fluidasserts.lang.html module

This module allows to check HTML vulnerabilities.

fluidasserts.lang.html.has_not_autocomplete(filename)

Check if input or form tags have autocomplete attribute set to off.

It’s known that form tags may have the autocomplete attribute set to on and specific input tags have it set to off. However, this check enforces a defensive and explicit approach, forcing every input and form tag to have the autocomplete attribute set to off in order to mark the result as CLOSED.

Parameters

filename (str) – Path to the HTML source.

Returns

True if ALL tags form and input have attribute autocomplete set to off (on is de default value), False otherwise.

Return type

fluidasserts.Result

fluidasserts.lang.html.has_not_subresource_integrity(path)

Check if elements fetched by the provided HTML have SRI.

See: Documentation.

Parameters

path (str) – Path to the HTML source.

Return type

fluidasserts.Result

fluidasserts.lang.html.has_reverse_tabnabbing(path)

Check if an HTML file has links vulnerable to a reverse tabnabbing.

Parameters

path (str) – Path to the HTML source.

Return type

fluidasserts.Result

fluidasserts.lang.html.is_cacheable(filename)

Check if cache is possible.

Verifies if the file has the tags::

<META HTTP-EQUIV=”Pragma” CONTENT=”no-cache”> and <META HTTP-EQUIV=”Expires” CONTENT=”-1”>

Parameters

filename (str) – Path to the HTML source.

Returns

True if tag meta have attributes http-equiv and content set as specified, False otherwise.

Return type

fluidasserts.Result

fluidasserts.lang.html.is_header_content_type_missing(filename)

Check if Content-Type header is missing.

Verifies if the file has the tags::

<META HTTP-EQUIV=”Content-Type” CONTENT=”no-cache”>

Parameters

filename (str) – Path to the HTML source.

Returns

True if tag meta have attributes http-equiv and content set as specified, False otherwise.

Return type

fluidasserts.Result