Location: PHPKode > projects > Volunteer Management OpenSource Software > vmoss_alpha02/3rd/htmlpurifier/smoketests/variableWidthAttack.php

require_once 'common.php';

echo '<?xml version="1.0" encoding="UTF-8" ?>';
?><!DOCTYPE html 
     PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
    <title>HTML Purifier Variable Width Attack Smoketest</title>
    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<h1>HTML Purifier Variable Width Attack Smoketest</h1>
<p>For more information, see
<a href="http://applesoup.googlepages.com/bypass_filter.txt">Cheng Peng Su's
original advisory.</a>  This particular exploit code appears only to work
in Internet Explorer, if it works at all.</p>

$purifier = new HTMLPurifier();

<thead><tr><th>ASCII</th><th width="30%">Raw</th><th>Output</th><th>Render</th></tr></thead>

for ($i = 0; $i < 256; $i++) {
    $c = chr($i);
    $html = '<img src="" alt="X' . $c . '"';
    $html .= '>A"'; // in our out the attribute? ;-)
    $html .= "onerror=alert('$i')>O";
    $pure_html = $purifier->purify($html);
    <td><?php echo $i; ?></td>
    <td style="font-size:8pt;"><?php echo escapeHTML($html); ?></td>
    <td style="font-size:8pt;"><?php echo escapeHTML($pure_html); ?></td>
    <td><?php echo $pure_html; ?></td>
<?php } ?>


<p>By making sure that UTF-8 is well formed and non-SGML codepoints are
removed, as well as escaping quotes outside of tags, this is a non-threat.</p>

Return current item: Volunteer Management OpenSource Software