-
Notifications
You must be signed in to change notification settings - Fork 6
/
Copy pathdomfuzz.js
40 lines (26 loc) · 1.25 KB
/
domfuzz.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
var xmldb = require('./xmldb.js')
var cssdb = require('./cssdb.js')
function rint(upto){return Math.floor(Math.random()*upto)}
function ra(a){return a[rint(a.length)]}
function generateFuzzScript(){
var SCRIPT ='\nfunction testCss(){\n'
SCRIPT += 'try{window.getComputedStyle(document.childNodes[5],null);}catch(e){}\n'
SCRIPT += 'try{test = document.childNodes[2];}catch(e){}\n'
SCRIPT += 'try{test.parentNode.removeChild(test);}catch(e){}\n'
SCRIPT += 'try{window.getComputedStyle(document.childNodes[4],null);}catch(e){}\n'
SCRIPT += 'try{document.body.innerHTML="";}catch(e){}\n';
SCRIPT += 'try{document.body.innerHTML =atob("'+ra(xmldb.xmldb)+'");}catch(e){}\n'
for(i=0;i<5;i++)
SCRIPT += 'try{document.body.innerHTML += atob("'+ra(xmldb.xmldb)+'");}catch(e){}\n'
SCRIPT += 'try{var style = document.getElementById("s");\n'
SCRIPT += 'style.textContent = atob("'+ra(cssdb.cssdb)+'");\n'
for(i=0;i<5;i++)
SCRIPT += 'style.textContent += atob("'+ra(cssdb.cssdb)+'");\n'
SCRIPT += '}catch(e){}\n'
SCRIPT += 'try{window.getComputedStyle(document.childNodes[5],null);}catch(e){}\n'
SCRIPT += '}\n'
SCRIPT += 'window.onload=testCss;\n';
return SCRIPT
}
//console.log(generateFuzzScript())
module.exports.generateFuzzScript = generateFuzzScript