diff options
| author | Thomas Bruederli <thomas@roundcube.net> | 2014-01-30 09:12:57 +0100 |
|---|---|---|
| committer | Thomas Bruederli <thomas@roundcube.net> | 2014-01-30 09:12:57 +0100 |
| commit | 8c893b79d230cc844226bdf3b1de95cd5a99ecb2 (patch) | |
| tree | f8e6e1df519c9b85bd16bdc31f1ae6a3b16ce6e7 /tests/src/BID-26800.txt | |
| parent | 1978ae97a5e0feb8d205c5fcbaa2cc16ce3ffc28 (diff) | |
Branching off for release 1.0
Diffstat (limited to 'tests/src/BID-26800.txt')
| -rw-r--r-- | tests/src/BID-26800.txt | 53 |
1 files changed, 0 insertions, 53 deletions
diff --git a/tests/src/BID-26800.txt b/tests/src/BID-26800.txt deleted file mode 100644 index e4e2fe795..000000000 --- a/tests/src/BID-26800.txt +++ /dev/null @@ -1,53 +0,0 @@ -<html> -<head> -</head> -<body> -<h1>1 test</h1> -<p><style> block</p> -<style>input { left:expression( alert('expression!') ) }</style> -<style>div { background:url(alert('URL!') ) }</style> - -<h1>2 test</h1> -<p><div> block</p> -<div style="font-style:italic">valid css</div> -<div style="color:red; background:url('//somedomain.com/somepath/somefile.png')"> -<div style="{ left:expression( alert('expression!') ) }"> -<div style="{ background:url( alert('URL!') ) }"> - -<h1>3 test</h1> -<p>Inject comment text</p> -<div style="{ left:exp/* */ression( alert('xss3') ) }"> -<div style=" background:u/* */rl( alert('xssurl3') ) "> - -<h1>4 test</h1> -<p>Using reverse solid to directe the codepoint</p> -<div style="{ left:\0065\0078pression( alert('xss4') ) }"> -<div style="{ background:\0075rl( alert('xssurl4') ) }"> - -<h1>5 test</h1> -<p>Character entity references</p> -<p>Character entity references is acceptable in "inline styles"</p> -<div style="{ left:expression( alert('xss') ) }"> -<div style="{ left:expression( alert('xss') ) }"> -<div style="{ background:url( alert('URL!') ) }"> -<div style="{ background:url( alert('URL!') ) }"> -<div style="{ left:expression( alert('xss') ) }"> - -<div style="{ left:..p.....o.( alert('xss') ) }"> -<div style="{ left:../**/pression( alert('xss') ) }"> -<div style="{ left:expʀessioɴ( alert('xss') ) }"> -<div style="{ left:\0065\0078pression( alert('xss') ) }"> -<div style="{ left:ex p ression( alert('xss') ) }"> - -<div style="{ background:...( javascript:alert('xss') ) }"> -<div style="{ background:u/**/rl( javascript:alert('xss') ) }"> -<div style="{ background:\0075\0072\006c( javascript:alert('xss') ) }"> -<div style="{ background:uʀʟ( javascript:alert('xss') ) -}"> -<div style="{ background:\0075\0280l( javascript:alert('xss') -) }"> -<div style="{ background:u r l( javascript:alert('xss') ) }"> - -</body> -</html> - |