MacGyveR > HTML-Form-XSS-0.3 > HTML::Form::XSS

Download:
HTML-Form-XSS/HTML-Form-XSS-0.3.tar.gz

Dependencies

Annotate this POD

View/Report Bugs
Module Version: 0.3   Source   Latest Release: HTML-Form-XSS-0.33

NAME ^

HTML::Form::XSS - Test HTML forms for cross site scripting vulnerabilities.

SYNOPSIS ^

        use HTML::Form::XSS;
        use WWW::Mechanize;
        my $mech = WWW::Mechanize->new();
        my $checker = HTML::Form::XSS->new($mech, config => '../root/config.xml');
        $mech->get("http://www.site.com/pagewithform.html");
        my @forms = $mech->forms();
        foreach my $form (@forms){
                my @results = $checker->do_audit($form);
                foreach my $result (@results){
                        if($result->vulnerable()){
                                my $example = $result->example();
                                print "Example of vulnerable URL: $example\n";
                                last;
                        }
                }
        }

DESCRIPTION ^

Provides a simple way to test HTML forms for cross site scripting (XSS) vulnerabilities.

Checks to perform are given in a XML config file with the results of each test returned.

METHODS ^

new()

        my $mech = WWW::Mechanize->new();
        my $checker = HTML::Form::XSS->new($mech, config => '../root/config.xml');

Creates a new HTML::Form::XSS object using two required parameters. Firstly a <WWW::Mechanize> or compatible object, secondly the path to the XML config file.

Please see the example config.xml included in this distribution for details.

do_audit()

        my @results = $checker->do_audit($form);

Using the provided <HTML::Form> object the form is tested for all the XSS attacks in the XML config file.

An array of <HTML::Form::XSS::Result> objects are returned, one for each check.

SEE ALSO ^

WWW::Mechanize, HTML::Form, HTML::XSSLint

AUTHOR ^

MacGyveR <dumb@cpan.org>

Development questions, bug reports, and patches are welcome to the above address

COPYRIGHT ^

Copyright (c) 2009 MacGyveR. All rights reserved.

This library is free software; you can redistribute it and/or modify it under the same terms as Perl itself.

syntax highlighting: