Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/automattic/adbusters

A WordPress plugin that loads a set of iframe busters for popular ad networks
https://github.com/automattic/adbusters

wordpress wordpress-plugin wpvip-plugin

Last synced: about 1 month ago
JSON representation

A WordPress plugin that loads a set of iframe busters for popular ad networks

Host: GitHub
URL: https://github.com/automattic/adbusters
Owner: Automattic
License: gpl-3.0
Created: 2013-10-29T11:32:57.000Z (about 11 years ago)
Default Branch: main
Last Pushed: 2023-08-27T16:14:14.000Z (about 1 year ago)
Last Synced: 2024-10-07T11:17:23.421Z (about 1 month ago)
Topics: wordpress, wordpress-plugin, wpvip-plugin
Language: HTML
Homepage: http://wordpress.org/plugins/adbusters
Size: 137 KB
Stars: 29
Watchers: 120
Forks: 24
Open Issues: 11
Metadata Files:
- Readme: readme.md
- License: license.txt

Awesome Lists containing this project

README

        [![Run PHPUnit and PHPCS](https://github.com/Automattic/Adbusters/actions/workflows/integrate.yml/badge.svg)](https://github.com/Automattic/Adbusters/actions/workflows/integrate.yml)

# Adbusters for WordPress

A WordPress plugin that loads a set of iframe busters for popular ad networks.

 

* [Download the plugin from WordPress.org](http://wordpress.org/plugins/adbusters).

Have you found a bug, or have a feature request? Github pull requests are warmly received. :)

## Guidelines for iFrame Busters

The following are common XSS vulnerabilities found in iFrame busters.

1. Unescaped URL parameter values

2. Parameters that accept any domain

## Unescaped URL parameter values

Special characters should be removed or converted into their equivalent HTML/hex entity. The characters in the following table can be used to write malicious code on the page.

`example.com/iframebuster.html?parameter=">alert('XSS')`

	Character => HTML Entity

	    &     =>    &   

	    <     =>    <    

	    >     =>    >    

	    "     =>    "  

	    '     =>    '  

	    /     =>    /  

## Parameters that accept any domain

When passing a domain as a parameter to write a script tag onto the page, it should be restricted to an approved domain(s). 

`example.com/iframebuster.html?server=evildomain.com`

## Examples of Safe iFrame Busters

* [DARTIframe.html](https://github.com/Automattic/Adbusters/blob/master/templates/doubleclick/DARTIframe.html)

* [ifr_b.html](https://github.com/Automattic/Adbusters/blob/master/templates/adcentric/ifr_b.html)

* [Pictela_iframeproxy.html](https://github.com/Automattic/Adbusters/blob/master/templates/pictela/Pictela_iframeproxy.html)

## XSS Attack Prevention Guidelines

Further guidelines can be found at [ha.ckers.org/xss.html](http://ha.ckers.org/xss.html), which covers the above rules as well as many others.