You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Add new unsafe_methods_reversed array with replaceAll, see https://api.jquery.com/replaceAll/. Callee and parameter is reversed (switched) in this method compared to others in unsafe_methods.
Extract following dataset generation into a semarate shell function. Use such function when iterating over unsafe_methods.
sed -i "s/__BATCH__/_${batch}_/g""${method_dir}/"*.js
sed -i "s/__METHOD__/${method}/g""${method_dir}/"*.js
echo"${method}, done"
mv "${method_dir}/"*.js ./out/tmp/
mv "${method_dir}/"*.out ./out/
rmdir "${method_dir}"
echo"${method}, moved"
batch=$((batch+1))
Use function from previous step to iterate over unsafe_methods_reversed. However, methods from unsafe_methods_reversed need XSS payload in callee and selector in parameter (e.g., $( "<script>" ).replaceAll( "div" );). Adjust dataset input (in folder) so that we can generate both forms ($(xss).method(selector); and $(selector).method(xss);).
Regenerate the dataset and evaluate the tools. Present confusion matrix similar to those in the paper.
In case of any questions, feel free to contact @mvondracek for details.
The text was updated successfully, but these errors were encountered:
unsafe_methods
withadd
,replaceWith
.jQuery-XSS/dataset/generate.sh
Lines 3 to 16 in 6330964
unsafe_methods_reversed
array withreplaceAll
, see https://api.jquery.com/replaceAll/. Callee and parameter is reversed (switched) in this method compared to others inunsafe_methods
.unsafe_methods
.jQuery-XSS/dataset/generate.sh
Lines 23 to 40 in 6330964
unsafe_methods_reversed
. However, methods fromunsafe_methods_reversed
need XSS payload in callee and selector in parameter (e.g.,$( "<script>" ).replaceAll( "div" );
). Adjust dataset input (in
folder) so that we can generate both forms ($(xss).method(selector);
and$(selector).method(xss);
).In case of any questions, feel free to contact @mvondracek for details.
The text was updated successfully, but these errors were encountered: