view release on metacpan or  search on metacpan

t/70xss.t  view on Meta::CPAN

        q{<!--filtered-->},

        # 16
        q{<IMG SRC="javascript:alert('XSS');">},
        q{<img />},

        # 17
        q{<IMG SRC=javascript:alert('XSS')>},
        q{<img />},

        # 18
        q{<IMG DYNSRC="javascript:alert('XSS');">},
        q{<img />},

        # 19
        q{<IMG LOWSRC="javascript:alert('XSS');">},
        q{<img />},

        # 20
        q{exp/*<XSS STYLE='no\xss:noxss("*//*");
<STYLE>li \{list-style-image: url("javascript:alert('XSS')");\}</STYLE><UL><LI>XSS},
        q{exp/*<!--filtered--><!--filtered--><!--filtered-->},

        # 21
        q{<IMG SRC='vbscript:msgbox("XSS")'>},
        q{<img />},

        # 22
        q{<LAYER SRC="http://ha.ckers.org/scriptlet.html"></LAYER>},
        q{<!--filtered--><!--filtered-->},

        # 23
        q{<IMG SRC="livescript:[code]">},
        q{<img />},

        # 24
        q{<META HTTP-EQUIV="refresh" CONTENT="0;url=javascript:alert('XSS');">},
        q{<!--filtered-->},

        # 25
        q{<META HTTP-EQUIV="refresh" CONTENT="0;url=data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K">},
        q{<!--filtered-->},

        # 26
        q{<META HTTP-EQUIV="refresh" CONTENT="0; URL=http://;URL=javascript:alert('XSS');">},
        q{<!--filtered-->},

        # 27
        q{<IMG SRC="mocha:[code]">},
        q{<img />},

        # 28
        q{<OBJECT TYPE="text/x-scriptlet" DATA="http://ha.ckers.org/scriptlet.html"></OBJECT>},
        q{<!--filtered--><!--filtered-->},

        # 29
        q{<OBJECT classid=clsid:ae24fdae-03c6-11d1-8b76-0080c744f389><param name=url value=javascript:alert('XSS')></OBJECT>},
        q{<!--filtered--><!--filtered--><!--filtered-->},

        # 30
        q{<EMBED SRC="http://ha.ckers.org/xss.swf" AllowScriptAccess="always"></EMBED>},
        q{<!--filtered--><!--filtered-->},

        # 31
        q{a="get";&#10;b="URL("";&#10;c="javascript:";&#10;d="alert('XSS');")";},
        q{a=&quot;get&quot;;
b=&quot;URL(&quot;&quot;;
c=&quot;javascript:&quot;;
d=&quot;alert(&#39;XSS&#39;);&quot;)&quot;;},

        # 32
        q{<STYLE TYPE="text/javascript">alert('XSS');</STYLE>},
        q{<!--filtered--><!--filtered-->},

        # 33
        q{<IMG STYLE="xss:expr/*XSS*/ession(alert('XSS'))">},
        q{<img />},

        # 34
        q{<XSS STYLE="xss:expression(alert('XSS'))">},
        q{<!--filtered-->},

        # 35
        q{<STYLE>.XSS\{background-image:url("javascript:alert('XSS')");\}</STYLE><A CLASS=XSS></A>},
        q{<!--filtered--><!--filtered--><a></a>},

        # 36
        q{<STYLE type="text/css">BODY\{background:url("javascript:alert('XSS')")\}</STYLE>},
        q{<!--filtered--><!--filtered-->},

        # 37
        q{<LINK REL="stylesheet" HREF="javascript:alert('XSS');">},
        q{<!--filtered-->},

        # 38
        q{<LINK REL="stylesheet" HREF="http://ha.ckers.org/xss.css">},
        q{<!--filtered-->},

        # 39
        q{<STYLE>@import'http://ha.ckers.org/xss.css';</STYLE>},
        q{<!--filtered--><!--filtered-->},

        # 40
        q{<META HTTP-EQUIV="Link" Content="<http://ha.ckers.org/xss.css>; REL=stylesheet">},
        q{<!--filtered-->},

        # 41
        q{<STYLE>BODY\{-moz-binding:url("http://ha.ckers.org/xssmoz.xml#xss")\}</STYLE>},
        q{<!--filtered--><!--filtered-->},

        # 42
        q{<TABLE BACKGROUND="javascript:alert('XSS')"></TABLE>},
        q{<table></table>},

        # 43
        q{<TABLE><TD BACKGROUND="javascript:alert('XSS')"></TD></TABLE>},
        q{<table><!--filtered--><!--filtered--></table>},

        # 44
        q{<HTML xmlns:xss>},
        q{<!--filtered-->},