yaoyi2008 / xssprotect Goto Github PK
View Code? Open in Web Editor NEWAutomatically exported from code.google.com/p/xssprotect
License: Apache License 2.0
xssprotect's People
xssprotect's Issues
remove "-moz-binding" in style and url with protocol "ms-its,mhtml,firefoxurl,data"
-moz-binding in Firefox is similar with expression in IE
ms-its,mhtml,firefoxurl,data is similar with javascript,mocha
Original issue reported on code.google.com by [email protected] on 24 Aug 2009 at 6:31
Comments shold be removed (ignored?)
What steps will reproduce the problem?
Input HTML example begin"
<html>
<!-- Remove me -->
</html>
"end
Filtered HTML begin"
<html><remove me></remove></html>
"end
What is the expected output? What do you see instead?
Remove all comments.
What version of the product are you using? On what operating system?
Please provide any additional information below.
Error log:
line 2:1 no viable alternative at character '!'
line 2:2 no viable alternative at character '-'
line 2:3 no viable alternative at character '-'
line 2:15 no viable alternative at character '-'
line 2:16 no viable alternative at character '-'
line 3:0 end tag (html) does not match start tag (Remove) currently open,
closing it anyway
Original issue reported on code.google.com by [email protected] on 18 Jun 2009 at 3:48
DOCTYPE must be removed (ignored)
What steps will reproduce the problem?
Input HTML example begin"
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html>
</html>
"end
Filtered HTML begin"
<doctype html public w3c dtd html transitional en http: www.w3.org tr html4
loose.dtd><html></html></doctype>
"end
What is the expected output? What do you see instead?
Remove input DOCTYPE tag.
What version of the product are you using? On what operating system?
Please provide any additional information below.
Error log:
line 1:1 no viable alternative at character '!'
line 1:22 no viable alternative at character '"'
line 1:23 no viable alternative at character '-'
line 1:24 rule PCDATA failed predicate: { !tagMode }?
line 1:25 rule PCDATA failed predicate: { !tagMode }?
line 1:29 rule PCDATA failed predicate: { !tagMode }?
line 1:30 rule PCDATA failed predicate: { !tagMode }?
line 1:40 no viable alternative at character '4'
line 1:41 no viable alternative at character '.'
line 1:42 no viable alternative at character '0'
line 1:43 no viable alternative at character '1'
line 1:57 rule PCDATA failed predicate: { !tagMode }?
line 1:58 rule PCDATA failed predicate: { !tagMode }?
line 1:61 no viable alternative at character '"'
line 1:63 no viable alternative at character '"'
line 1:69 rule PCDATA failed predicate: { !tagMode }?
line 1:70 rule PCDATA failed predicate: { !tagMode }?
line 1:81 rule PCDATA failed predicate: { !tagMode }?
line 1:84 rule PCDATA failed predicate: { !tagMode }?
line 1:90 rule PCDATA failed predicate: { !tagMode }?
line 1:100 no viable alternative at character '"'
line 0:-1 end tag (null) does not match start tag (DOCTYPE) currently open,
closing it anyway
Original issue reported on code.google.com by [email protected] on 18 Jun 2009 at 3:52
please add compatibility with antlr-runtime-3.1.1.jar
can not compile or run with antlr 3.1.1
Original issue reported on code.google.com by [email protected] on 24 Aug 2009 at 6:05
NullPointerException if 1-st line of HTML is empty
Input HTML example begin"
<html>
</html>
"end
What is the expected output? What do you see instead?
Ignore empty line or remove at all.
What version of the product are you using? On what operating system?
Windows
Please provide any additional information below.
Error log:
line 1:0 no viable alternative at input '\r\n'
BR.recoverFromMismatchedToken
/workspace/xssprotect/trunk/grammar/htmlTreeParser.g: node from line 0:0
mismatched tree node: EOF expecting ELEMENT
Exception in thread "main" java.lang.NullPointerException
at com.blogspot.radialmind.html.HTMLParser.process(HTMLParser.java:76)
at TestXssProtect.main(TestXssProtect.java:28)
Original issue reported on code.google.com by [email protected] on 18 Jun 2009 at 3:31
escape & in url when convertIntoValidXML=true
convert
<a href="http://www.google.com/search?hl=en&q=test">test</a>
to
<a href="http://www.google.com/search?hl=en&q=test">test</a>
Original issue reported on code.google.com by [email protected] on 24 Aug 2009 at 6:12
Testing issue tracker
What steps will reproduce the problem?
1. 3
2. 2
3. 4
What is the expected output? What do you see instead?
gdfgdfg
Please use labels and text to provide additional information.
dfgdfgdfg
Original issue reported on code.google.com by [email protected] on 28 Apr 2008 at 6:35
Not closed tags corrupt filtering
What steps will reproduce the problem?
Input HTML example begin"
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>XSS Example</title>
</head>
</html>
"end
Filtered HTML begin"
<html><head><title></title></head></html>
"end
What is the expected output? What do you see instead?
Add "/" to the end of tag if it has no closing tag.
Ex: "<tag>" -> "<tag/>".
Or ignore only for tags like <meta>, etc.
What version of the product are you using? On what operating system?
Please provide any additional information below.
Note that <title> lost its content after bad filtering.
Error log:
line 5:1 end tag (head) does not match start tag (meta) currently open,
closing it anyway
Original issue reported on code.google.com by [email protected] on 18 Jun 2009 at 4:02
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. ๐๐๐
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google โค๏ธ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.