Skip to content

corematter/Adbusters

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

90 Commits

templates

templates

 
 

adbusters.php

adbusters.php

 
 

index.php

index.php

 
 

license.txt

license.txt

 
 

readme.md

readme.md

 
 

readme.txt

readme.txt

 
 

Repository files navigation

Adbusters for WordPress

A WordPress plugin that loads a set of iframe busters for popular ad networks.

Have you found a bug, or have a feature request? Github pull requests are warmly received. :)

Guidelines for iFrame Busters

The following are common XSS vulnerabilities found in iFrame busters.

  1. Unescaped URL parameter values
  2. Parameters that accept any domain

Unescaped URL parameter values

Special characters should be removed or converted into their equivalent HTML/hex entity. The characters in the following table can be used to write malicious code on the page.

example.com/iframebuster.html?parameter="></script><script>alert('XSS')</script>

Character => HTML Entity
    &     =>    &amp;   
    <     =>    &lt;    
    >     =>    &gt;    
    "     =>    &quot;  
    '     =>    &#x27;  
    /     =>    &#x2F;

Parameters that accept any domain

When passing a domain as a parameter to write a script tag onto the page, it should be restricted to an approved domain(s).

example.com/iframebuster.html?server=evildomain.com

Examples of Safe iFrame Busters

XSS Attack Prevention Guidelines

Further guidelines can be found at ha.ckers.org/xss.html, which covers the above rules as well as many others.

About

A WordPress plugin that loads a set of iframe busters for popular ad networks

automattic.com

Resources

Readme

License

GPL-3.0 license
Activity

Stars

0 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • HTML 78.3%
  • PHP 18.8%
  • JavaScript 2.9%