OLD | NEW |
1 #!/usr/bin/perl -wT | 1 #!/usr/bin/perl -wT |
2 use strict; | 2 use strict; |
3 use CGI; | 3 use CGI; |
4 | 4 |
5 my $cgi = new CGI; | 5 my $cgi = new CGI; |
6 | 6 |
7 # Passing semicolons through the url to this script is problematic. The raw | 7 # Passing semicolons through the url to this script is problematic. The raw |
8 # form truncates the input and the %-encoded form isn't being decoded. Hence | 8 # form truncates the input and the %-encoded form isn't being decoded. Hence |
9 # this set of hard-coded headers. | 9 # this set of hard-coded headers. |
10 if ($cgi->param('disable-protection')) { | 10 if ($cgi->param('disable-protection')) { |
(...skipping 47 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
58 print "X-XSS-Protection: 1; red\n"; | 58 print "X-XSS-Protection: 1; red\n"; |
59 } | 59 } |
60 if ($cgi->param('malformed-header') == 8) { | 60 if ($cgi->param('malformed-header') == 8) { |
61 print "X-XSS-Protection: 1; mode=block; report=/fail; mode=block;\n"; | 61 print "X-XSS-Protection: 1; mode=block; report=/fail; mode=block;\n"; |
62 } | 62 } |
63 if ($cgi->param('malformed-header') == 9) { | 63 if ($cgi->param('malformed-header') == 9) { |
64 print "X-XSS-Protection: 1; mode=block; report=/fail; report=/fail;\n"; | 64 print "X-XSS-Protection: 1; mode=block; report=/fail; report=/fail;\n"; |
65 } | 65 } |
66 } | 66 } |
67 | 67 |
68 if ($cgi->param('csp') eq '_empty_') { | |
69 print "Content-Security-Policy: reflected-xss\n"; | |
70 } elsif ($cgi->param('csp')) { | |
71 print "Content-Security-Policy: reflected-xss " . $cgi->param('csp') . "\n"; | |
72 } | |
73 | |
74 print "Content-Type: text/html; charset="; | 68 print "Content-Type: text/html; charset="; |
75 print $cgi->param('charset') ? $cgi->param('charset') : "UTF-8"; | 69 print $cgi->param('charset') ? $cgi->param('charset') : "UTF-8"; |
76 print "\n\n"; | 70 print "\n\n"; |
77 | 71 |
78 print "<!DOCTYPE html>\n"; | 72 print "<!DOCTYPE html>\n"; |
79 print "<html>\n"; | 73 print "<html>\n"; |
80 if ($cgi->param('wait-for-load')) { | 74 if ($cgi->param('wait-for-load')) { |
81 print "<script>\n"; | 75 print "<script>\n"; |
82 print "onload = function() {\n"; | 76 print "onload = function() {\n"; |
83 print " window.parent.postMessage('loaded', '*');\n"; | 77 print " window.parent.postMessage('loaded', '*');\n"; |
(...skipping 63 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
147 if ($cgi->param('echo-report')) { | 141 if ($cgi->param('echo-report')) { |
148 print "<script src=/security/contentSecurityPolicy/resources/go-to-echo-repo
rt.js></script>\n"; | 142 print "<script src=/security/contentSecurityPolicy/resources/go-to-echo-repo
rt.js></script>\n"; |
149 } | 143 } |
150 print "Page rendered here.\n"; | 144 print "Page rendered here.\n"; |
151 if ($cgi->param('inHead')) { | 145 if ($cgi->param('inHead')) { |
152 print "</head>\n"; | 146 print "</head>\n"; |
153 } else { | 147 } else { |
154 print "</body>\n"; | 148 print "</body>\n"; |
155 } | 149 } |
156 print "</html>\n"; | 150 print "</html>\n"; |
OLD | NEW |