Skip to content

Commit

Permalink
Bump to v0.3.0
Browse files Browse the repository at this point in the history
  • Loading branch information
@samiahmedsiddiqui
samiahmedsiddiqui committed Mar 15, 2019
1 parent 8ef9330 commit 8b68ed7
Show file tree
Hide file tree
Showing 8 changed files with 28 additions and 5 deletions.
4 changes: 3 additions & 1 deletion README.md
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,8 @@
# Prevent XSS Vulnerability

Check the URL and redirects it if you enabled the `Enable Blocking` option and URL contains any Vulnerable code in it. It only block some parameters which are not allowed in URL and shown [here](#block-parameters).
This plugin provides the functionality for `Reflected XSS` and `Self-XSS` in `WordPress`.

For Reflected XSS, it checks the URL and redirects it if you enabled the `Enable Blocking` option and URL contains any Vulnerable code in it. It only block some parameters which are not allowed in URL and shown [here](#block-parameters). You can skip some of the parameters from it if you still like them to be used.

To provide more security, `Prevent XSS Vulnerability` also escape the HTML in the `$_GET` parameter which is commonly used to get parameters in PHP from the URL and print them in the HTML. This way, HTML properties will not work if anyone provided it in the URL.

Expand Down
Binary file added assets/screenshot-1.png
View file
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added assets/screenshot-2.png
View file
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added assets/screenshot-3.png
View file
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added assets/screenshot-4.png
View file
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added assets/screenshot-5.png
View file
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
4 changes: 2 additions & 2 deletions prevent-xss-vulnerability.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@
* Plugin Name: Prevent XSS Vulnerability
* Plugin URI: https://wordpress.org/plugins/prevent-xss-vulnerability/
* Description: Secure your site from the XSS Attack.
* Version: 0.2.1
* Version: 0.3.0
* Author: Sami Ahmed Siddiqui
* Author URI: https://www.yasglobal.com/web-design-development/wordpress/prevent-xss-vulnerability/
* License: GPLv3
Expand Down Expand Up @@ -61,7 +61,7 @@ private function setup_constants() {
define( 'PREVENT_XSS_VULNERABILITY_FILE', __FILE__ );
}
if ( ! defined( 'PREVENT_XSS_VULNERABILITY_PLUGIN_VERSION' ) ) {
define( 'PREVENT_XSS_VULNERABILITY_PLUGIN_VERSION', '0.2.1' );
define( 'PREVENT_XSS_VULNERABILITY_PLUGIN_VERSION', '0.3.0' );
}
if ( ! defined( 'PREVENT_XSS_VULNERABILITY_PATH' ) ) {
define( 'PREVENT_XSS_VULNERABILITY_PATH', plugin_dir_path( PREVENT_XSS_VULNERABILITY_FILE ) );
Expand Down
25 changes: 23 additions & 2 deletions readme.txt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,15 +3,17 @@ Contributors: sasiddiqui
Tags: attack, cross-site scripting, security, vulnerability, xss
Requires at least: 3.5
Tested up to: 5.0
Stable tag: 0.2.1
Stable tag: 0.3.0
License: GPLv3
License URI: https://www.gnu.org/licenses/gpl-3.0.html

Protect your site from the XSS Attack.

== Description ==

Check the URL and redirects it if you enabled the `Enable Blocking` option and URL contains any Vulnerable code in it. It only block some parameters which are not allowed in URL and shown below in Block Parameters.
This plugin provides the functionality for `Reflected XSS` and `Self-XSS`.

For Reflected XSS, it checks the URL and redirects it if you enabled the `Enable Blocking` option and URL contains any Vulnerable code in it. It only block some parameters which are not allowed in URL and shown Block Parameters section. You can skip some of the parameters from it if you still like them to be used.

To provide more security, `Prevent XSS Vulnerability` also escape the HTML in the `$_GET` parameter which is commonly used to get parameters in PHP from the URL and print them in the HTML. This way, HTML properties will not work if anyone provided it in the URL.

Expand Down Expand Up @@ -81,6 +83,18 @@ This process defines you the steps to follow either you are installing through W
2. Make the changes as per your site functionality
3. You're done!

== Screenshots ==

* It removes the parameters from the URL which are used in XSS Attack and redirects the user (Recommended).

* It encodes the parameters from the URL which are used in XSS Attack.

* It escapes the HTML from the `$_GET` PHP variable which is mostly used to read the data from the URL (Recommended).

* Add the message in developer console for the user to alert about the XSS attack.

* Show message in developer console to alert user about the Self-XSS attack. This meesage can be customized from the settings page.

== Frequently Asked Questions ==

= Q. Why should I install this plugin? =
Expand All @@ -94,6 +108,13 @@ A. No, this plugin doesn't have any conflict with any plugin.

== Changelog ==

= 0.3.0 - Mar 14, 19 =

* Enhancements
* Added Seld-XSS Functionality
* Bugs
* Fixed wrong protocol issue on redirecting URL

= 0.2.1 - Feb 27, 19 =

* Bugs
Expand Down

0 comments on commit 8b68ed7

Please sign in to comment.