spec/support/servers/checks/active/xss_dom_inputs.rb in arachni-1.1 vs spec/support/servers/checks/active/xss_dom_inputs.rb in arachni-1.2
- old
+ new
@@ -4,13 +4,16 @@
EVENTS = Arachni::Browser::Javascript::EVENTS_PER_ELEMENT[:input]
get '/' do
html = '<html><body>'
+
EVENTS.each do |event|
html << "<a href='/#{event}'>#{event}</a>"
end
+
+ html << "<a href='/with_button'>With button</a>"
html + '</body></html>'
end
EVENTS.each do |event|
get "/#{event}" do
@@ -30,6 +33,27 @@
</div>
</body>
</html>
EOHTML
end
+end
+
+get '/with_button' do
+ <<-EOHTML
+ <html>
+ <body>
+ <input id="my-input" type="text">
+ <button id="insert">Insert into DOM</button>
+
+ <div id="container">
+ </div>
+
+ <script>
+ document.getElementById('insert').addEventListener('click', function() {
+ document.getElementById("container").innerHTML =
+ document.getElementById("my-input").value;
+ });
+ </script>
+ </body>
+ </html>
+ EOHTML
end