html标签的属性过滤规则可与通用属性的过滤规则叠加

2015-02-27 11:24:01 +08:00
parent 715e4611ba
commit df7425e1fa
24 changed files with 26 additions and 6 deletions
--- a/XSSAttachs/StyleSheetsParser/bin/Debug/StyleSheetsParser.dll
+++ b/XSSAttachs/StyleSheetsParser/bin/Debug/StyleSheetsParser.dll
--- a/XSSAttachs/StyleSheetsParser/bin/Debug/StyleSheetsParser.pdb
+++ b/XSSAttachs/StyleSheetsParser/bin/Debug/StyleSheetsParser.pdb
--- a/XSSAttachs/StyleSheetsParser/obj/Debug/StyleSheetsParser.csproj.FileListAbsolute.txt
+++ b/XSSAttachs/StyleSheetsParser/obj/Debug/StyleSheetsParser.csproj.FileListAbsolute.txt
@@ -14,6 +14,5 @@ F:\学习\编程类\Web安全技术学习\XSSAttachs\StyleSheetsParser\obj\Debug
 F:\学习\编程类\Web安全技术学习\XSSAttachs\StyleSheetsParser\obj\Debug\StyleSheetsParser.csprojResolveAssemblyReference.cache
 E:\GIT\web-security\XSSAttachs\StyleSheetsParser\bin\Debug\StyleSheetsParser.dll
 E:\GIT\web-security\XSSAttachs\StyleSheetsParser\bin\Debug\StyleSheetsParser.pdb
 E:\GIT\web-security\XSSAttachs\StyleSheetsParser\obj\Debug\StyleSheetsParser.csprojResolveAssemblyReference.cache
 E:\GIT\web-security\XSSAttachs\StyleSheetsParser\obj\Debug\StyleSheetsParser.dll
 E:\GIT\web-security\XSSAttachs\StyleSheetsParser\obj\Debug\StyleSheetsParser.pdb
--- a/XSSAttachs/StyleSheetsParser/obj/Debug/StyleSheetsParser.csprojResolveAssemblyReference.cache
+++ b/XSSAttachs/StyleSheetsParser/obj/Debug/StyleSheetsParser.csprojResolveAssemblyReference.cache
--- a/XSSAttachs/StyleSheetsParser/obj/Debug/StyleSheetsParser.dll
+++ b/XSSAttachs/StyleSheetsParser/obj/Debug/StyleSheetsParser.dll
--- a/XSSAttachs/StyleSheetsParser/obj/Debug/StyleSheetsParser.pdb
+++ b/XSSAttachs/StyleSheetsParser/obj/Debug/StyleSheetsParser.pdb
--- a/XSSAttachs/TestXSSAttacksFilterSite.v12.suo
+++ b/XSSAttachs/TestXSSAttacksFilterSite.v12.suo
--- a/XSSAttachs/TestXSSAttacksFilterSite/bin/StyleSheetsParser.dll
+++ b/XSSAttachs/TestXSSAttacksFilterSite/bin/StyleSheetsParser.dll
--- a/XSSAttachs/TestXSSAttacksFilterSite/bin/StyleSheetsParser.pdb
+++ b/XSSAttachs/TestXSSAttacksFilterSite/bin/StyleSheetsParser.pdb
--- a/XSSAttachs/TestXSSAttacksFilterSite/bin/TestXSSAttacksFilterSite.dll
+++ b/XSSAttachs/TestXSSAttacksFilterSite/bin/TestXSSAttacksFilterSite.dll
--- a/XSSAttachs/TestXSSAttacksFilterSite/bin/TestXSSAttacksFilterSite.pdb
+++ b/XSSAttachs/TestXSSAttacksFilterSite/bin/TestXSSAttacksFilterSite.pdb
--- a/XSSAttachs/TestXSSAttacksFilterSite/bin/XSSAttacksFilter.dll
+++ b/XSSAttachs/TestXSSAttacksFilterSite/bin/XSSAttacksFilter.dll
--- a/XSSAttachs/TestXSSAttacksFilterSite/bin/XSSAttacksFilter.pdb
+++ b/XSSAttachs/TestXSSAttacksFilterSite/bin/XSSAttacksFilter.pdb
--- a/XSSAttachs/TestXSSAttacksFilterSite/obj/Debug/TestXSSAttacksFilterSite.csprojResolveAssemblyReference.cache
+++ b/XSSAttachs/TestXSSAttacksFilterSite/obj/Debug/TestXSSAttacksFilterSite.csprojResolveAssemblyReference.cache
--- a/XSSAttachs/TestXSSAttacksFilterSite/obj/Debug/TestXSSAttacksFilterSite.dll
+++ b/XSSAttachs/TestXSSAttacksFilterSite/obj/Debug/TestXSSAttacksFilterSite.dll
--- a/XSSAttachs/TestXSSAttacksFilterSite/obj/Debug/TestXSSAttacksFilterSite.pdb
+++ b/XSSAttachs/TestXSSAttacksFilterSite/obj/Debug/TestXSSAttacksFilterSite.pdb
--- a/XSSAttachs/XSSAttacksFilters/PolicyHtmlTag.cs
+++ b/XSSAttachs/XSSAttacksFilters/PolicyHtmlTag.cs
@@ -32,13 +32,34 @@ namespace XSSAttacksFilter
            get;
            set;
        }
        string[] MergerArray(string[] First, string[] Second) {
            string[] arr = new string[First.Length + Second.Length];
            First.CopyTo(arr, 0);
            Second.CopyTo(arr, First.Length);
            return arr.Distinct().ToArray();
        }
        void MergerRules(PolicyHtmlAttribute a, string[] AllowedRegExp, string[] AllowedValues)
        {
            if (a == null) return;
            if (AllowedRegExp != null)
            {
                if (a.AllowedRegExp == null) { a.AllowedRegExp = AllowedRegExp; }
                else { a.AllowedRegExp = MergerArray(a.AllowedRegExp, AllowedRegExp); }
            }
            if (AllowedValues != null)
            {
                if (a.AllowedValues == null) { a.AllowedRegExp = AllowedRegExp; }
                else { a.AllowedRegExp = MergerArray(a.AllowedRegExp, AllowedRegExp); }
            }
        }
        public PolicyHtmlAttribute AllowedAttribute(string name)
        {
-            var a = allowedAttributes.ContainsKey(name) ? allowedAttributes[name] : null;
+            PolicyHtmlAttribute a = allowedAttributes.ContainsKey(name) ? allowedAttributes[name] : null,g=Policy.GlobalHtmlAttribute(name),c=Policy.CommonHtmlAttribute(name);
-            if (a == null)
+            if (a == null){a = g;}
-            {
+            else if(g!=null){MergerRules(a, g.AllowedRegExp, g.AllowedValues);}
-                a = Policy.CommonHtmlAttribute(name);// Policy.GlobalHtmlAttribute(name);
+            if (a != null&&c!=null)
-            }
+            {MergerRules(a, c.AllowedRegExp, c.AllowedValues);}
            return a;
        }
--- a/XSSAttachs/XSSAttacksFilters/bin/Debug/StyleSheetsParser.dll
+++ b/XSSAttachs/XSSAttacksFilters/bin/Debug/StyleSheetsParser.dll
--- a/XSSAttachs/XSSAttacksFilters/bin/Debug/StyleSheetsParser.pdb
+++ b/XSSAttachs/XSSAttacksFilters/bin/Debug/StyleSheetsParser.pdb
--- a/XSSAttachs/XSSAttacksFilters/bin/Debug/XSSAttacksFilter.dll
+++ b/XSSAttachs/XSSAttacksFilters/bin/Debug/XSSAttacksFilter.dll
--- a/XSSAttachs/XSSAttacksFilters/bin/Debug/XSSAttacksFilter.pdb
+++ b/XSSAttachs/XSSAttacksFilters/bin/Debug/XSSAttacksFilter.pdb
--- a/XSSAttachs/XSSAttacksFilters/obj/Debug/XSSAttacksFilter.dll
+++ b/XSSAttachs/XSSAttacksFilters/obj/Debug/XSSAttacksFilter.dll
--- a/XSSAttachs/XSSAttacksFilters/obj/Debug/XSSAttacksFilter.pdb
+++ b/XSSAttachs/XSSAttacksFilters/obj/Debug/XSSAttacksFilter.pdb
--- a/XSSAttachs/XSSAttacksFilters/obj/Debug/XSSAttacksFilters.csprojResolveAssemblyReference.cache
+++ b/XSSAttachs/XSSAttacksFilters/obj/Debug/XSSAttacksFilters.csprojResolveAssemblyReference.cache