diff options
| author | Maximilian Hils <git@maximilianhils.com> | 2017-10-22 18:02:28 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2017-10-22 18:02:28 +0200 |
| commit | f31d5dc3ebefec9a88e55354dce6b2f812eb9796 (patch) | |
| tree | f24991f712f5eeb788ae49d44e8e6462a5f2e2aa /test | |
| parent | 58ecef258b9b5fdc8335cc629a5d9ca61590a785 (diff) | |
| parent | 04a06eb6b5b5813b4ec630fc1451b1734fbb22fc (diff) | |
| download | mitmproxy-f31d5dc3ebefec9a88e55354dce6b2f812eb9796.tar.gz mitmproxy-f31d5dc3ebefec9a88e55354dce6b2f812eb9796.tar.bz2 mitmproxy-f31d5dc3ebefec9a88e55354dce6b2f812eb9796.zip | |
Merge pull request #2591 from ddworken/master
Added scanning for CSS injection and iframe injection to XSS scanner
Diffstat (limited to 'test')
| -rw-r--r-- | test/examples/test_xss_scanner.py | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/test/examples/test_xss_scanner.py b/test/examples/test_xss_scanner.py index 14ee6902..e15d7e10 100644 --- a/test/examples/test_xss_scanner.py +++ b/test/examples/test_xss_scanner.py @@ -314,7 +314,13 @@ class TestXSSScanner(): assert logger.args == [] xss.find_unclaimed_URLs("<html><script src=\"http://unclaimedDomainName.com\"></script></html>", "https://example.com") - assert logger.args[0] == 'XSS found in https://example.com due to unclaimed URL "http://unclaimedDomainName.com" in script tag.' + assert logger.args[0] == 'XSS found in https://example.com due to unclaimed URL "http://unclaimedDomainName.com".' + xss.find_unclaimed_URLs("<html><iframe src=\"http://unclaimedDomainName.com\"></iframe></html>", + "https://example.com") + assert logger.args[0] == 'XSS found in https://example.com due to unclaimed URL "http://unclaimedDomainName.com".' + xss.find_unclaimed_URLs("<html><link rel=\"stylesheet\" href=\"http://unclaimedDomainName.com\"></html>", + "https://example.com") + assert logger.args[0] == 'XSS found in https://example.com due to unclaimed URL "http://unclaimedDomainName.com".' def test_log_XSS_data(self, monkeypatch, logger): logger.args = [] |