fanbinit/rhymix
1
0
Fork 0
mirror of https://github.com/Lastorder-DC/rhymix.git synced 2026-05-03 17:22:20 +09:00
Code Issues Projects Releases Packages Wiki Activity

Move upload file filter to Rhymix Framework and add proper unit tests for SVG-based attacks

Browse source
This commit is contained in:
Kijin Sung 2018-10-18 14:34:19 +09:00
parent af64ae79c1
commit e98cf03d95
6 changed files with 250 additions and 126 deletions
Download patch file Download diff file Expand all files Collapse all files

5
tests/_data/security/ssrf.svg Normal file
View file

@ -0,0 +1,5 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<svg xmlns:svg="http://www.w3.org/2000/svg" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" width="200" height="200">
<image height="30" width="30" xlink:href="/lib/plymouth/ubuntu_logo.png" />
<text x="0" y="20" font-size="20">test</text>
</svg>
Side by side

After

Width:  |  Height:  |  Size: 331 B