COMMAND（xssnude）

xssnude(USP)

Name

xssnude : replaces special characters with entity references.

Synopsis

Usage : xssnude [option] <file>

Option : --number

--name

--space

--del

--limited

Version : Wed Nov 11 10:31:19 JST 2020

Description

To prevent cross-site scripting escape string in <file> mainly coming from the Web to be harmless.

Note that (WS) means a white space in the following.

Example 1

Set --number to replace ASCII characters with entity numbers.

$ cat file

$ xssnude --number file

Symbols will be replaced with entity numbers as below.

→ 9

\n → 10

\r → 13

(WS) → 32

! → 33

" → 34

# → 35

$ → 36

% → 37

& → 38

' → 39

( → 40

) → 41

* → 42

+ → 43

, → 44

- → 45

. → 46

/ → 47

: → 58

; → 59

< → 60

= → 61

> → 62

? → 63

@ → 64

Example 2

Set --name to replace ASCII characters with entity names.

$ cat file

$ xssnude --name file

Symbols will be replaced too entity names as below.

< → <

> → >

& → &

" → "

(WS) →  

Example 3

Set --space to replace ASCII symbols into white spaces.

$ cat file

$ xssnude --space file

script alert hoge script

Example 4

Set --del to remove ASCII symbols.

$ cat file

$ xssnude --del file

scriptalerthogescript

Example 5

Set --limited for specific symbols below frequently used for attacking to be replaced.

< > & " (WS)

--limited is used cooperatively with other options/.

$ cat file

$ xssnude --limited --number file

$ cat file

$ xssnude --limited --name file

$ cat file

$ xssnude --limited --space file

script alert( hoge ) /script

$ cat file

$ xssnude --limited --del file

scriptalert(hoge)/script