Class: Arachni::Checks::XssEvent::SAX
- Defined in:
- components/checks/active/xss_event.rb
Instance Attribute Summary collapse
-
#proof ⇒ Object
readonly
Returns the value of attribute proof.
Instance Method Summary collapse
- #attr(name, value) ⇒ Object
- #document ⇒ Object
-
#initialize(seed) ⇒ SAX
constructor
A new instance of SAX.
Constructor Details
#initialize(seed) ⇒ SAX
Returns a new instance of SAX.
47 48 49 50 |
# File 'components/checks/active/xss_event.rb', line 47 def initialize( seed ) @seed = seed @attributes = Set.new( ATTRIBUTES ) end |
Instance Attribute Details
#proof ⇒ Object (readonly)
Returns the value of attribute proof.
45 46 47 |
# File 'components/checks/active/xss_event.rb', line 45 def proof @proof end |
Instance Method Details
#attr(name, value) ⇒ Object
55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 |
# File 'components/checks/active/xss_event.rb', line 55 def attr( name, value ) name = name.to_s.downcase value = value.downcase return if !@attributes.include?( name ) if name == 'src' # Javascript cases can be handled more reliably by the # xss_script_context check; VBScript doesn't have full support # so we settle. if value =~ /^(vb|)script:/ && value.include?( @seed ) @proof = value fail Arachni::Parser::SAX::Stop end elsif value.include?( @seed ) @proof = value fail Arachni::Parser::SAX::Stop end end |
#document ⇒ Object
52 53 |
# File 'components/checks/active/xss_event.rb', line 52 def document end |