2 KiB
xssbook
description
who doesn't want to run non free javascript
now with xssbook you can run as much stallman disapprovement as you want
- all inputs on the site are unfiltered
- api calls dont care what you send them as long as they are valid strings
- /console page to see everyones amazing api calls
- /admin page for adnim things
installation
The project is written in rust, so you can build it by running
cargo build --release
Next, make sure where you are runing the binary from, that you copy the sources public folder to the same directory. The public folder is needed to server html, css, js, and font files.
Next, the /admin page is protected by a set secret. By default this is set to admin, but you should change it by setting the SECRET environment variable.
Finally, the site runs on port 8080, so its recommended you put it behind a reverse proxy, or you could use a docker container and remap the outsite port (see below).
docker
If you want to run it in a docker container a premade dockerfile is here for you
docker build -f deployments/docker/Dockerfile -t xssbook .
There is also a docker-compose.yml file for your reference in the /deployments/docker folder.
The one thing about the docker container is you have to mount the volume
-v [your directory]/xssbook.db:/data/xssbook.db
to make the database persistant. Finally, before running the container run
touch [your directory]/xssbook.db
since docker will create a folder there otherwise and it won't work.
reverse proxy
Finally if you are using docker by itself, a reverse proxy, or both, the ip send to the container likily will not be the correct ip. xssbook looks for headers x-forwarded-for, x-real-ip, and forwarded to check for proxies. So make sure to have those headers set. Or if your running just docker, you could also run the docker container on the host network instead of on the bridge network.
license
This amazing project is licensed under the WTFPL