OLD | NEW |
1 #!/usr/bin/perl -wT | 1 #!/usr/bin/perl -wT |
2 use strict; | 2 use strict; |
3 use CGI; | 3 use CGI; |
4 | 4 |
5 my $cgi = new CGI; | 5 my $cgi = new CGI; |
6 | 6 |
7 # Passing semicolons through the url to this script is problematic. The raw | 7 # Passing semicolons through the url to this script is problematic. The raw |
8 # form truncates the input and the %-encoded form isn't being decoded. Hence | 8 # form truncates the input and the %-encoded form isn't being decoded. Hence |
9 # this set of hard-coded headers. | 9 # this set of hard-coded headers. |
10 if ($cgi->param('disable-protection')) { | 10 if ($cgi->param('disable-protection')) { |
(...skipping 45 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
56 } | 56 } |
57 if ($cgi->param('malformed-header') == 7) { | 57 if ($cgi->param('malformed-header') == 7) { |
58 print "X-XSS-Protection: 1; red\n"; | 58 print "X-XSS-Protection: 1; red\n"; |
59 } | 59 } |
60 if ($cgi->param('malformed-header') == 8) { | 60 if ($cgi->param('malformed-header') == 8) { |
61 print "X-XSS-Protection: 1; mode=block; report=/fail; mode=block;\n"; | 61 print "X-XSS-Protection: 1; mode=block; report=/fail; mode=block;\n"; |
62 } | 62 } |
63 if ($cgi->param('malformed-header') == 9) { | 63 if ($cgi->param('malformed-header') == 9) { |
64 print "X-XSS-Protection: 1; mode=block; report=/fail; report=/fail;\n"; | 64 print "X-XSS-Protection: 1; mode=block; report=/fail; report=/fail;\n"; |
65 } | 65 } |
| 66 if ($cgi->param('malformed-header') == 10) { |
| 67 print "X-XSS-Protection: 0; mode=block\n"; |
| 68 } |
66 } | 69 } |
67 | 70 |
68 if ($cgi->param('csp') eq '_empty_') { | 71 if ($cgi->param('csp') eq '_empty_') { |
69 print "Content-Security-Policy: reflected-xss\n"; | 72 print "Content-Security-Policy: reflected-xss\n"; |
70 } elsif ($cgi->param('csp')) { | 73 } elsif ($cgi->param('csp')) { |
71 print "Content-Security-Policy: reflected-xss " . $cgi->param('csp') . "\n"; | 74 print "Content-Security-Policy: reflected-xss " . $cgi->param('csp') . "\n"; |
72 } | 75 } |
73 | 76 |
74 print "Content-Type: text/html; charset="; | 77 print "Content-Type: text/html; charset="; |
75 print $cgi->param('charset') ? $cgi->param('charset') : "UTF-8"; | 78 print $cgi->param('charset') ? $cgi->param('charset') : "UTF-8"; |
(...skipping 63 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
139 } | 142 } |
140 if ($cgi->param('echo-report')) { | 143 if ($cgi->param('echo-report')) { |
141 print "<script src=/security/contentSecurityPolicy/resources/go-to-echo-repo
rt.js></script>\n"; | 144 print "<script src=/security/contentSecurityPolicy/resources/go-to-echo-repo
rt.js></script>\n"; |
142 } | 145 } |
143 if ($cgi->param('inHead')) { | 146 if ($cgi->param('inHead')) { |
144 print "</head>\n"; | 147 print "</head>\n"; |
145 } else { | 148 } else { |
146 print "</body>\n"; | 149 print "</body>\n"; |
147 } | 150 } |
148 print "</html>\n"; | 151 print "</html>\n"; |
OLD | NEW |