OLD | NEW |
1 #!/usr/bin/perl -wT | 1 #!/usr/bin/perl -wT |
2 use strict; | 2 use strict; |
3 use CGI; | 3 use CGI; |
4 | 4 |
5 my $cgi = new CGI; | 5 my $cgi = new CGI; |
6 | 6 |
7 # Passing semicolons through the url to this script is problematic. The raw | 7 # Passing semicolons through the url to this script is problematic. The raw |
8 # form truncates the input and the %-encoded form isn't being decoded. Hence | 8 # form truncates the input and the %-encoded form isn't being decoded. Hence |
9 # this set of hard-coded headers. | 9 # this set of hard-coded headers. |
10 if ($cgi->param('disable-protection')) { | 10 if ($cgi->param('disable-protection')) { |
11 print "X-XSS-Protection: 0\n"; | 11 print "X-XSS-Protection: 0\n"; |
12 } | 12 } |
13 if ($cgi->param('enable-full-block')) { | 13 if ($cgi->param('enable-full-block')) { |
14 print "X-XSS-Protection: 1; mode=block\n"; | 14 print "X-XSS-Protection: 1; mode=block\n"; |
15 } | 15 } |
16 if ($cgi->param('enable-report')) { | 16 if ($cgi->param('enable-report')) { |
17 print "X-XSS-Protection: 1; report=/security/contentSecurityPolicy/resources
/save-report.php\n"; | 17 print "X-XSS-Protection: 1; report=/security/contentSecurityPolicy/resources
/save-report.php?test=" . $cgi->param('test') . "\n"; |
18 } | 18 } |
19 if ($cgi->param('enable-full-block-report')) { | 19 if ($cgi->param('enable-full-block-report')) { |
20 print "X-XSS-Protection: 1; mode=block; report=/security/contentSecurityPoli
cy/resources/save-report.php\n"; | 20 print "X-XSS-Protection: 1; mode=block; report=/security/contentSecurityPoli
cy/resources/save-report.php?test=" . $cgi->param('test') . "\n"; |
21 } | 21 } |
22 | 22 |
23 if ($cgi->param('valid-header')) { | 23 if ($cgi->param('valid-header')) { |
24 if ($cgi->param('valid-header') == 1) { | 24 if ($cgi->param('valid-header') == 1) { |
25 print "X-XSS-Protection: 1 ;MoDe = bLocK \n"; | 25 print "X-XSS-Protection: 1 ;MoDe = bLocK \n"; |
26 } | 26 } |
27 if ($cgi->param('valid-header') == 2) { | 27 if ($cgi->param('valid-header') == 2) { |
28 print "X-XSS-Protection: 1; \n"; | 28 print "X-XSS-Protection: 1; \n"; |
29 } | 29 } |
30 if ($cgi->param('valid-header') == 3) { | 30 if ($cgi->param('valid-header') == 3) { |
(...skipping 97 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
128 print "<p>If you see this message then the test FAILED.</p>\n"; | 128 print "<p>If you see this message then the test FAILED.</p>\n"; |
129 } | 129 } |
130 if ($cgi->param('alert-cookie')) { | 130 if ($cgi->param('alert-cookie')) { |
131 print "<script>if (/xssAuditorTestCookie/.test(document.cookie)) { alert('FA
IL: ' + document.cookie); document.cookie = 'xssAuditorTestCookie=remove; max-ag
e=-1'; } else alert('PASS');</script>\n"; | 131 print "<script>if (/xssAuditorTestCookie/.test(document.cookie)) { alert('FA
IL: ' + document.cookie); document.cookie = 'xssAuditorTestCookie=remove; max-ag
e=-1'; } else alert('PASS');</script>\n"; |
132 } | 132 } |
133 if ($cgi->param('echo-report')) { | 133 if ($cgi->param('echo-report')) { |
134 print "<script src=/security/contentSecurityPolicy/resources/go-to-echo-repo
rt.js></script>\n"; | 134 print "<script src=/security/contentSecurityPolicy/resources/go-to-echo-repo
rt.js></script>\n"; |
135 } | 135 } |
136 print "</body>\n"; | 136 print "</body>\n"; |
137 print "</html>\n"; | 137 print "</html>\n"; |
OLD | NEW |