Xss Label Workflow
edge-cases
This workflow models a label that looks like an XSS script.
Full FlowZap Code
laneA { # Lanea
n1: circle label:"Start Xss Label"
n4: rectangle label:"Xss Label step 4"
n7: diamond label:"Xss Label step 7"
n10: circle label:"End Xss Label"
n1.handle(bottom) -> laneB.n2.handle(top) [label="Success"]
n4.handle(bottom) -> laneB.n5.handle(top) [label="Valid"]
n7.handle(bottom) -> laneB.n8.handle(top) [label="Next"]
n7.handle(right) -> laneC.n6.handle(right) [label="Retry/Rejected"]
}
laneB { # Laneb
n2: rectangle label:"<script>alert('xss')</script>"
n5: rectangle label:"Xss Label step 5"
n8: rectangle label:"Xss Label step 8"
n2.handle(bottom) -> laneC.n3.handle(top)
n5.handle(bottom) -> laneC.n6.handle(top)
n8.handle(bottom) -> laneC.n9.handle(top)
}
laneC { # Lanec
n3: rectangle label:"Xss Label step 3"
n6: rectangle label:"Xss Label step 6"
n9: rectangle label:"Xss Label step 9"
n3.handle(bottom) -> laneA.n4.handle(top)
n6.handle(bottom) -> laneA.n7.handle(top)
n9.handle(bottom) -> laneA.n10.handle(top)
}Related templates
Label Escaping Workflow
edge-cases
This workflow models labels containing quotes and special characters.
Sql Injection Label Workflow
edge-cases
This workflow models a label that looks like an SQL injection attempt.