Skip to content

Commit

Permalink
HTML meta refresh handling improvement
Browse files Browse the repository at this point in the history
  • Loading branch information
@buffer
buffer committed Nov 16, 2022
1 parent 167fa76 commit caf9e3b
Show file tree
Hide file tree
Showing 2 changed files with 4 additions and 1 deletion.
2 changes: 1 addition & 1 deletion tests/samples/misc/meta_refresh.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@
<meta http-equiv="refresh" />
<meta http-equiv="refresh" content="" />
<meta http-equiv="refresh" content="0;URL='data:text/html,<script>alert(alert);</script>'" />
<meta http-equiv="refresh" content="0;URL='https://buffer.github.io/thug/'" />
<meta http-equiv="refresh" content="0;URL=\'https://buffer.github.io/thug/\'" />
</head>
<body>
Test
Expand Down
3 changes: 3 additions & 0 deletions thug/DOM/DFT.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1062,6 +1062,9 @@ def handle_meta_refresh(self, http_equiv, content):
if url.startswith("'") and url.endswith("'"):
url = url[1:-1]

if url.startswith("\\'") and url.endswith("\\'"):
url = url[2:-2]

if url in log.ThugLogging.meta and log.ThugLogging.meta[url] >= 3:
return # pragma: no cover

Expand Down

0 comments on commit caf9e3b

Please sign in to comment.