pub struct BracketConfusableTamper;Expand description
Bracket-confusable tamper (XSS).
Replaces ASCII < / > with Unicode confusables that look
like angle brackets to a human reader (and to some HTML
parsers under decoder bugs) but don’t match WAF patterns
keyed on the literal ASCII bytes. Browsers don’t render
these as tags, so the bypass relies on a downstream
normalisation step (server-side reflection that re-encodes
Unicode → ASCII, or a client-side fetch that proxy-strips
Unicode). Useful in combination with html_entity for
stored-XSS through admin panels that round-trip Unicode.
Trait Implementations§
Source§impl TamperStrategy for BracketConfusableTamper
impl TamperStrategy for BracketConfusableTamper
Source§fn description(&self) -> &'static str
fn description(&self) -> &'static str
Returns a description of what this strategy does.
Source§fn tamper(&self, payload: &str, _context: Option<&str>) -> String
fn tamper(&self, payload: &str, _context: Option<&str>) -> String
Transforms the input payload. Read more
Source§fn aggressiveness(&self) -> f64
fn aggressiveness(&self) -> f64
Returns the aggressiveness score (0.0 = mild, 1.0 = extreme).
Auto Trait Implementations§
impl Freeze for BracketConfusableTamper
impl RefUnwindSafe for BracketConfusableTamper
impl Send for BracketConfusableTamper
impl Sync for BracketConfusableTamper
impl Unpin for BracketConfusableTamper
impl UnsafeUnpin for BracketConfusableTamper
impl UnwindSafe for BracketConfusableTamper
Blanket Implementations§
Source§impl<T> BorrowMut<T> for Twhere
T: ?Sized,
impl<T> BorrowMut<T> for Twhere
T: ?Sized,
Source§fn borrow_mut(&mut self) -> &mut T
fn borrow_mut(&mut self) -> &mut T
Mutably borrows from an owned value. Read more