xssprotection.module in XSS Protection 7
Module for managing XSS vulnerability.
File
xssprotection.moduleView source
<?php
/**
* @file
* Module for managing XSS vulnerability.
*/
/**
* Implements hook_init().
*/
function xssprotection_init() {
if (variable_get('xssprotection_enabled', 0)) {
$url = strtolower(request_uri());
$xss_checks = array();
$xss_checks = array(
'%3e',
'%3c',
'>',
'<',
'%25',
);
// Event handlers list from https://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers
array_push($xss_checks, 'onmouseover', 'fscommand', 'onabort', 'onactivate', 'onafterprint', 'onafterupdate', 'onbeforeactivate', 'onbeforecopy', 'onbeforecut', 'onbeforedeactivate', 'onbeforeeditfocus', 'onbeforepaste', 'onbeforeprint', 'onbeforeunload', 'onbeforeupdate', 'onbegin', 'onblur', 'onbounce', 'oncellchange', 'onchange', 'onclick', 'oncontextmenu', 'oncontrolselect', 'oncopy', 'oncut', 'ondataavailable', 'ondatasetchanged', 'ondatasetcomplete', 'ondblclick', 'ondeactivate', 'ondrag', 'ondragend', 'ondragleave', 'ondragenter', 'ondragover', 'ondragdrop', 'ondragstart', 'ondrop', 'onend', 'onerror', 'onerrorupdate', 'onfilterchange', 'onfinish', 'onfocus', 'onfocusin', 'onfocusout', 'onhashchange', 'onhelp', 'oninput', 'onkeydown', 'onkeypress', 'onkeyup', 'onlayoutcomplete', 'onload', 'onlosecapture', 'onmediacomplete', 'onmediaerror', 'onmessage', 'onmousedown', 'onmouseenter', 'onmouseleave', 'onmousemove', 'onmouseout', 'onmouseover', 'onmouseup', 'onmousewheel', 'onmove', 'onmoveend', 'onmovestart', 'onoffline', 'ononline', 'onoutofsync', 'onpaste', 'onpause', 'onpopstate', 'onprogress', 'onpropertychange', 'onreadystatechange', 'onredo', 'onrepeat', 'onreset', 'onresize', 'onresizeend', 'onresizestart', 'onresume', 'onreverse', 'onrowsenter', 'onrowexit', 'onrowdelete', 'onrowinserted', 'onscroll', 'onseek', 'onselect', 'onselectionchange', 'onselectstart', 'onstart', 'onstop', 'onstorage', 'onsyncrestored', 'onsubmit', 'ontimeerror', 'ontrackchange', 'onundo', 'onunload', 'onurlflip', 'seeksegmenttime');
foreach ($xss_checks as $xss) {
if (strpos($url, $xss) > 0) {
if ($xssprotection_text = variable_get('xssprotection_text')) {
drupal_set_message(check_plain($xssprotection_text));
}
else {
drupal_set_message(t('Requested page could not be found.'));
}
drupal_goto();
}
}
}
}
/**
* Implements hook_menu().
*/
function xssprotection_menu() {
$items = array();
$items['admin/config/system/xssprotection/settings'] = array(
'title' => 'Administer Vulnerability Blocker',
'description' => 'Configure settings for Vulnerability Blocker.',
'page callback' => 'drupal_get_form',
'page arguments' => array(
'xssprotection_settings_form',
),
'access arguments' => array(
'administer xssprotection',
),
'file' => 'xssprotection.admin.inc',
'type' => MENU_NORMAL_ITEM,
);
return $items;
}
/**
* Implements hook_permission().
*/
function xssprotection_permission() {
$permissions = array();
$permissions['administer xssprotection'] = array(
'title' => t('Administer xssprotection'),
'description' => t('Administer vulnerability blocker settings'),
);
return $permissions;
}
/**
* Implements hook_help().
*/
function xssprotection_help($path, $arg) {
switch ($path) {
case 'admin/help#xssprotection':
$filepath = dirname(__FILE__) . '/README.md';
if (file_exists($filepath)) {
$readme = file_get_contents($filepath);
}
else {
$filepath = dirname(__FILE__) . '/README.txt';
if (file_exists($filepath)) {
$readme = file_get_contents($filepath);
}
}
if (!isset($readme)) {
return NULL;
}
else {
$output = '<pre>' . $readme . '</pre>';
}
return $output;
}
}Functions
Name |
Description |
|---|---|
| xssprotection_help | Implements hook_help(). |
| xssprotection_init | Implements hook_init(). |
| xssprotection_menu | Implements hook_menu(). |
| xssprotection_permission | Implements hook_permission(). |