Commit 4037829

committed

fix xss checks

1 parent e817a65 commit 4037829Copy full SHA for 4037829

File tree

1 file changed

-3

lines changed

Threat-Protection
- XSS.yml

1 file changed

-3

lines changed

`‎Threat-Protection/XSS.yml‎`

Lines changed: 3 additions & 3 deletions

Original file line number	Diff line number	Diff line change
`@@ -3,13 +3,13 @@ filter:`
`3`	`3`	`or:`
`4`	`4`	`- request_payload:`
`5`	`5`	`regex:`
`6`		- - "(?i)(?:<\|%3[cC]\|&#x03[cC];\|&#060;)[^>\\n]{0,250}?\\s+on[a-z0-9._-]{2,30}\\s=\|<\\s(?:script\|object\|embed\|svg\|meta(?=[^>]http-equiv\\s=\\s[\"']?refresh)\|iframe(?=[^>]\\bsrc\\s=\\s(?:[\"'])?\\s(?:javascript:\|data:))\|link(?=[^>]\\bhref\\s=\\s(?:[\"'])?\\sdata:text/html))\\b[^>]>\|style\\s=\\s[\"'][^\"'>]\\b(?:expression\|url\\s\\(\\s['\"]?\\sjavascript:)[^\"'>][\"']?\|<\\sstyle\\b[^>]\\b(?:expression\|url\\s\\(\\s['\"]?\\sjavascript:)\|<script[^>]\\bsrc\\s=\\s([\"'])?data:\|\\b(?:href\|src)\\s=\\s(?:[\"'])?\\sjavascript:\\s(?!;\|void\\s\\(\\s0\\s\\)\|void\\s0\\b)\|\\bdata:text/html\|[\"'\\-\\\\\\s;\\(](?:alert\\s\\(\|prompt\\s\\(\|confirm\\s\\(\|eval\\s\\()[\"'\\-\\\\\\s;\\(]\|document\\.(?:cookie\|domain)\|location\\.href\|window\\.location\|(?:&#x03c;\|&#0*60;)"
	`6`	+ - "(?i)(?:<\|%3[cC]\|&#x03[cC];\|&#060;)[^>\\n]{0,250}?\\s+on[a-z0-9._-]{2,30}\\s=\|<\\s(?:script\|embed\|svg\|meta(?=[^>]http-equiv\\s=\\s[\"']?refresh)\|iframe(?=[^>]\\bsrc\\s=\\s(?:[\"'])?\\s(?:javascript:\|data:))\|link(?=[^>]\\bhref\\s=\\s(?:[\"'])?\\sdata:text/html))\\b[^>]>\|style\\s=\\s[\"'][^\"'>]\\b(?:expression\|url\\s\\(\\s['\"]?\\sjavascript:)[^\"'>][\"']?\|<\\sstyle\\b[^>]\\b(?:expression\|url\\s\\(\\s['\"]?\\sjavascript:)\|<script[^>]\\bsrc\\s=\\s([\"'])?data:\|\\b(?:href\|src)\\s=\\s(?:[\"'])?\\sjavascript:\\s(?!;\|void\\s\\(\\s0\\s\\)\|void\\s0\\b)\|\\bdata:text/html\|[\"'\\-\\\\\\s;\\(](?:alert\\s\\(\|prompt\\s\\(\|confirm\\s\\(\|eval\\s\\()[\"'\\-\\\\\\s;\\(]\|document\\.(?:cookie\|domain)\|location\\.href\|window\\.location\|(?:&#x03c;\|&#0*60;)"
`7`	`7`	`- query_param:`
`8`	`8`	`regex:`
`9`		- - "(?i)(?:<\|%3[cC]\|&#x03[cC];\|&#060;)[^>\\n]{0,250}?\\s+on[a-z0-9._-]{2,30}\\s=\|<\\s(?:script\|object\|embed\|svg\|meta(?=[^>]http-equiv\\s=\\s[\"']?refresh)\|iframe(?=[^>]\\bsrc\\s=\\s(?:[\"'])?\\s(?:javascript:\|data:))\|link(?=[^>]\\bhref\\s=\\s(?:[\"'])?\\sdata:text/html))\\b[^>]>\|style\\s=\\s[\"'][^\"'>]\\b(?:expression\|url\\s\\(\\s['\"]?\\sjavascript:)[^\"'>][\"']?\|<\\sstyle\\b[^>]\\b(?:expression\|url\\s\\(\\s['\"]?\\sjavascript:)\|<script[^>]\\bsrc\\s=\\s([\"'])?data:\|\\b(?:href\|src)\\s=\\s(?:[\"'])?\\sjavascript:\\s(?!;\|void\\s\\(\\s0\\s\\)\|void\\s0\\b)\|\\bdata:text/html\|[\"'\\-\\\\\\s;\\(](?:alert\\s\\(\|prompt\\s\\(\|confirm\\s\\(\|eval\\s\\()[\"'\\-\\\\\\s;\\(]\|document\\.(?:cookie\|domain)\|location\\.href\|window\\.location\|(?:&#x03c;\|&#0*60;)"
	`9`	+ - "(?i)(?:<\|%3[cC]\|&#x03[cC];\|&#060;)[^>\\n]{0,250}?\\s+on[a-z0-9._-]{2,30}\\s=\|<\\s(?:script\|embed\|svg\|meta(?=[^>]http-equiv\\s=\\s[\"']?refresh)\|iframe(?=[^>]\\bsrc\\s=\\s(?:[\"'])?\\s(?:javascript:\|data:))\|link(?=[^>]\\bhref\\s=\\s(?:[\"'])?\\sdata:text/html))\\b[^>]>\|style\\s=\\s[\"'][^\"'>]\\b(?:expression\|url\\s\\(\\s['\"]?\\sjavascript:)[^\"'>][\"']?\|<\\sstyle\\b[^>]\\b(?:expression\|url\\s\\(\\s['\"]?\\sjavascript:)\|<script[^>]\\bsrc\\s=\\s([\"'])?data:\|\\b(?:href\|src)\\s=\\s(?:[\"'])?\\sjavascript:\\s(?!;\|void\\s\\(\\s0\\s\\)\|void\\s0\\b)\|\\bdata:text/html\|[\"'\\-\\\\\\s;\\(](?:alert\\s\\(\|prompt\\s\\(\|confirm\\s\\(\|eval\\s\\()[\"'\\-\\\\\\s;\\(]\|document\\.(?:cookie\|domain)\|location\\.href\|window\\.location\|(?:&#x03c;\|&#0*60;)"
`10`	`10`	`- request_headers:`
`11`	`11`	`regex:`
`12`		- - "(?i)(?:<\|%3[cC]\|&#x03[cC];\|&#060;)[^>\\n]{0,250}?\\s+on[a-z0-9._-]{2,30}\\s=\|<\\s(?:script\|object\|embed\|svg\|meta(?=[^>]http-equiv\\s=\\s[\"']?refresh)\|iframe(?=[^>]\\bsrc\\s=\\s(?:[\"'])?\\s(?:javascript:\|data:))\|link(?=[^>]\\bhref\\s=\\s(?:[\"'])?\\sdata:text/html))\\b[^>]>\|style\\s=\\s[\"'][^\"'>]\\b(?:expression\|url\\s\\(\\s['\"]?\\sjavascript:)[^\"'>][\"']?\|<\\sstyle\\b[^>]\\b(?:expression\|url\\s\\(\\s['\"]?\\sjavascript:)\|<script[^>]\\bsrc\\s=\\s([\"'])?data:\|\\b(?:href\|src)\\s=\\s(?:[\"'])?\\sjavascript:\\s(?!;\|void\\s\\(\\s0\\s\\)\|void\\s0\\b)\|\\bdata:text/html\|[\"'\\-\\\\\\s;\\(](?:alert\\s\\(\|prompt\\s\\(\|confirm\\s\\(\|eval\\s\\()[\"'\\-\\\\\\s;\\(]\|document\\.(?:cookie\|domain)\|location\\.href\|window\\.location\|(?:&#x03c;\|&#0*60;)"
	`12`	+ - "(?i)(?:<\|%3[cC]\|&#x03[cC];\|&#060;)[^>\\n]{0,250}?\\s+on[a-z0-9._-]{2,30}\\s=\|<\\s(?:script\|embed\|svg\|meta(?=[^>]http-equiv\\s=\\s[\"']?refresh)\|iframe(?=[^>]\\bsrc\\s=\\s(?:[\"'])?\\s(?:javascript:\|data:))\|link(?=[^>]\\bhref\\s=\\s(?:[\"'])?\\sdata:text/html))\\b[^>]>\|style\\s=\\s[\"'][^\"'>]\\b(?:expression\|url\\s\\(\\s['\"]?\\sjavascript:)[^\"'>][\"']?\|<\\sstyle\\b[^>]\\b(?:expression\|url\\s\\(\\s['\"]?\\sjavascript:)\|<script[^>]\\bsrc\\s=\\s([\"'])?data:\|\\b(?:href\|src)\\s=\\s(?:[\"'])?\\sjavascript:\\s(?!;\|void\\s\\(\\s0\\s\\)\|void\\s0\\b)\|\\bdata:text/html\|[\"'\\-\\\\\\s;\\(](?:alert\\s\\(\|prompt\\s\\(\|confirm\\s\\(\|eval\\s\\()[\"'\\-\\\\\\s;\\(]\|document\\.(?:cookie\|domain)\|location\\.href\|window\\.location\|(?:&#x03c;\|&#0*60;)"
`13`	`13`
`14`	`14`	`info:`
`15`	`15`	`name: "XSS"`

0 commit comments

Comments

(0)

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commit 4037829

File tree

1 file changed

1 file changed

`‎Threat-Protection/XSS.yml‎`

0 commit comments