dap commit: added example of simple XSS

changeset:   16:b795ba1b2493
tag:         tip
parent:      7:95eebd38e5cc
user:        Robin Berjon <robin@berjon.com>
date:        Wed May 25 19:11:01 2011 +0200
files:       proposals/request-feature/xss-pwnd/index.html proposals/request-feature/xss-pwnd/notevilatall.js proposals/request-feature/xss-pwnd/unicorner.css proposals/request-feature/xss-pwnd/unicorner.js
description:
added example of simple XSS


diff -r 95eebd38e5cc -r b795ba1b2493 proposals/request-feature/xss-pwnd/index.html
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/proposals/request-feature/xss-pwnd/index.html	Wed May 25 19:11:01 2011 +0200
@@ -0,0 +1,20 @@
+<!DOCTYPE html>
+<html xmlns='http://www.w3.org/1999/xhtml' xml:lang='en' lang='en'>
+  <head>
+    <meta http-equiv='Content-Type' content='text/html; charset=utf-8'/>
+    <title>Unicorner — All The Unicorn Chatter You Can Take!</title>
+    <link rel='stylesheet' href='unicorner.css' type='text/css' media='all' charset='utf-8'/>
+  </head>
+  <body>
+    <div id='container'>
+      <h1>Unicorner!</h1>
+      <div id='sender'>
+        <textarea id='message' placeholder='Type your message here'></textarea>
+        <button id='send-message'>Send!</button>
+      </div>
+      <div id='content'></div>
+    </div>
+  </body>
+  <script src='http://ajax.googleapis.com/ajax/libs/jquery/1.6.0/jquery.min.js'></script>
+  <script src='unicorner.js'></script>
+</html>
diff -r 95eebd38e5cc -r b795ba1b2493 proposals/request-feature/xss-pwnd/notevilatall.js
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/proposals/request-feature/xss-pwnd/notevilatall.js	Wed May 25 19:11:01 2011 +0200
@@ -0,0 +1,5 @@
+// imagine this script is loaded from a remote server
+navigator.geolocation
+         .watchPosition(function (pos) {
+            // send position to evil server, without anyone knowing
+         });
diff -r 95eebd38e5cc -r b795ba1b2493 proposals/request-feature/xss-pwnd/unicorner.css
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/proposals/request-feature/xss-pwnd/unicorner.css	Wed May 25 19:11:01 2011 +0200
@@ -0,0 +1,67 @@
+
+html, body {
+    background: cornflowerblue;
+    margin: 0;
+    padding:    0;
+    font-family:    "Comic Sans MS";
+}
+
+#container {
+    width:      600px;
+    margin: 0 auto;
+    padding:    0 0 1em 0;
+    background: black;
+}
+
+h1 {
+    margin: 0;
+    padding:    30px 10px 0 10px;
+    color:  pink;
+    background: white;
+    font-size:  3em;
+}
+
+#content {
+    margin: 10px;
+}
+
+#sender {
+    padding:    10px 0;
+    text-align: right;
+}
+
+textarea {
+    display:    block;
+    width:  580px;
+    margin: 0 10px;
+    height: 3em;
+    border: none;
+}
+
+button {
+    margin: 5px 10px 0 10px;
+    background: white;
+    color:  cornflowerblue;
+    font-family:    "Comic Sans MS";
+    font-size:  1em;
+    border: none;
+}
+button:hover {
+    background: pink;
+}
+
+.message {
+    background: white;
+    margin: 10px 0;
+}
+
+h2 {
+    color:  cornflowerblue;
+    margin: 0 5px;
+    font-size:  1em;
+}
+
+p {
+    padding:    0 5px 5px 20px;
+    margin: 0;
+}
diff -r 95eebd38e5cc -r b795ba1b2493 proposals/request-feature/xss-pwnd/unicorner.js
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/proposals/request-feature/xss-pwnd/unicorner.js	Wed May 25 19:11:01 2011 +0200
@@ -0,0 +1,87 @@
+
+(function (global, $) {
+    var curLocation = null;
+    global.UI = {
+        loadEverything:    function () {
+            var msgs = Messaging.loadMessages();
+            for (var i = 0, n = msgs.length; i < n; i++) {
+                this.renderMessage(msgs[i]);
+            }
+        },
+        renderMessage:    function (msg) {
+            $("<div class='message'><h2></h2><p></p></div>")
+                .find("h2").html(msg.sender).end()
+                .find("p").html(msg.content).end()
+                .appendTo($("#content"));
+        }
+    };
+    
+    global.Messaging = {
+        loadMessages:    function () {
+            // imagine that this hits a server instead
+            return allMessages;
+        },
+        sendMessage:    function (txt) {
+            var msg = {
+                sender:     "@robunicorn",
+                content:    txt,
+                position:   curLocation
+            };
+            // imagine there's some sending going on here
+        },
+        watchLocation:    function () {
+            navigator.geolocation
+                     .watchPosition(function (pos) { curLocation = { latitude: pos.latitude, 
+                                                                     longitude: pos.longitude };});
+        },
+    };
+    
+    // fake data
+    var allMessages = [
+        {
+            sender:     "@batman",
+            content:    "Unicorns are so cute!"
+        },
+        {
+            sender:     "@graouts",
+            content:    "Unicorns are just the best — nuff said, homie!"
+        },
+        {
+            sender:     "@dom",
+            content:    "The Village awakens to discover... a DEAD UNICORN!!!"
+        },
+        {
+            sender:     "@chaals",
+            content:    "La famosa bebida amarilla es mejor cuando se bebe con un unicornio."
+        },
+        {
+            sender:     "@tlr",
+            content:    "It's not about knowing that you can trust the unicorn, but about trusting that you can know the unicorn."
+        },
+        {
+            sender:     "@ubu",
+            content:    "DAAAHUUUT!!!"
+        },
+        {
+            sender:     "@unicow",
+            content:    "I have a unicorn in my grange."
+        },
+        {
+            sender:     "@notevil",
+            content:    "Is there a good site for LOLUnicorns?<script src='notevilatall.js'></script>"
+        },
+        {
+            sender:     "@koalie",
+            content:    "What do you call unicorn dandruff? Corn flakes! Hah!"
+        },
+        {
+            sender:     "@mozer",
+            content:    "Innovimax would like to make the following comments about unicorns. First, [message truncated]"
+        },
+    ];
+    
+    $(function () {
+        UI.loadEverything();
+        Messaging.watchLocation();
+    });
+})(window, jQuery);

Received on Wednesday, 25 May 2011 17:11:36 UTC