Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
sqlmapproject
GitHub Repository: sqlmapproject/sqlmap
 Path: blob/master/tamper/htmlencode.py
2983 views
1
#!/usr/bin/env python

2


3
"""

4
Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org)

5
See the file 'LICENSE' for copying permission

6
"""

7


8
import re

9


10
from lib.core.enums import PRIORITY

11


12
__priority__ = PRIORITY.LOW

13


14
def dependencies():

15
    pass

16


17
def tamper(payload, **kwargs):

18
    """

19
    HTML encode (using code points) all non-alphanumeric characters (e.g. ' -> ')

20


21
    >>> tamper("1' AND SLEEP(5)#")

22
    '1' AND SLEEP(5)#'

23
    >>> tamper("1' AND SLEEP(5)#")

24
    '1' AND SLEEP(5)#'

25
    """

26


27
    if payload:

28
        payload = re.sub(r"&#(\d+);", lambda match: chr(int(match.group(1))), payload)      # NOTE: https://github.com/sqlmapproject/sqlmap/issues/5203

29
        payload = re.sub(r"[^\w]", lambda match: "&#%d;" % ord(match.group(0)), payload)

30


31
    return payload

32


33