This project executes all functions in a configurable Javascript framework with XSS attack strings as arguments. If an attck string executes, the function is marked as "unsafe". Unsafe functions should never be called with untrusted data as arguments without encoding and/or validation, this will lead to one or more XSS vulnerabilities.
- By default the tests run against jQuery 1.8.0 which is included. To run against another framework:
- Open
js/functions-fuzzer.jsin your favorite editor. - Configure
window.libraryName, only use to display name in result page (examplevaluejQuery 1.8.0). - Configure
window.libraryFunction, the variable the library to test binds to, all functions bound to this variable are tested (example$for jQuery). - Change the script tag in
index.htmlto point to the library you want to test. - Start a HTTP server with the repository as server root.
- Python:
python -m SimpleHTTPServer - Ruby:
ruby -rwebrick -e'WEBrick::HTTPServer.new(:Port => 3000, :DocumentRoot => Dir.pwd).start' - Point your favorite browser (read Chrome) to
http://localhost:8000
Tested in Chrome 20 and 21.
- globalEval
- wrapAll
- wrapInner
- wrap
- append
- prepend
- before
- after
- html
- replaceWith
- globalEval
- wrapAll
- wrapInner
- wrap
- append
- prepend
- before
- after
- html
- replaceWith
- replaceWith
- wrapAll
- html
- after
- prepend
- before
- append
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.
