Class: Arachni::Checks::XssEvent::SAX

Inherits:
Object
  • Object
show all
Defined in:
components/checks/active/xss_event.rb

Instance Attribute Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(seed) ⇒ SAX

Returns a new instance of SAX.



47
48
49
50
# File 'components/checks/active/xss_event.rb', line 47

def initialize( seed )
    @seed       = seed
    @attributes = Set.new( ATTRIBUTES )
end

Instance Attribute Details

#proofObject (readonly)

Returns the value of attribute proof.



45
46
47
# File 'components/checks/active/xss_event.rb', line 45

def proof
  @proof
end

Instance Method Details

#attr(name, value) ⇒ Object



55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
# File 'components/checks/active/xss_event.rb', line 55

def attr( name, value )
    name  = name.to_s.downcase
    value = value.downcase

    return if !@attributes.include?( name )

    if name == 'src'
        # Javascript cases can be handled more reliably by the
        # xss_script_context check; VBScript doesn't have full support
        # so we settle.
        if value =~ /^(vb|)script:/ && value.include?( @seed )
            @proof = value
            fail Arachni::Parser::SAX::Stop
        end
    elsif value.include?( @seed )
        @proof = value
        fail Arachni::Parser::SAX::Stop
    end
end

#documentObject



52
53
# File 'components/checks/active/xss_event.rb', line 52

def document
end