├── .gitignore ├── CHANGELOG.md ├── Default.sublime-commands ├── Main.sublime-menu ├── README.md ├── README_CN.md └── xssencode.py /.gitignore: -------------------------------------------------------------------------------- 1 | # Byte-compiled / optimized / DLL files 2 | __pycache__/ 3 | *.py[cod] 4 | *$py.class 5 | 6 | # C extensions 7 | *.so 8 | 9 | # Distribution / packaging 10 | .Python 11 | env/ 12 | build/ 13 | develop-eggs/ 14 | dist/ 15 | downloads/ 16 | eggs/ 17 | .eggs/ 18 | lib/ 19 | lib64/ 20 | parts/ 21 | sdist/ 22 | var/ 23 | *.egg-info/ 24 | .installed.cfg 25 | *.egg 26 | 27 | # PyInstaller 28 | # Usually these files are written by a python script from a template 29 | # before PyInstaller builds the exe, so as to inject date/other infos into it. 30 | *.manifest 31 | *.spec 32 | 33 | # Installer logs 34 | pip-log.txt 35 | pip-delete-this-directory.txt 36 | 37 | # Unit test / coverage reports 38 | htmlcov/ 39 | .tox/ 40 | .coverage 41 | .coverage.* 42 | .cache 43 | nosetests.xml 44 | coverage.xml 45 | *,cover 46 | .hypothesis/ 47 | 48 | # Translations 49 | *.mo 50 | *.pot 51 | 52 | # Django stuff: 53 | *.log 54 | 55 | # Sphinx documentation 56 | docs/_build/ 57 | 58 | # PyBuilder 59 | target/ 60 | -------------------------------------------------------------------------------- /CHANGELOG.md: -------------------------------------------------------------------------------- 1 | ### v1.0.5 (2017/08/01) 2 | 3 | * Add md5 16 4 | 5 | ``` 6 | md5_16: 123 => ac59075b964b0715 7 | md5_32: 123 => 202cb962ac59075b964b07152d234b70 8 | ``` 9 | 10 | * Add aaEncode/aaDecode 11 | 12 | > Encode any JavaScript program to Japanese style emoticons (^_^). 13 | > 14 | > http://utf-8.jp/public/aaencode.html 15 | 16 | javascript code: 17 | 18 | ``` 19 | alert('hello') 20 | ``` 21 | 22 | After aaencode: 23 | 24 | ``` 25 | ゚ω゚ノ= /`m´)ノ ~┻━┻ //*´∇`*/ ['_']; o=(゚ー゚) =_=3; c=(゚Θ゚) =(゚ー゚)-(゚ー゚); (゚Д゚) =(゚Θ゚)= (o^_^o)/ (o^_^o);(゚Д゚)={゚Θ゚: '_' ,゚ω゚ノ : ((゚ω゚ノ==3) +'_') [゚Θ゚] ,゚ー゚ノ :(゚ω゚ノ+ '_')[o^_^o -(゚Θ゚)] ,゚Д゚ノ:((゚ー゚==3) +'_')[゚ー゚] }; (゚Д゚) [゚Θ゚] =((゚ω゚ノ==3) +'_') [c^_^o];(゚Д゚) ['c'] = ((゚Д゚)+'_') [ (゚ー゚)+(゚ー゚)-(゚Θ゚) ];(゚Д゚) ['o'] = ((゚Д゚)+'_') [゚Θ゚];(゚o゚)=(゚Д゚) ['c']+(゚Д゚) ['o']+(゚ω゚ノ +'_')[゚Θ゚]+ ((゚ω゚ノ==3) +'_') [゚ー゚] + ((゚Д゚) +'_') [(゚ー゚)+(゚ー゚)]+ ((゚ー゚==3) +'_') [゚Θ゚]+((゚ー゚==3) +'_') [(゚ー゚) - (゚Θ゚)]+(゚Д゚) ['c']+((゚Д゚)+'_') [(゚ー゚)+(゚ー゚)]+ (゚Д゚) ['o']+((゚ー゚==3) +'_') [゚Θ゚];(゚Д゚) ['_'] =(o^_^o) [゚o゚] [゚o゚];(゚ε゚)=((゚ー゚==3) +'_') [゚Θ゚]+ (゚Д゚) .゚Д゚ノ+((゚Д゚)+'_') [(゚ー゚) + (゚ー゚)]+((゚ー゚==3) +'_') [o^_^o -゚Θ゚]+((゚ー゚==3) +'_') [゚Θ゚]+ (゚ω゚ノ +'_') [゚Θ゚]; (゚ー゚)+=(゚Θ゚); (゚Д゚)[゚ε゚]='\\'; (゚Д゚).゚Θ゚ノ=(゚Д゚+ ゚ー゚)[o^_^o -(゚Θ゚)];(o゚ー゚o)=(゚ω゚ノ +'_')[c^_^o];(゚Д゚) [゚o゚]='\"';(゚Д゚) ['_'] ( (゚Д゚) ['_'] (゚ε゚+(゚Д゚)[゚o゚]+ (゚Д゚)[゚ε゚]+(゚Θ゚)+ (゚ー゚)+ (゚Θ゚)+ (゚Д゚)[゚ε゚]+(゚Θ゚)+ ((゚ー゚) + (゚Θ゚))+ (゚ー゚)+ (゚Д゚)[゚ε゚]+(゚Θ゚)+ (゚ー゚)+ ((゚ー゚) + (゚Θ゚))+ (゚Д゚)[゚ε゚]+(゚Θ゚)+ ((o^_^o) +(o^_^o))+ ((o^_^o) - (゚Θ゚))+ (゚Д゚)[゚ε゚]+(゚Θ゚)+ ((o^_^o) +(o^_^o))+ (゚ー゚)+ (゚Д゚)[゚ε゚]+((゚ー゚) + (゚Θ゚))+ (c^_^o)+ (゚Д゚)[゚ε゚]+(゚ー゚)+ ((゚ー゚) + (o^_^o))+ (゚Д゚)[゚ε゚]+(゚Θ゚)+ ((゚ー゚) + (゚Θ゚))+ (c^_^o)+ (゚Д゚)[゚ε゚]+(゚Θ゚)+ (゚ー゚)+ ((゚ー゚) + (゚Θ゚))+ (゚Д゚)[゚ε゚]+(゚Θ゚)+ ((゚ー゚) + (゚Θ゚))+ (゚ー゚)+ (゚Д゚)[゚ε゚]+(゚Θ゚)+ ((゚ー゚) + (゚Θ゚))+ (゚ー゚)+ (゚Д゚)[゚ε゚]+(゚Θ゚)+ ((゚ー゚) + (゚Θ゚))+ ((゚ー゚) + (o^_^o))+ (゚Д゚)[゚ε゚]+(゚ー゚)+ ((゚ー゚) + (o^_^o))+ (゚Д゚)[゚ε゚]+((゚ー゚) + (゚Θ゚))+ (゚Θ゚)+ (゚Д゚)[゚o゚]) (゚Θ゚)) ('_'); 26 | ``` 27 | 28 | ### v1.0.4 (2017/05/19) 29 | 30 | * Fix Base16 Coding Error 31 | 32 | ### v1.0.3 (2017/05/19) 33 | 34 | ### v1.0.2.3 (2017/05/19) 35 | 36 | * Add JS16 37 | 38 | ``` 39 | hello <=> \x68\x65\x6c\x6c\x6f 40 | ``` 41 | 42 | ### v1.0.2.2 (2017/05/11) 43 | 44 | * Optimize Base64 45 | 46 | ``` 47 | U2FsdGVkX18KDZeuSdeq5zA= => \x53\x61\x6c\x74\x65\x64\x5f\x5f\x0a\x0d\x97\xae\x49\xd7\xaa\xe7\x30 48 | ``` 49 | * Add Base32、Base16 50 | * Add Test Command (for future RC4、AES) 51 | * Add HexStripX 52 | 53 | ``` 54 | \x30\xa0\x0a\x30\x0D => 30a00a300D 55 | ``` 56 | 57 | ### v1.0.2 (2017/05/01) 58 | 59 | * Add Sha1、 Sha256、 Sha512、Sha224、Sha384 60 | 61 | ``` 62 | test => a94a8fe5ccb19ba61c4c0873d391e987982fbbd3 63 | test => 9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08 64 | ``` 65 | 66 | ### v1.0.1 (2017/04/12) 67 | 68 | * Add `ZipEncode` and `ZipDecode` 69 | 70 | ``` 71 | hello world! <=> x\x9c\xcbH\xcd\xc9\xc9W(\xcf/\xcaIQ\x04\x00\x1e\x89\x04~ 72 | ``` 73 | 74 | * Add `Rot13Encode` and `Rot13Decode` 75 | 76 | ``` 77 | hello world! <=> uryyb jbeyq! 78 | ``` 79 | 80 | ### v1.0.0 81 | 82 | * Support Package Control 83 | -------------------------------------------------------------------------------- /Default.sublime-commands: -------------------------------------------------------------------------------- 1 | [ 2 | { 3 | "caption": "XssEncode: HTML_Unescape", 4 | "command": "html_unescape" 5 | }, 6 | { 7 | "caption": "XssEncode: HTML_Escape", 8 | "command": "html_escape" 9 | }, 10 | { 11 | "caption": "XssEncode: Html10_Encode", 12 | "command": "html10_encode" 13 | }, 14 | { 15 | "caption": "XssEncode: Html16_Encode", 16 | "command": "html16_encode" 17 | }, 18 | { 19 | "caption": "XssEncode: Base64_Encode", 20 | "command": "base64_encode" 21 | }, 22 | { 23 | "caption": "XssEncode: Base64_Decode", 24 | "command": "base64_decode" 25 | }, 26 | { 27 | "caption": "XssEncode: Base32_Encode", 28 | "command": "base32_encode" 29 | }, 30 | { 31 | "caption": "XssEncode: Base32_Decode", 32 | "command": "base32_decode" 33 | }, 34 | { 35 | "caption": "XssEncode: Base16_Encode", 36 | "command": "base16_encode" 37 | }, 38 | { 39 | "caption": "XssEncode: Base16_Decode", 40 | "command": "base16_decode" 41 | }, 42 | { 43 | "caption": "XssEncode: URL_Encode", 44 | "command": "url_encode" 45 | }, 46 | { 47 | "caption": "XssEncode: URL_Decode", 48 | "command": "url_decode" 49 | }, 50 | { 51 | "caption": "XssEncode: MD5_Encode", 52 | "command": "md5_encode" 53 | }, 54 | { 55 | "caption": "XssEncode: MD516_Encode", 56 | "command": "md516_encode" 57 | }, 58 | { 59 | "caption": "XssEncode: SHA1_Encode", 60 | "command": "sha1_encode" 61 | }, 62 | { 63 | "caption": "XssEncode: SHA256_Encode", 64 | "command": "sha256_encode" 65 | }, 66 | { 67 | "caption": "XssEncode: SHA512_Encode", 68 | "command": "sha512_encode" 69 | }, 70 | { 71 | "caption": "XssEncode: SHA224_Encode", 72 | "command": "sha224_encode" 73 | }, 74 | { 75 | "caption": "XssEncode: SHA384_Encode", 76 | "command": "sha384_encode" 77 | }, 78 | { 79 | "caption": "XssEncode: StringFromCharCode", 80 | "command": "string_from_char_code" 81 | }, 82 | { 83 | "caption": "XssEncode: MysqlChar", 84 | "command": "mysql_char" 85 | }, 86 | { 87 | "caption": "XssEncode: OracleChr", 88 | "command": "oracle_chr" 89 | },{ 90 | "caption": "XssEncode: OracleUnchr", 91 | "command": "oracle_unchr" 92 | }, 93 | { 94 | "caption": "XssEncode: PHPChr", 95 | "command": "php_chr" 96 | },{ 97 | "caption": "XssEncode: PHPUnhr", 98 | "command": "php_unchr" 99 | }, 100 | { 101 | "caption": "XssEncode: StringToHex", 102 | "command": "string_to_hex" 103 | }, 104 | { 105 | "caption": "XssEncode: ZipDecode", 106 | "command": "zip_decode" 107 | }, 108 | { 109 | "caption": "XssEncode: ZipEncode", 110 | "command": "zip_encode" 111 | }, 112 | { 113 | "caption": "XssEncode: Rot13Decode", 114 | "command": "rot13_decode" 115 | }, 116 | { 117 | "caption": "XssEncode: Rot13Encode", 118 | "command": "rot13_encode" 119 | }, 120 | { 121 | "caption": "XssEncode: HexToString", 122 | "command": "hex_to_string" 123 | }, 124 | { 125 | "caption": "XssEncode: UnicodeDecode", 126 | "command": "unicode_decode" 127 | }, 128 | { 129 | "caption": "XssEncode: UnicodeEncode", 130 | "command": "unicode_encode" 131 | }, 132 | { 133 | "caption": "XssEncode: HexStripX", 134 | "command": "hex_stripx" 135 | }, 136 | { 137 | "caption": "XssEncode: Js16Encode", 138 | "command": "js16_encode" 139 | }, 140 | { 141 | "caption": "XssEncode: Js16Decode", 142 | "command": "js16_decode" 143 | }, 144 | { 145 | "caption": "XssEncode: AaEncode", 146 | "command": "aa_encode" 147 | }, 148 | { 149 | "caption": "XssEncode: AaDecode", 150 | "command": "aa_decode" 151 | }, 152 | { 153 | "caption": "XssEncode: TestEncode", 154 | "command": "test_encode" 155 | }, 156 | { 157 | "caption": "XssEncode: TestDecode", 158 | "command": "test_decode" 159 | } 160 | ] 161 | -------------------------------------------------------------------------------- /Main.sublime-menu: -------------------------------------------------------------------------------- 1 | [{ 2 | "mnemonic": "t", 3 | "id": "tools", 4 | "children":[{ 5 | "id": "xssencodemenu", 6 | "caption": "XssEncode", 7 | "children":[ 8 | {"id": "htmlunescape", "caption": "HTML_Unescape", "command": "html_unescape"}, 9 | {"id": "htmlescape", "caption": "HTML_Escape", "command": "html_escape"}, 10 | {"id": "html10_encode", "caption": "Html10_Encode", "command": "html10_encode"}, 11 | {"id": "html16_encode", "caption": "Html16_Encode", "command": "html16_encode"}, 12 | {"caption": "-"}, 13 | {"id": "base64_encode", "caption": "Base64_Encode", "command": "base64_encode"}, 14 | {"id": "base32_encode", "caption": "Base32_Encode", "command": "base32_encode"}, 15 | {"id": "base16_encode", "caption": "Base16_Encode", "command": "base16_encode"}, 16 | {"id": "base64_decode", "caption": "Base64_Decode", "command": "base64_decode"}, 17 | {"id": "base32_decode", "caption": "Base32_Decode", "command": "base32_decode"}, 18 | {"id": "base16_decode", "caption": "Base16_Decode", "command": "base16_decode"}, 19 | {"caption": "-"}, 20 | {"id": "url_decode", "caption": "URL_Decode", "command": "url_decode"}, 21 | {"id": "url_encode", "caption": "URL_Encode", "command": "url_encode"}, 22 | {"caption": "-"}, 23 | {"id": "string_from_char_code", "caption": "StringFromCharCode", "command": "string_from_char_code"}, 24 | {"id": "mysql_char", "caption": "MysqlChar", "command": "mysql_char"}, 25 | {"id": "oracle_chr", "caption": "OracleChr", "command": "oracle_chr"}, 26 | {"id": "oracle_unchr", "caption": "OracleUnchr", "command": "oracle_unchr"}, 27 | {"id": "php_chr", "caption": "PHPChr", "command": "php_chr"}, 28 | {"id": "php_unchr", "caption": "PHPUnchr", "command": "php_unchr"}, 29 | {"caption": "-"}, 30 | {"id": "string_to_hex", "caption": "StringToHex", "command": "string_to_hex"}, 31 | {"id": "unzip_decode", "caption": "ZipDecode", "command": "zip_decode"}, 32 | {"id": "unzip_encode", "caption": "ZipEncode", "command": "zip_encode"}, 33 | {"id": "rot13_decode", "caption": "Rot13Decode", "command": "rot13_decode"}, 34 | {"id": "rot13_encode", "caption": "Rot13Encode", "command": "rot13_encode"}, 35 | {"id": "hex_to_string", "caption": "HexToString", "command": "hex_to_string"}, 36 | {"caption": "-"}, 37 | {"id": "js16_encode", "caption": "Js16Encode", "command": "js16_encode"}, 38 | {"id": "js16_decode", "caption": "Js16Decode", "command": "js16_decode"}, 39 | {"id": "aa_encode", "caption": "aaEncode", "command": "aa_encode"}, 40 | {"id": "aa_decode", "caption": "aaDecode", "command": "aa_decode"}, 41 | {"caption": "-"}, 42 | {"id": "unicode_encode", "caption": "UnicodeEncode", "command": "unicode_encode"}, 43 | {"id": "unicode_decode", "caption": "UnicodeDecode", "command": "unicode_decode"}, 44 | {"caption": "-"}, 45 | {"id": "md5_encode", "caption": "MD5_Encode", "command": "md5_encode"}, 46 | {"id": "md516_encode", "caption": "MD516_Encode", "command": "md516_encode"}, 47 | {"id": "sha1_encode", "caption": "SHA1_Encode", "command": "sha1_encode"}, 48 | {"id": "sha256_encode", "caption": "SHA256_Encode", "command": "sha256_encode"}, 49 | {"id": "sha512_encode", "caption": "SHA512_Encode", "command": "sha512_encode"}, 50 | {"id": "sha224_encode", "caption": "SHA224_Encode", "command": "sha224_encode"}, 51 | {"id": "sha384_encode", "caption": "SHA384_Encode", "command": "sha384_encode"}, 52 | {"caption": "-"}, 53 | {"id": "hexstripx", "caption": "HexStrip\\X", "command": "hex_stripx"}, 54 | {"id": "test_encode", "caption": "Test_Encode", "command": "test_encode"}, 55 | {"id": "test_decode", "caption": "Test_Decode", "command": "test_decode"} 56 | ] 57 | }] 58 | }] 59 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Sublime XssEncode 2 | 3 | [English](README.md) | [中文说明](README_CN.md) 4 | 5 | Converts characters from one encoding to another using a transformation. This tool will help you encode payloads in testing sql injections, XSS holes and site security. 6 | 7 | **Convert the region you selected or convert all characters.** 8 | 9 | XssEncode supports both Sublime Text 2 and 3. 10 | 11 | Installation 12 | ---- 13 | 14 | Using [Package Control](https://sublime.wbond.net/installation) to find, install and upgrade *XssEncode* is the recommended method to install this plug-in. 15 | 16 | 17 | Otherwise, you can use the following steps manually install: 18 | 19 | 1. Open the Sublime Text Packages folder 20 | * OS X: ~/Library/Application Support/Sublime Text 3/Packages/ 21 | * Windows: %APPDATA%/Sublime Text 3/Packages/ 22 | * Linux: ~/.Sublime Text 3/Packages/ or ~/.config/sublime-text-3/Packages 23 | 24 | 2. clone this repo 25 | 26 | ``` 27 | git clone https://github.com/Medicean/SublimeXssEncode.git 28 | ``` 29 | 30 | 3. Rename the new folder to **xssencode** 31 | 32 | 33 | ChangeLog 34 | --- 35 | 36 | See more at [ChangeLog](CHANGELOG.md) 37 | 38 | Example Commands 39 | ---- 40 | 41 | > You can type the Command HotKeys(Win: `ctrl+shift+p`, OSX: Command+shift+p),type `xssencode` and choice your action。Otherwise, click the menu bar `tools` => `XssEncode` and choice your action. 42 | 43 | * `html_escape` 44 | 45 | Converts characters to their HTML entity. 46 | 47 | **eg:** 48 | 49 | `a1@&` => `a1@&` 50 | 51 | * `html10_encode` 52 | 53 | Converts characters to html entity with decimal. 54 | 55 | **eg:** 56 | 57 | `a1@&` => `a1@&` 58 | 59 | * `html16_encode` 60 | 61 | Converts characters to html entity with hexadecimal. 62 | 63 | **eg:** 64 | 65 | `a1@&` => `a1@&` 66 | 67 | * `html_unescape` 68 | 69 | Converts html entity to characters. 70 | 71 | **eg:** 72 | 73 | `aaa&` => `aaa&` 74 | 75 | * `base64_encode` 76 | 77 | Uses base64 to encode into base64 78 | 79 | **eg:** 80 | 81 | `a1@&` => `YTFAJg==` 82 | 83 | * `base64_decode` 84 | 85 | **eg:** 86 | 87 | `YTFAJg==` => `a1@&` 88 | 89 | * `url_encode` 90 | 91 | **eg:** 92 | 93 | `alert(/xss/);` => `alert%28/xss/%29%3B` 94 | 95 | * `url_decode` 96 | 97 | **eg:** 98 | 99 | `alert%28/xss/%29%3B` => `alert(/xss/);` 100 | 101 | * `string_from_char_code` 102 | 103 | **eg:** 104 | 105 | `alert(/xss/);` => `String.fromCharCode(97,108,101,114,116,40,47,120,115,115,47,41,59)` 106 | 107 | * `mysql_char` 108 | 109 | **eg:** 110 | 111 | `123` => `CHAR(49,50,51)` 112 | 113 | You can excute the sql commands below. 114 | 115 | `select 123;` 116 | 117 | `select CHAR(49,50,51);` 118 | 119 | * `oracle_chr` 120 | 121 | **eg:** 122 | 123 | `123` => `CHR(49)||CHR(50)||CHR(51)` 124 | 125 | You can excute the sql commands below. 126 | 127 | `select 123;` 128 | 129 | `select CHR(49)||CHR(50)||CHR(51);` 130 | 131 | * `php_chr` 132 | 133 | Convert characters with function chr. 134 | 135 | **eg:** 136 | 137 | Support we have a php backdoor, and the content is `` 138 | 139 | if you want to execute some commands which includes special chars, you can convert it. 140 | 141 | `ls -al` => `CHR(108).CHR(115).CHR(32).CHR(45).CHR(97).CHR(108)` 142 | 143 | now you can request the url below: 144 | 145 | `http://127.0.0.1/backdoor.php?cmd=system(CHR(108).CHR(115).CHR(32).CHR(45).CHR(97).CHR(108));` 146 | 147 | * `string_to_hex` 148 | 149 | Convert string to hexadecimal, it's more useful for sql injection. 150 | 151 | **eg:** 152 | 153 | `root` => `726f6f74` 154 | 155 | now you can excute the sql commands below. 156 | 157 | `SELECT user from mysql.user where user='root';` 158 | 159 | `SELECT user from mysql.user where user=0x726f6f74;` 160 | 161 | * `hex_to_string` 162 | 163 | **eg:** 164 | 165 | `726f6f74` => `root` 166 | 167 | * `unicode_decode` 168 | 169 | **eg:** 170 | 171 | `测试` => `\u6d4b\u8bd5` 172 | 173 | * `unicode_encode` 174 | 175 | **eg:** 176 | 177 | `\u6d4b\u8bd5` => `测试` 178 | 179 | * `md5_encode` 180 | 181 | **eg:** 182 | 183 | `1` => `c4ca4238a0b923820dcc509a6f75849b` 184 | -------------------------------------------------------------------------------- /README_CN.md: -------------------------------------------------------------------------------- 1 | # Sublime XssEncode 2 | 3 | [English](README.md) | [中文说明](README_CN.md) 4 | 5 | XssEncode 是一个字符编码转换工具,这个工具可以在你进行 SQL 注入、XSS 测试、加密解密时快速的对 Payload 进行转换。 6 | 7 | **转换你选中的字符,如果未选中则默认转换整个文本域的内容** 8 | 9 | XssEncode 支持 Sublime Text 2 和 3. 10 | 11 | 如何安装 12 | ---- 13 | 14 | 强烈推荐使用 [Package Control](https://sublime.wbond.net/installation) 进行查找、安装、升级 **XssEncode** 15 | 16 | 当然,你也可以按照以下步骤手动进行安装: 17 | 18 | 1. 打开 Sublime Text Packages 目录(可直接通过菜单中的 Browse Packages 进入该目录) 19 | * OS X: ~/Library/Application Support/Sublime Text 3/Packages/ 20 | * Windows: %APPDATA%/Sublime Text 3/Packages/ 21 | * Linux: ~/.Sublime Text 3/Packages/ or ~/.config/sublime-text-3/Packages 22 | 23 | 2. Clone 本仓库到该目录下 24 | 25 | ``` 26 | git clone https://github.com/Medicean/SublimeXssEncode.git 27 | ``` 28 | 29 | 3. 将目录名重命名为:**xssencode** 30 | 31 | 32 | 改动日志 33 | --- 34 | 35 | 详情见:[ChangeLog](CHANGELOG.md) 36 | 37 | 转换命令样例: 38 | ---- 39 | 40 | > 你可以直接通过命令快捷键(Win: `ctrl+shift+p`, OSX: Command+shift+p),然后输入 `xssencode` 选择你要进行的操作。或者可以点击菜单栏 `tools` => `XssEncode` 选择你要进行的操作。 41 | 42 | * `html_escape` 43 | 44 | HTML 实体编码 45 | 46 | **eg:** 47 | 48 | `a1@&` => `a1@&` 49 | 50 | * `html10_encode` 51 | 52 | HTML 10 进制实体编码 53 | 54 | **eg:** 55 | 56 | `a1@&` => `a1@&` 57 | 58 | * `html16_encode` 59 | 60 | HTML 16 进制实体编码 61 | 62 | **eg:** 63 | 64 | `a1@&` => `a1@&` 65 | 66 | * `html_unescape` 67 | 68 | HTML 实体解码 69 | 70 | **eg:** 71 | 72 | `aaa&` => `aaa&` 73 | 74 | * `base64_encode` 75 | 76 | Base64 编码 77 | 78 | **eg:** 79 | 80 | `a1@&` => `YTFAJg==` 81 | 82 | * `base64_decode` 83 | 84 | **eg:** 85 | 86 | `YTFAJg==` => `a1@&` 87 | 88 | * `url_encode` 89 | 90 | URL 编码 91 | 92 | **eg:** 93 | 94 | `alert(/xss/);` => `alert%28/xss/%29%3B` 95 | 96 | * `url_decode` 97 | 98 | **eg:** 99 | 100 | `alert%28/xss/%29%3B` => `alert(/xss/);` 101 | 102 | * `string_from_char_code` 103 | 104 | **eg:** 105 | 106 | `alert(/xss/);` => `String.fromCharCode(97,108,101,114,116,40,47,120,115,115,47,41,59)` 107 | 108 | * `mysql_char` 109 | 110 | **eg:** 111 | 112 | `123` => `CHAR(49,50,51)` 113 | 114 | You can excute the sql commands below. 115 | 116 | `select 123;` 117 | 118 | `select CHAR(49,50,51);` 119 | 120 | * `oracle_chr` 121 | 122 | **eg:** 123 | 124 | `123` => `CHR(49)||CHR(50)||CHR(51)` 125 | 126 | You can excute the sql commands below. 127 | 128 | `select 123;` 129 | 130 | `select CHR(49)||CHR(50)||CHR(51);` 131 | 132 | * `php_chr` 133 | 134 | 转换为 PHP chr 函数连接形式. 135 | 136 | **eg:** 137 | 138 | 假如现在我们有一个 PHP 的 WebShell, 内容是: `` 139 | 140 | 如果你要绕过一些安全防护(比如:WAF),你可以把你要执行的命令转换一下,比如下面这个例子: 141 | 142 | `ls -al` => `CHR(108).CHR(115).CHR(32).CHR(45).CHR(97).CHR(108)` 143 | 144 | 然后,你可以这样发起请求: 145 | 146 | `http://127.0.0.1/backdoor.php?cmd=system(CHR(108).CHR(115).CHR(32).CHR(45).CHR(97).CHR(108));` 147 | 148 | * `string_to_hex` 149 | 150 | 将字符转换成 16 进制,在 SQL 注入中使用的非常多 151 | 152 | **eg:** 153 | 154 | `root` => `726f6f74` 155 | 156 | 你可以在 mysql 命令行下执行下面两条指令,查看效果: 157 | 158 | `SELECT user from mysql.user where user='root';` 159 | 160 | `SELECT user from mysql.user where user=0x726f6f74;` 161 | 162 | * `hex_to_string` 163 | 164 | **eg:** 165 | 166 | `726f6f74` => `root` 167 | 168 | * `unicode_decode` 169 | 170 | **eg:** 171 | 172 | `测试` => `\u6d4b\u8bd5` 173 | 174 | * `unicode_encode` 175 | 176 | **eg:** 177 | 178 | `\u6d4b\u8bd5` => `测试` 179 | 180 | * `md5_encode` 181 | 182 | **eg:** 183 | 184 | `1` => `c4ca4238a0b923820dcc509a6f75849b` 185 | -------------------------------------------------------------------------------- /xssencode.py: -------------------------------------------------------------------------------- 1 | import sublime 2 | import sublime_plugin 3 | __VERSION__ = '1.0.5' 4 | 5 | 6 | class XssEncodeCommand(sublime_plugin.TextCommand): 7 | def run(self, edit): 8 | for region in self.view.sel(): 9 | if region.empty(): 10 | region = sublime.Region(0, self.view.size()) 11 | text = self.view.substr(region) 12 | replacement = self.convert(text) 13 | self.view.replace(edit, region, replacement) 14 | 15 | def convert(self, source_txt): 16 | return source_txt 17 | 18 | 19 | class HtmlUnescapeCommand(XssEncodeCommand): 20 | def convert(self, source_txt): 21 | try: 22 | from html.parser import HTMLParser 23 | except: 24 | from HTMLParser import HTMLParser 25 | return HTMLParser().unescape(source_txt) 26 | 27 | 28 | class HtmlEscapeCommand(XssEncodeCommand): 29 | def convert(self, source_txt): 30 | try: 31 | import cgi 32 | except: 33 | return source_txt 34 | return cgi.escape(source_txt) 35 | 36 | 37 | class Base64EncodeCommand(XssEncodeCommand): 38 | def convert(self, source_txt): 39 | try: 40 | import base64 41 | except: 42 | return source_txt 43 | return base64.b64encode(source_txt.encode("utf-8")).decode() 44 | 45 | 46 | class Base64DecodeCommand(XssEncodeCommand): 47 | def convert(self, source_txt): 48 | try: 49 | import base64 50 | except: 51 | return source_txt 52 | try: 53 | return base64.b64decode(source_txt).decode('utf-8') 54 | except: 55 | import binascii 56 | hexstr = binascii.b2a_hex(base64.b64decode(source_txt)) 57 | ret_str = '' 58 | for i in range(0, len(hexstr), 2): 59 | ret_str += "\\x%c%c" % (((hexstr[i]), (hexstr[i + 1]))) 60 | return ret_str 61 | 62 | 63 | class Base32EncodeCommand(XssEncodeCommand): 64 | def convert(self, source_txt): 65 | try: 66 | import base64 67 | except: 68 | return source_txt 69 | return base64.b32encode(source_txt.encode("utf-8")).decode() 70 | 71 | 72 | class Base32DecodeCommand(XssEncodeCommand): 73 | def convert(self, source_txt): 74 | try: 75 | import base64 76 | except: 77 | return source_txt 78 | try: 79 | return base64.b32decode(source_txt).decode('utf-8') 80 | except: 81 | import binascii 82 | hexstr = binascii.b2a_hex(base64.b32decode(source_txt)) 83 | ret_str = '' 84 | for i in range(0, len(hexstr), 2): 85 | ret_str += "\\x%c%c" % (((hexstr[i]), (hexstr[i + 1]))) 86 | return ret_str 87 | 88 | 89 | class Base16DecodeCommand(XssEncodeCommand): 90 | def convert(self, source_txt): 91 | try: 92 | import base64 93 | except: 94 | return source_txt 95 | try: 96 | return base64.b16decode(source_txt).decode('utf-8') 97 | except: 98 | import binascii 99 | hexstr = binascii.b2a_hex(base64.b16decode(source_txt)) 100 | ret_str = '' 101 | for i in range(0, len(hexstr), 2): 102 | ret_str += "\\x%c%c" % (((hexstr[i]), (hexstr[i + 1]))) 103 | return ret_str 104 | 105 | 106 | class Base16EncodeCommand(XssEncodeCommand): 107 | def convert(self, source_txt): 108 | try: 109 | import base64 110 | except: 111 | return source_txt 112 | return base64.b16encode(source_txt.encode("utf-8")).decode() 113 | 114 | 115 | class UrlEncodeCommand(XssEncodeCommand): 116 | def convert(self, source_txt): 117 | try: 118 | from urllib.parse import quote 119 | except: 120 | from urllib import quote 121 | return quote(source_txt) 122 | 123 | 124 | class UrlDecodeCommand(XssEncodeCommand): 125 | def convert(self, source_txt): 126 | try: 127 | from urllib.parse import unquote 128 | except: 129 | from urllib import unquote 130 | return unquote(source_txt) 131 | 132 | 133 | class Md5EncodeCommand(XssEncodeCommand): 134 | def convert(self, source_txt): 135 | try: 136 | import hashlib 137 | except: 138 | return source_txt 139 | return hashlib.md5(source_txt.encode("utf-8")).hexdigest() 140 | 141 | 142 | class Md516EncodeCommand(XssEncodeCommand): 143 | def convert(self, source_txt): 144 | try: 145 | import hashlib 146 | except: 147 | return source_txt 148 | return hashlib.md5(source_txt.encode("utf-8")).hexdigest()[8:24] 149 | 150 | 151 | class Sha1EncodeCommand(XssEncodeCommand): 152 | def convert(self, source_txt): 153 | try: 154 | import hashlib 155 | except: 156 | return source_txt 157 | return hashlib.sha1(source_txt.encode("utf-8")).hexdigest() 158 | 159 | 160 | class Sha256EncodeCommand(XssEncodeCommand): 161 | def convert(self, source_txt): 162 | try: 163 | import hashlib 164 | except: 165 | return source_txt 166 | return hashlib.sha256(source_txt.encode("utf-8")).hexdigest() 167 | 168 | 169 | class Sha512EncodeCommand(XssEncodeCommand): 170 | def convert(self, source_txt): 171 | try: 172 | import hashlib 173 | except: 174 | return source_txt 175 | return hashlib.sha512(source_txt.encode("utf-8")).hexdigest() 176 | 177 | 178 | class Sha224EncodeCommand(XssEncodeCommand): 179 | def convert(self, source_txt): 180 | try: 181 | import hashlib 182 | except: 183 | return source_txt 184 | return hashlib.sha224(source_txt.encode("utf-8")).hexdigest() 185 | 186 | 187 | class Sha384EncodeCommand(XssEncodeCommand): 188 | def convert(self, source_txt): 189 | try: 190 | import hashlib 191 | except: 192 | return source_txt 193 | return hashlib.sha384(source_txt.encode("utf-8")).hexdigest() 194 | 195 | 196 | class Html10EncodeCommand(XssEncodeCommand): 197 | def convert(self, source_txt): 198 | text = "" 199 | try: 200 | for i in range(len(source_txt)): 201 | text += "&#%s;" % ord(source_txt[i]) 202 | return text 203 | except: 204 | sublime.error_message("Can not convert to HTML10 Entities") 205 | 206 | 207 | class Html16EncodeCommand(XssEncodeCommand): 208 | def convert(self, source_txt): 209 | text = "" 210 | try: 211 | for i in range(len(source_txt)): 212 | text += "&#x%x;" % ord(source_txt[i]) 213 | return text 214 | except: 215 | sublime.error_message("Can not convert to HTML16 Entities") 216 | 217 | 218 | class StringFromCharCodeCommand(XssEncodeCommand): 219 | def convert(self, source_txt): 220 | text = "String.fromCharCode(" 221 | try: 222 | for i in range(len(source_txt)): 223 | text += "%s," % ord(source_txt[i]) 224 | text = text[:-1] + ")" 225 | return text 226 | except: 227 | sublime.error_message("Can not convert to String.fromCharCode") 228 | 229 | 230 | class MysqlCharCommand(XssEncodeCommand): 231 | def convert(self, source_txt): 232 | text = "CHAR(" 233 | try: 234 | for i in range(len(source_txt)): 235 | text += "%s," % str(ord(source_txt[i])) 236 | text = text[:-1] + ")" 237 | return text 238 | except: 239 | sublime.error_message("Can not convert to MysqlChar") 240 | 241 | 242 | class OracleChrCommand(XssEncodeCommand): 243 | def convert(self, source_txt): 244 | text = "" 245 | try: 246 | for i in range(len(source_txt)): 247 | text += "CHR(%s)||" % str(ord(source_txt[i])) 248 | text = text[:-2] 249 | return text 250 | except: 251 | sublime.error_message("Can not convert to OracleChr") 252 | 253 | 254 | class OracleUnchrCommand(XssEncodeCommand): 255 | def convert(self, source_txt): 256 | import re 257 | 258 | def unescape(txt): 259 | l = re.findall(r'CHR\((\d+?)\)', txt, re.I) 260 | tmp = "" 261 | for x in l: 262 | tmp += chr(int(x)) 263 | return tmp 264 | 265 | try: 266 | splitchr = "\|" 267 | chrlists = re.findall( 268 | r'CHR\(\d+?\)%s{0,2}' % splitchr, 269 | source_txt, re.M | re.I) 270 | chrstrs = [] 271 | temp = "" 272 | for item in range(len(chrlists)): 273 | temp += chrlists[item] 274 | if not re.search(splitchr, chrlists[item]): 275 | chrstrs.append(temp) 276 | temp = "" 277 | chrstrs = sorted(chrstrs, key=lambda x: len(x)) 278 | chrstrs.reverse() 279 | for item in chrstrs: 280 | source_txt = source_txt.replace(item, '"%s"' % unescape(item)) 281 | return source_txt 282 | except: 283 | sublime.error_message("Can not convert to OracleUnchr") 284 | 285 | 286 | class PhpChrCommand(XssEncodeCommand): 287 | def convert(self, source_txt): 288 | text = "" 289 | try: 290 | for i in range(len(source_txt)): 291 | text += "CHR(%s)." % str(ord(source_txt[i])) 292 | text = text[:-1] 293 | return text 294 | except: 295 | sublime.error_message("Can not convert to PhpChr") 296 | 297 | 298 | class PhpUnchrCommand(XssEncodeCommand): 299 | def convert(self, source_txt): 300 | import re 301 | 302 | def unescape(txt): 303 | l = re.findall(r'CHR\((\d+?)\)', txt, re.I) 304 | tmp = "" 305 | for x in l: 306 | tmp += chr(int(x)) 307 | return tmp 308 | 309 | try: 310 | splitchr = "\." 311 | chrlists = re.findall( 312 | r'CHR\(\d+?\)%s{0,1}' % splitchr, 313 | source_txt, re.M | re.I) 314 | chrstrs = [] 315 | temp = "" 316 | for item in range(len(chrlists)): 317 | temp += chrlists[item] 318 | if not re.search(splitchr, chrlists[item]): 319 | chrstrs.append(temp) 320 | temp = "" 321 | chrstrs = sorted(chrstrs, key=lambda x: len(x)) 322 | chrstrs.reverse() 323 | for item in chrstrs: 324 | source_txt = source_txt.replace(item, '"%s"' % unescape(item)) 325 | return source_txt 326 | except: 327 | sublime.error_message("Can not convert to PhpUnhr") 328 | 329 | 330 | class StringToHexCommand(XssEncodeCommand): 331 | def convert(self, source_txt): 332 | text = "" 333 | try: 334 | import binascii 335 | text += binascii.b2a_hex(source_txt.encode('utf-8')).decode() 336 | return text 337 | except: 338 | sublime.error_message("Can not convert to StringToHex") 339 | 340 | 341 | class HexToStringCommand(XssEncodeCommand): 342 | def convert(self, source_txt): 343 | text = "" 344 | try: 345 | if source_txt.startswith('0x'): 346 | source_txt = source_txt[2:] 347 | import binascii 348 | text += binascii.a2b_hex(source_txt).decode() 349 | return text 350 | except: 351 | sublime.error_message("Can not convert to HexToString") 352 | 353 | 354 | class UnicodeDecodeCommand(XssEncodeCommand): 355 | def convert(self, source_txt): 356 | text = "" 357 | try: 358 | text = source_txt.encode().decode('unicode_escape') 359 | return text 360 | except: 361 | sublime.error_message("Can not convert to UnicodeDecode") 362 | 363 | 364 | class UnicodeEncodeCommand(XssEncodeCommand): 365 | def convert(self, source_txt): 366 | text = "" 367 | try: 368 | text = source_txt.encode('unicode_escape').decode() 369 | return text 370 | except: 371 | sublime.error_message("Can not convert to UnicodeEncode") 372 | 373 | 374 | class ZipDecodeCommand(XssEncodeCommand): 375 | 376 | def convert(self, source_txt): 377 | text = "" 378 | try: 379 | import zlib 380 | import codecs 381 | text = zlib.decompress(codecs.escape_decode(source_txt)[0]).decode() 382 | return text 383 | except: 384 | sublime.error_message("Unzip failed.") 385 | 386 | 387 | class ZipEncodeCommand(XssEncodeCommand): 388 | 389 | def convert(self, source_txt): 390 | text = "" 391 | try: 392 | import zlib 393 | import codecs 394 | text = zlib.compress(source_txt.encode()) 395 | return codecs.escape_encode(text)[0].decode() 396 | except: 397 | sublime.error_message("Zip failed.") 398 | 399 | 400 | class Rot13EncodeCommand(XssEncodeCommand): 401 | 402 | def convert(self, source_txt): 403 | text = "" 404 | try: 405 | import codecs 406 | text = codecs.encode(source_txt, "rot-13") 407 | return text 408 | except: 409 | sublime.error_message("Rot13 convert failed.") 410 | 411 | 412 | class Rot13DecodeCommand(Rot13EncodeCommand): 413 | pass 414 | 415 | 416 | class Js16EncodeCommand(XssEncodeCommand): 417 | def convert(self, source_txt): 418 | text = "" 419 | try: 420 | import binascii 421 | text += binascii.b2a_hex(source_txt.encode('utf-8')).decode() 422 | ret = "" 423 | for i in range(0, len(text), 2): 424 | ret += "\\x%s" % (text[i:i + 2]) 425 | return ret 426 | except: 427 | sublime.error_message("Can not convert to Js16") 428 | 429 | 430 | class Js16DecodeCommand(XssEncodeCommand): 431 | def convert(self, source_txt): 432 | try: 433 | text = HexStripxCommand(self).convert(source_txt) 434 | text = HexToStringCommand(self).convert(text) 435 | return text 436 | except: 437 | sublime.error_message("Js16Decode convert failed.") 438 | 439 | 440 | class AaEncodeCommand(XssEncodeCommand): 441 | u"""Encode any JavaScript program to Japanese style emoticons (^_^).""" 442 | 443 | def aaencode(self, text): 444 | import re 445 | try: 446 | text = unicode(text) 447 | except: 448 | pass 449 | t = "" 450 | b = [ 451 | "(c^_^o)", 452 | "(゚Θ゚)", 453 | "((o^_^o) - (゚Θ゚))", 454 | "(o^_^o)", 455 | "(゚ー゚)", 456 | "((゚ー゚) + (゚Θ゚))", 457 | "((o^_^o) +(o^_^o))", 458 | "((゚ー゚) + (o^_^o))", 459 | "((゚ー゚) + (゚ー゚))", 460 | "((゚ー゚) + (゚ー゚) + (゚Θ゚))", 461 | "(゚Д゚) .゚ω゚ノ", 462 | "(゚Д゚) .゚Θ゚ノ", 463 | "(゚Д゚) ['c']", 464 | "(゚Д゚) .゚ー゚ノ", 465 | "(゚Д゚) .゚Д゚ノ", 466 | "(゚Д゚) [゚Θ゚]" 467 | ] 468 | r = "゚ω゚ノ= /`m´)ノ ~┻━┻ //*´∇`*/ ['_']; o=(゚ー゚) =_=3; c=(゚Θ゚) =(゚ー゚)-(゚ー゚); " 469 | if re.search('ひだまりスケッチ×(365|356)\s*来週も見てくださいね[!!]', text): 470 | r += "X=_=3; " 471 | r += "\r\n\r\n X / _ / X < \"来週も見てくださいね!\";\r\n\r\n" 472 | 473 | r += "(゚Д゚) =(゚Θ゚)= (o^_^o)/ (o^_^o);" +\ 474 | "(゚Д゚)={゚Θ゚: '_' ,゚ω゚ノ : ((゚ω゚ノ==3) +'_') [゚Θ゚] " + \ 475 | ",゚ー゚ノ :(゚ω゚ノ+ '_')[o^_^o -(゚Θ゚)] " +\ 476 | ",゚Д゚ノ:((゚ー゚==3) +'_')[゚ー゚] }; (゚Д゚) [゚Θ゚] =((゚ω゚ノ==3) +'_') [c^_^o];" +\ 477 | "(゚Д゚) ['c'] = ((゚Д゚)+'_') [ (゚ー゚)+(゚ー゚)-(゚Θ゚) ];" +\ 478 | "(゚Д゚) ['o'] = ((゚Д゚)+'_') [゚Θ゚];" +\ 479 | "(゚o゚)=(゚Д゚) ['c']+(゚Д゚) ['o']+(゚ω゚ノ +'_')[゚Θ゚]+ ((゚ω゚ノ==3) +'_') [゚ー゚] + " +\ 480 | "((゚Д゚) +'_') [(゚ー゚)+(゚ー゚)]+ ((゚ー゚==3) +'_') [゚Θ゚]+" +\ 481 | "((゚ー゚==3) +'_') [(゚ー゚) - (゚Θ゚)]+(゚Д゚) ['c']+" +\ 482 | "((゚Д゚)+'_') [(゚ー゚)+(゚ー゚)]+ (゚Д゚) ['o']+" +\ 483 | "((゚ー゚==3) +'_') [゚Θ゚];(゚Д゚) ['_'] =(o^_^o) [゚o゚] [゚o゚];" +\ 484 | "(゚ε゚)=((゚ー゚==3) +'_') [゚Θ゚]+ (゚Д゚) .゚Д゚ノ+" +\ 485 | "((゚Д゚)+'_') [(゚ー゚) + (゚ー゚)]+((゚ー゚==3) +'_') [o^_^o -゚Θ゚]+" +\ 486 | "((゚ー゚==3) +'_') [゚Θ゚]+ (゚ω゚ノ +'_') [゚Θ゚]; " +\ 487 | "(゚ー゚)+=(゚Θ゚); (゚Д゚)[゚ε゚]='\\\\'; " +\ 488 | "(゚Д゚).゚Θ゚ノ=(゚Д゚+ ゚ー゚)[o^_^o -(゚Θ゚)];" +\ 489 | "(o゚ー゚o)=(゚ω゚ノ +'_')[c^_^o];" +\ 490 | "(゚Д゚) [゚o゚]='\\\"';" +\ 491 | "(゚Д゚) ['_'] ( (゚Д゚) ['_'] (゚ε゚+" 492 | r += "(゚Д゚)[゚o゚]+ " 493 | for i in range(len(text)): 494 | n = ord(text[i]) 495 | t = "(゚Д゚)[゚ε゚]+" 496 | if(n <= 127): 497 | nt = "%o" % n 498 | for x in range(len(nt)): 499 | t += b[int(nt[x])] + "+ " 500 | else: 501 | nt = "%04x" % n 502 | t += "(o゚ー゚o)+ " 503 | for x in range(len(nt)): 504 | t += b[int(eval("0x%s" % nt[x]))] + "+ " 505 | r += t 506 | r += "(゚Д゚)[゚o゚]) (゚Θ゚)) ('_');" 507 | return r 508 | 509 | def convert(self, source_txt): 510 | try: 511 | text = self.aaencode(source_txt) 512 | return text 513 | except: 514 | sublime.error_message("aaEncode convert failed.") 515 | 516 | 517 | class AaDecodeCommand(XssEncodeCommand): 518 | u"""Encode any JavaScript program to Japanese style emoticons (^_^).""" 519 | 520 | def convert(self, source_txt): 521 | try: 522 | evalPreamble = u"(\uFF9F\u0414\uFF9F) ['_'] ( (\uFF9F\u0414\uFF9F) ['_'] (" 523 | decodePreamble = u"( (\uFF9F\u0414\uFF9F) ['_'] (" 524 | evalPostamble = u") (\uFF9F\u0398\uFF9F)) ('_');" 525 | decodePostamble = u") ());" 526 | text = source_txt.strip() 527 | if text.rfind(evalPostamble) < 0: 528 | sublime.error_message("Given code is not encoded as aaencode.") 529 | return source_txt 530 | if text.rfind(evalPostamble) != len(text) - len(evalPostamble): 531 | sublime.error_message("Given code is not encoded as aaencode.") 532 | return source_txt 533 | text = text.replace(evalPreamble, decodePreamble).replace( 534 | evalPostamble, decodePostamble) 535 | sublime.message_dialog('Decode end. Run the script you will see result.') 536 | return text 537 | except: 538 | sublime.error_message("aaDecode convert failed.") 539 | 540 | 541 | class HexStripxCommand(XssEncodeCommand): 542 | def convert(self, source_txt): 543 | try: 544 | return source_txt.replace('\\x', '') 545 | except: 546 | sublime.error_message("HexStrip \\X failed.") 547 | 548 | 549 | class TestEncodeCommand(XssEncodeCommand, sublime_plugin.WindowCommand): 550 | 551 | def convert(self, source_txt): 552 | self.source_txt = source_txt 553 | self.convert_txt = source_txt 554 | self.view.window().show_input_panel( 555 | 'Input key here:', '', self.on_done, self.on_change, None) 556 | return self.convert_txt 557 | 558 | def on_done(self, m): 559 | sublime.status_message(m) 560 | 561 | def on_change(self, m): 562 | sublime.status_message("Press ESC to calcel, key: %s" % m) 563 | 564 | 565 | class TestDecodeCommand(XssEncodeCommand, sublime_plugin.WindowCommand): 566 | 567 | def convert(self, source_txt): 568 | self.source_txt = source_txt 569 | self.convert_txt = source_txt 570 | self.view.window().show_input_panel( 571 | 'Input key here:', '', 572 | self.on_done, self.on_change, None) 573 | return self.convert_txt 574 | 575 | def on_done(self, m): 576 | sublime.status_message(m) 577 | 578 | def on_change(self, m): 579 | sublime.status_message("Press ESC to calcel, key: %s" % m) 580 | --------------------------------------------------------------------------------