1.24b - XSS detection now accounts for commented out text.

2010-03-25 00:33:41 -04:00 · 2010-03-25 00:33:41 -04:00 · 71f2ea83b4
parent ffa63decdb
commit 71f2ea83b4
4 changed files with 17 additions and 2 deletions
--- a/5
+++ b/5
@ -1,3 +1,8 @@
+Version 1.24b:
+--------------
+
+  - XSS detection now accounts for commented out text.
+
 Version 1.23b:
 --------------

--- a/analysis.c
+++ b/analysis.c
@ -1529,6 +1529,16 @@ void content_checks(struct http_request* req, struct http_response* res) {
      u32 len = strcspn((char*)++tmp, "> \t\r\n"), space_len;
      u8  remote_script = 0;

+      /* Skip comments where possible. */
+
+      if (!strncmp((char*)tmp, "!--", 3)) {
+        u8* next = (u8*)strstr((char*)tmp + 3, "-->");
+        if (next) {
+          tmp = next + 3;
+          continue;
+        }
+      }
+
      /* Grab tag name. */

      tag_name = ck_memdup(tmp, len + 1);
--- a/config.h
+++ b/config.h
@ -23,7 +23,7 @@
 #ifndef _HAVE_CONFIG_H
 #define _HAVE_CONFIG_H

-#define VERSION "1.23b"
+#define VERSION "1.24b"

 #define USE_COLOR               1       /* Use terminal colors             */

--- a/database.c
+++ b/database.c
@ -1295,7 +1295,7 @@ u8* new_xss_tag(u8* prefix) {

  if (!scan_id) scan_id = R(999999) + 1;

-  sprintf((char*)ret, "%s>\">'>'\"<sfi%06uv%06u>",
+  sprintf((char*)ret, "%s-->\">'>'\"<sfi%06uv%06u>",
          prefix ? prefix : (u8*)"", cur_xss_id, scan_id);

  return ret;