NAME

HTML::Form::XSS - Test HTML forms for cross site scripting vulnerabilities.

SYNOPSIS

use HTML::Form::XSS;
use WWW::Mechanize;
my $mech = WWW::Mechanize->new();
my $checker = HTML::Form::XSS->new($mech, config => '../root/config.xml');
$mech->get("http://www.site.com/pagewithform.html");
my @forms = $mech->forms();
foreach my $form (@forms){
	my @results = $checker->do_audit($form);
	foreach my $result (@results){
		if($result->vulnerable()){
			my $example = $result->example();
			print "Example of vulnerable URL: $example\n";
			last;
		}
	}
}

DESCRIPTION

Provides a simple way to test HTML forms for cross site scripting (XSS) vulnerabilities.

Checks to perform are given in a XML config file with the results of each test returned.

METHODS

new()

my $mech = WWW::Mechanize->new();
my $checker = HTML::Form::XSS->new($mech, config => '../root/config.xml');

Creates a new HTML::Form::XSS object using two required parameters. Firstly a <WWW::Mechanize> or compatible object, secondly the path to the XML config file.

Please see the example config.xml included in this distribution for details.

do_audit()

my @results = $checker->do_audit($form);

Using the provided <HTML::Form> object the form is tested for all the XSS attacks in the XML config file.

An array of <HTML::Form::XSS::Result> objects are returned, one for each check.

SEE ALSO

WWW::Mechanize, HTML::Form, HTML::XSSLint

AUTHOR

MacGyveR <dumb@cpan.org>

Development questions, bug reports, and patches are welcome to the above address

COPYRIGHT

Copyright (c) 2009 MacGyveR. All rights reserved.

This library is free software; you can redistribute it and/or modify it under the same terms as Perl itself.