-
Notifications
You must be signed in to change notification settings - Fork 1
Expand file tree
/
Copy pathutf8_js_seperators.py
More file actions
executable file
·95 lines (92 loc) · 3.31 KB
/
utf8_js_seperators.py
File metadata and controls
executable file
·95 lines (92 loc) · 3.31 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
#!/usr/bin/env python
from pjsfuzz import pjsfuzz
pjs = pjsfuzz("utf8_js_seperators", debug=False)
pjs.desc = "Test which characters are allowed between js functions"
for i in range(0x00, 0xff):
pjs.log(">","gen unicode %x00-%xff" % (i,i))
scripts = ""
pjs.init_template()
testcases=[]
for j in range(0x00, 0xff):
unic = (i<<8)+j
# ignore standard ascii stuff
if unic<0x7f:
continue
testcases.append("<script>\nconsole.log(%stestcase 0: %s');\n</script>" % (unichr(unic), hex(unic)))
testcases.append("<script>\nconsole.log('testcase 1: %s%s);\n</script>" % (hex(unic), unichr(unic)))
testcases.append("<script>\nconsole.log(%stestcase 2: %s\");\n</script>" % (unichr(unic), hex(unic)))
testcases.append("<script>\nconsole.log(\"testcase 3: %s%s);\n</script>" % (hex(unic), unichr(unic)))
testcases.append("<script>\nconsole.log(%stestcase 4: %s%s);\n</script>" % (unichr(unic), hex(unic), unichr(unic)))
testcases.append("<script>\nconsole.log%s'testcase 5: %s'%s;\n</script>" % (unichr(unic), hex(unic), unichr(unic)))
testcases.append("<script>\nconsole.log('testcase 6: %s%s);\n</script>" % (hex(unic), unichr(unic)))
testcases.append("<script>\nconsole.log%s'testcase 7: %s');\n</script>" % (unichr(unic), hex(unic)))
testcases.append("<script>\nconsole.log%s('testcase 8: %s');\n</script>" % (unichr(unic), hex(unic)))
testcases.append("<script>\nconsole.%slog('testcase 9: %s');\n</script>" % (unichr(unic), hex(unic)))
testcases.append("<script>\nconsole%s.log('testcase 10: %s');\n</script>" % (unichr(unic), hex(unic)))
testcases.append("<script>\nconsole.log('testcase 11: %s');%sasd!@#$</script>" % (unichr(unic), hex(unic)))
for testcase in testcases:
scripts+="%s\n" % testcase
name = "%x00-%xff" % (i,i)
pjs.template['attributes']['body'] = "%s\n\n%s" % (scripts, name)
pjs.write_html()
pjs.done()
"""
results:
> testcase 8: 0xa0 | <script>\nconsole.log\u00a0('executed');\n</script>
> testcase 8: 0x1680
> testcase 8: 0x180e
> testcase 8: 0x2000
> testcase 8: 0x2001
> testcase 8: 0x2002
> testcase 8: 0x2003
> testcase 8: 0x2004
> testcase 8: 0x2005
> testcase 8: 0x2006
> testcase 8: 0x2007
> testcase 8: 0x2008
> testcase 8: 0x2009
> testcase 8: 0x200a
> testcase 8: 0x2028
> testcase 8: 0x2029
> testcase 8: 0x202f
> testcase 8: 0x205f
> testcase 8: 0x3000
> testcase 9: 0xa0 | <script>\nconsole.\u00a0log('executed');\n</script>
> testcase 9: 0x1680
> testcase 9: 0x180e
> testcase 9: 0x2000
> testcase 9: 0x2001
> testcase 9: 0x2002
> testcase 9: 0x2003
> testcase 9: 0x2004
> testcase 9: 0x2005
> testcase 9: 0x2006
> testcase 9: 0x2007
> testcase 9: 0x2008
> testcase 9: 0x2009
> testcase 9: 0x200a
> testcase 9: 0x2028
> testcase 9: 0x2029
> testcase 9: 0x202f
> testcase 9: 0x205f
> testcase 9: 0x3000
> testcase 10: 0xa0 | <script>\nconsole\u00a0.log('executed');\n</script>
> testcase 10: 0x1680
> testcase 10: 0x180e
> testcase 10: 0x2000
> testcase 10: 0x2001
> testcase 10: 0x2002
> testcase 10: 0x2003
> testcase 10: 0x2004
> testcase 10: 0x2005
> testcase 10: 0x2006
> testcase 10: 0x2007
> testcase 10: 0x2008
> testcase 10: 0x2009
> testcase 10: 0x200a
> testcase 10: 0x2028
> testcase 10: 0x2029
> testcase 10: 0x202f
> testcase 10: 0x205f
> testcase 10: 0x3000
"""