TRKJ/EdgeNode
2
0
Fork 0
mirror of https://github.com/TeaOSLab/EdgeNode.git synced 2025-12-07 18:30:25 +08:00
Code Issues Packages Projects Releases Wiki Activity

优化WAF XSS检测,减少对图片内容的误判

Browse Source
This commit is contained in:
GoEdgeLab
2023-12-10 19:40:29 +08:00
parent 802a2a92d3
commit 000d36bcc6
3 changed files with 18 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
internal/waf/injectionutils/libinjection/src/libinjection_xss.c
View File

@@ -667,10 +667,11 @@ static attribute_t is_black_attr(const char* s, size_t len)
/* XMLNS can be used to create arbitrary tags */
if (cstrcasecmp_with_null("XMLNS", s, 5) == 0 || cstrcasecmp_with_null("XLINK", s, 5) == 0) {
// goedge: commented for photo uploading
//if (cstrcasecmp_with_null("XMLNS", s, 5) == 0 || cstrcasecmp_with_null("XLINK", s, 5) == 0) {
/* printf("Got XMLNS and XLINK tags\n"); */
return TYPE_BLACK;
}
// return TYPE_BLACK;
//}
}
black = BLACKATTR;
@@ -789,9 +790,10 @@ int libinjection_is_xss(const char* s, size_t len, int flags)
attr = TYPE_NONE;
} else if (h5.token_type == TAG_COMMENT) {
/* IE uses a "`" as a tag ending char */
if (memchr(h5.token_start, '`', h5.token_len) != NULL) {
// goedge: commented for photo uploading
/**if (memchr(h5.token_start, '`', h5.token_len) != NULL) {
return 1;
}
}**/
/* IE conditional comment */
if (h5.token_len > 3) {