The Perl Toolchain Summit needs more sponsors. If your company depends on Perl, please support this very important event.

NAME

HTML::Form::XSS - Test HTML forms for cross site scripting vulnerabilities.

SYNOPSIS

        use HTML::Form::XSS;
        use WWW::Mechanize;
        my $mech = WWW::Mechanize->new();
        my $checker = HTML::Form::XSS->new($mech, config => '../root/config.xml');
        $mech->get("http://www.site.com/pagewithform.html");
        my @forms = $mech->forms();
        foreach my $form (@forms){
                my @results = $checker->do_audit($form);
                foreach my $result (@results){
                        if($result->vulnerable()){
                                my $example = $result->example();
                                print "Example of vulnerable URL: $example\n";
                                last;
                        }
                }
        }

DESCRIPTION

Provides a simple way to test HTML forms for cross site scripting (XSS) vulnerabilities.

Checks to perform are given in a XML config file with the results of each test returned.

METHODS

new()

        my $mech = WWW::Mechanize->new();
        my $checker = HTML::Form::XSS->new($mech, config => '../root/config.xml');

Creates a new HTML::Form::XSS object using two required parameters. Firstly a <WWW::Mechanize> or compatible object, secondly the path to the XML config file.

Please see the example config.xml included in this distribution for details.

do_audit()

        my @results = $checker->do_audit($form);

Using the provided <HTML::Form> object the form is tested for all the XSS attacks in the XML config file.

An array of <HTML::Form::XSS::Result> objects are returned, one for each check.

SEE ALSO

WWW::Mechanize, HTML::Form, HTML::XSSLint

AUTHOR

MacGyveR <dumb@cpan.org>

Development questions, bug reports, and patches are welcome to the above address

COPYRIGHT

Copyright (c) 2016 MacGyveR. All rights reserved.

This library is free software; you can redistribute it and/or modify it under the same terms as Perl itself.