xssbook2/README.md

1.7 KiB

xssbook

description

who doesn't want to run non free javascript

now with xssbook you can run as much stallman disapprovement as you want

  • all inputs on the site are unfiltered
  • api calls dont care what you send them as long as they are valid strings
  • upload anyfiles to be your profile avatar and banner (even adobe flash!!!)

installation

To get the checkout run:

git clone https://g.freya.cat/freya/xssbook2 xssbook2
cd xssbook2
git submodule update --init

XSSBook v2 runs in docker compose. Do ALL of the following:

  • MUST Copy example.env to .env
  • MUST update the following settings in .env
    • API_SECRET - Your own private JWT secret
    • XSSBOOK_* - Domain info for XSSBook is being hosted
  • MAY want to update the following settings in .env
    • HTTP_BIND - The addresses XSSBook will listen on
    • HTTP_PORT - The port XSSBook will listen on
    • ENVIRONMENT - If you want to test XSSBook in [development] mode
  • MUST build the following assets by running make
    • CSS files. MUST have sassc installed
  • MUST use site/bin/compose instead of docker compose

Once XSSBook is configured properly. Run the following to build the container images and start up the compose stack for XSSBook.

./site/bin/compose build --pull
./site/bin/compose up -d

NOTE: XSSBook needs all docker volumes to be owned by uid 1000 gid 1000. If you are NOT the root user or user 1000:1000, the compose script will ask for sudo access to be able to set the volume permissions.

migrating from xssbook v1

See shim/README.md

license

This project is licensed under the GNU GPLv3.