OLD | NEW |
1 #!/usr/bin/perl -wT | 1 #!/usr/bin/perl -wT |
2 use strict; | 2 use strict; |
3 use CGI; | 3 use CGI; |
4 | 4 |
5 my $cgi = new CGI; | 5 my $cgi = new CGI; |
6 | 6 |
7 # Passing semicolons through the url to this script is problematic. The raw | 7 # Passing semicolons through the url to this script is problematic. The raw |
8 # form truncates the input and the %-encoded form isn't being decoded. Hence | 8 # form truncates the input and the %-encoded form isn't being decoded. Hence |
9 # this set of hard-coded headers. | 9 # this set of hard-coded headers. |
10 if ($cgi->param('disable-protection')) { | 10 if ($cgi->param('disable-protection')) { |
11 print "X-XSS-Protection: 0\n"; | 11 print "X-XSS-Protection: 0\n"; |
12 } | 12 } elsif ($cgi->param('enable-full-block')) { |
13 if ($cgi->param('enable-full-block')) { | |
14 print "X-XSS-Protection: 1; mode=block\n"; | 13 print "X-XSS-Protection: 1; mode=block\n"; |
15 } | 14 } elsif ($cgi->param('enable-report')) { |
16 if ($cgi->param('enable-report')) { | |
17 print "X-XSS-Protection: 1; report=/security/contentSecurityPolicy/resources
/save-report.php?test=" . $cgi->param('test') . "\n"; | 15 print "X-XSS-Protection: 1; report=/security/contentSecurityPolicy/resources
/save-report.php?test=" . $cgi->param('test') . "\n"; |
18 } | 16 } elsif ($cgi->param('enable-full-block-report')) { |
19 if ($cgi->param('enable-full-block-report')) { | |
20 print "X-XSS-Protection: 1; mode=block; report=/security/contentSecurityPoli
cy/resources/save-report.php?test=" . $cgi->param('test') . "\n"; | 17 print "X-XSS-Protection: 1; mode=block; report=/security/contentSecurityPoli
cy/resources/save-report.php?test=" . $cgi->param('test') . "\n"; |
21 } | 18 } elsif ($cgi->param('valid-header')) { |
22 | |
23 if ($cgi->param('valid-header')) { | |
24 if ($cgi->param('valid-header') == 1) { | 19 if ($cgi->param('valid-header') == 1) { |
25 print "X-XSS-Protection: 1 ;MoDe = bLocK \n"; | 20 print "X-XSS-Protection: 1 ;MoDe = bLocK \n"; |
26 } | 21 } |
27 if ($cgi->param('valid-header') == 2) { | 22 if ($cgi->param('valid-header') == 2) { |
28 print "X-XSS-Protection: 1; \n"; | 23 print "X-XSS-Protection: 1; \n"; |
29 } | 24 } |
30 if ($cgi->param('valid-header') == 3) { | 25 if ($cgi->param('valid-header') == 3) { |
31 print "X-XSS-Protection: 1; mode=block; \n"; | 26 print "X-XSS-Protection: 1; mode=block; \n"; |
32 } | 27 } |
33 if ($cgi->param('valid-header') == 4) { | 28 if ($cgi->param('valid-header') == 4) { |
34 print "X-XSS-Protection: 1; report=/security/contentSecurityPolicy/resou
rces/nonesuch.php; mode=block; \n"; | 29 print "X-XSS-Protection: 1; report=/security/contentSecurityPolicy/resou
rces/nonesuch.php; mode=block; \n"; |
35 } | 30 } |
36 } | 31 } elsif ($cgi->param('malformed-header')) { |
37 | |
38 if ($cgi->param('malformed-header')) { | |
39 if ($cgi->param('malformed-header') == 1) { | 32 if ($cgi->param('malformed-header') == 1) { |
40 print "X-XSS-Protection: 12345678901234567\n"; | 33 print "X-XSS-Protection: 12345678901234567\n"; |
41 } | 34 } |
42 if ($cgi->param('malformed-header') == 2) { | 35 if ($cgi->param('malformed-header') == 2) { |
43 print "X-XSS-Protection: red\n"; | 36 print "X-XSS-Protection: red\n"; |
44 } | 37 } |
45 if ($cgi->param('malformed-header') == 3) { | 38 if ($cgi->param('malformed-header') == 3) { |
46 print "X-XSS-Protection: 1; mode=purple\n"; | 39 print "X-XSS-Protection: 1; mode=purple\n"; |
47 } | 40 } |
48 if ($cgi->param('malformed-header') == 4) { | 41 if ($cgi->param('malformed-header') == 4) { |
49 print "X-XSS-Protection: 1; mode=block-a-block-block\n"; | 42 print "X-XSS-Protection: 1; mode=block-a-block-block\n"; |
50 } | 43 } |
51 if ($cgi->param('malformed-header') == 5) { | 44 if ($cgi->param('malformed-header') == 5) { |
52 print "X-XSS-Protection: 1; mode=block; report\n"; | 45 print "X-XSS-Protection: 1; mode=block; report\n"; |
53 } | 46 } |
54 if ($cgi->param('malformed-header') == 6) { | 47 if ($cgi->param('malformed-header') == 6) { |
55 print "X-XSS-Protection: 1; report= ;\n"; | 48 print "X-XSS-Protection: 1; report= ;\n"; |
56 } | 49 } |
57 if ($cgi->param('malformed-header') == 7) { | 50 if ($cgi->param('malformed-header') == 7) { |
58 print "X-XSS-Protection: 1; red\n"; | 51 print "X-XSS-Protection: 1; red\n"; |
59 } | 52 } |
60 if ($cgi->param('malformed-header') == 8) { | 53 if ($cgi->param('malformed-header') == 8) { |
61 print "X-XSS-Protection: 1; mode=block; report=/fail; mode=block;\n"; | 54 print "X-XSS-Protection: 1; mode=block; report=/fail; mode=block;\n"; |
62 } | 55 } |
63 if ($cgi->param('malformed-header') == 9) { | 56 if ($cgi->param('malformed-header') == 9) { |
64 print "X-XSS-Protection: 1; mode=block; report=/fail; report=/fail;\n"; | 57 print "X-XSS-Protection: 1; mode=block; report=/fail; report=/fail;\n"; |
65 } | 58 } |
| 59 } else { |
| 60 print "X-XSS-Protection: 1\n"; |
66 } | 61 } |
67 | 62 |
68 print "Content-Type: text/html; charset="; | 63 print "Content-Type: text/html; charset="; |
69 print $cgi->param('charset') ? $cgi->param('charset') : "UTF-8"; | 64 print $cgi->param('charset') ? $cgi->param('charset') : "UTF-8"; |
70 print "\n\n"; | 65 print "\n\n"; |
71 | 66 |
72 print "<!DOCTYPE html>\n"; | 67 print "<!DOCTYPE html>\n"; |
73 print "<html>\n"; | 68 print "<html>\n"; |
74 if ($cgi->param('wait-for-load')) { | 69 if ($cgi->param('wait-for-load')) { |
75 print "<script>\n"; | 70 print "<script>\n"; |
(...skipping 65 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
141 if ($cgi->param('echo-report')) { | 136 if ($cgi->param('echo-report')) { |
142 print "<script src=/security/contentSecurityPolicy/resources/go-to-echo-repo
rt.js></script>\n"; | 137 print "<script src=/security/contentSecurityPolicy/resources/go-to-echo-repo
rt.js></script>\n"; |
143 } | 138 } |
144 print "Page rendered here.\n"; | 139 print "Page rendered here.\n"; |
145 if ($cgi->param('inHead')) { | 140 if ($cgi->param('inHead')) { |
146 print "</head>\n"; | 141 print "</head>\n"; |
147 } else { | 142 } else { |
148 print "</body>\n"; | 143 print "</body>\n"; |
149 } | 144 } |
150 print "</html>\n"; | 145 print "</html>\n"; |
OLD | NEW |