TRKJ/EdgeNode
2
0
Fork 0
mirror of https://github.com/TeaOSLab/EdgeNode.git synced 2025-11-13 23:10:25 +08:00
Code Issues Packages Projects Releases Wiki Activity

优化XSS检测的模式

Browse Source
This commit is contained in:
刘祥超
2024-01-16 19:56:04 +08:00
parent 5eb247b999
commit 35e7ce1435
3 changed files with 44 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
internal/waf/injectionutils/utils_xss_test.go
View File

@@ -32,16 +32,18 @@ func TestDetectXSS(t *testing.T) {
</rdf:Description>
</rdf:RDF>
</x:xmpmeta>`, true)) // included in some photo files
a.IsFalse(injectionutils.DetectXSS(`<xml>
</xml>`, true))
a.IsFalse(injectionutils.DetectXSS(`<xml></xml>`, false))
}
func TestDetectXSS_Strict(t *testing.T) {
var a = assert.NewAssertion(t)
a.IsFalse(injectionutils.DetectXSS(`<xml>
</xml>`, false))
a.IsFalse(injectionutils.DetectXSS(`<xml></xml>`, false))
a.IsTrue(injectionutils.DetectXSS(`<xml></xml>`, true))
a.IsFalse(injectionutils.DetectXSS(`<img src=\"\"/>`, false))
a.IsFalse(injectionutils.DetectXSS(`<img src=\"test.jpg\"/>`, true))
a.IsFalse(injectionutils.DetectXSS(`<a href="aaaa"></a>`, true))
a.IsFalse(injectionutils.DetectXSS(`<span style="color: red"></span>`, false))
a.IsTrue(injectionutils.DetectXSS(`<span style="color: red"></span>`, true))
}
func BenchmarkDetectXSS_MISS(b *testing.B) {