ztra / ecology · Files

Go to a project
weaver_security_for_xss_rules.xml 1.33 KB
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 
<?xml version="1.0" encoding="UTF-8"?>
<root>
	<xss-filter-list>
		<!--<word>data:.*?base64.*?,</word>-->
		<word>\{toString:alert\}|pholcidCallback|expression(\(|`)(.*?)(\)|`)|\!\[.*?\]</word>
		<word>(\(|`).*?(\)|`)\[['"][a-zA-Z0-9_]+['"]\]</word>
		<word>Scripting\.FileSystemObject</word>
		<word>document\.(cookie|title)|document\[[`'"](cookie|title)[`'"]\]</word>
		<word>prompt(\(|`)*.?(\)|`)|eval(\(|`)|confirm(\(|`)|(alert|propmt)\s*?(\(|`).*?(\)|`)</word>
		<word>document(\.|\[("'`]))(cookie|location|write|getElementById|getElementBy(Tag)?Name(NS)?)</word>
		<word>(setTimeout(\(|`)|setInterval(\(|`)).*?(\)|`)</word>
		<word>vbscript:|["']\s*javascript:\s*(?!(void|openFullWindowForXtable|openhrm)).*?["']</word>
		<word>&lt;/?iframe.*?&gt;</word>
		<word>&lt;script.*?&gt;\s*(?!(initFlashVideo\(\);?)).*?&lt;/script&gt;</word>
		<word>\[['"]location['"]\]|location((\.href|\[['`"]href['`"]\]))?\s*=|window\["location"\]=.*\]</word>
		<word>\-\-&gt;&lt;(['"]|sc).{0,10}|\.\./|\.\.\\|%df</word>
		<word>&lt;svg</word>
		<word>new.{1,5}Function[^a-zA-Z]|@import|\|x=</word>
		<word>\(\[\!\+\!\]\)|"\(\):;|'\(\):;</word>
		<word>&lt;!ENTITY</word>
		<word>(select|union|SLEEP|WAITFOR)(\(|\+|/|--|\*|\[|\{)</word>
		<word>(union|SLEEP|WAITFOR)(\s)</word>
		<word>(union)(\s).*?select</word>
		<word>\\u00[0-7][0-F0-f]</word>
	</xss-filter-list>
</root>