            const string dirty1 = "<a href=\"linkme.com.au\" onClick=\"javascript:alert('hackslol11!!eleven!');\">hahah</a>";
            string       clean1 = HtmlUtil.CleanScriptAndEventTags(dirty1);

            Assert.AreNotEqual(dirty1, clean1);
            Assert.IsFalse(HtmlUtil.ContainsScript(clean1));
            Assert.AreEqual("<a href=\"linkme.com.au\">hahah</a>", clean1);

            const string dirty2 = "<a href=\"linkme.com.au\" onClick='alert(\'hackslol11!!eleven!\');'>hahah</a>";
            string       clean2 = HtmlUtil.CleanScriptAndEventTags(dirty1);

            Assert.AreNotEqual(dirty2, clean2);
            Assert.IsFalse(HtmlUtil.ContainsScript(clean2));
            Assert.AreEqual("<a href=\"linkme.com.au\">hahah</a>", clean2);

            Assert.AreEqual("", HtmlUtil.CleanScriptAndEventTags("<script type=\"text\\javascript\">alert('lolhax');</script>"));
            Assert.AreEqual("Valid text with  in it.", HtmlUtil.CleanScriptAndEventTags("Valid text with <script type=\"text\\javascript\">alert('lolhax');</script> in it."));
            Assert.AreEqual("", HtmlUtil.CleanScriptAndEventTags("<script <a href=\"linkme.com.au\" onclick=\"alert('smrt');\">hahah</a>>alert('This is smarta!');</script>"));

            // Bug 7104 - content between apostrophes gets removed.

            Assert.AreEqual(doubleApostrophes, HtmlUtil.CleanScriptAndEventTags(doubleApostrophes));
            Assert.AreEqual("This job ad's content contains some . It's getting truncated.",
                            HtmlUtil.CleanScriptAndEventTags(doubleApostrophesWithScript));
        }
Beispiel #4
0
        public void TestContainsScript()
        {
            Assert.IsFalse(HtmlUtil.ContainsScript("whatever"));
            Assert.IsFalse(HtmlUtil.ContainsScript("<html><body>text</body></html>"));
            Assert.IsTrue(HtmlUtil.ContainsScript("<html><body><script>text</script></body></html>"));
            Assert.IsTrue(HtmlUtil.ContainsScript("<html><body><script >text</script></body></html>"));
            Assert.IsTrue(HtmlUtil.ContainsScript("<html><body><script>text</script </body></html>"));
            Assert.IsTrue(HtmlUtil.ContainsScript("<html><body><script >text</body></html>"));

            // Case 1521 - Microsoft .NET request filtering bypass vulnerability - LinkMe version

            TestXss("</XSS/*-*/STYLE=xss:e/**/xpression(alert(document.cookie))>");
            TestXss("<XSS STYLE=xss:e/**/xpression(alert(document.cookie))>");
            TestXss("<//*-*/XSSSTYLE=xss:e/**/xpression(alert(document.cookie))>");
            TestXss("</*-*/X/*-*/S/*-*/S ST/*-*/YLE=xss:e/**/xpression(alert(document.cookie))>");
        }
Beispiel #5
0
        public static ReadOnlyUrl GetRequestedUrl(this string url)
        {
            // Validate the url.

            if (string.IsNullOrEmpty(url))
            {
                return(null);
            }

            var requestedUrl = TryParseUrl(url);

            if (HtmlUtil.ContainsScript(requestedUrl.ToString()))
            {
                return(null);
            }

            return(requestedUrl);
        }
Beispiel #6
0
        private static bool IsAllowedRedirects(this ReadOnlyUrl url)
        {
            // Check for cases 3032 (open redirects) and 4241 (XSS via links).

            return(!HtmlUtil.ContainsScript(url.ToString()) && NavigationManager.IsInternalUrl(url));
        }
Beispiel #7
0
 private static void TestXss(string xss)
 {
     Assert.IsTrue(HtmlUtil.ContainsScript(xss));
     Assert.IsTrue(HtmlUtil.ContainsHtml(xss));
 }