blob: 513516c0925c7fc55dbb79fc7343fb749be1da4c (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
|
<html>
<head>
</head>
<body>
<h1>1 test</h1>
<p><style> block</p>
<style>input { left:expression( alert('expression!') ) }</style>
<style>div { background:url(alert('URL!') ) }</style>
<h1>2 test</h1>
<p><div> block</p>
<div style="font-style:italic">valid css</div>
<div style="{ left:expression( alert('expression!') ) }">
<div style="{ background:url( alert('URL!') ) }">
<h1>3 test</h1>
<p>Inject comment text</p>
<div style="{ left:exp/* */ression( alert('xss3') ) }">
<div style="{ background:u/* */rl( alert('xssurl3') ) }">
<h1>4 test</h1>
<p>Using reverse solid to directe the codepoint</p>
<div style="{ left:\0065\0078pression( alert('xss4') ) }">
<div style="{ background:\0075rl( alert('xssurl4') ) }">
<h1>5 test</h1>
<p>Character entity references</p>
<p>Character entity references is acceptable in "inline styles"</p>
<div style="{ left:expression( alert('xss') ) }">
<div style="{ left:expression( alert('xss') ) }">
<div style="{ background:url( alert('URL!') ) }">
<div style="{ background:url( alert('URL!') ) }">
<div style="{ left:expression( alert('xss') ) }">
<div style="{ left:..p.....o.( alert('xss') ) }">
<div style="{ left:../**/pression( alert('xss') ) }">
<div style="{ left:expʀessioɴ( alert('xss') ) }">
<div style="{ left:\0065\0078pression( alert('xss') ) }">
<div style="{ left:ex p ression( alert('xss') ) }">
<div style="{ background:...( javascript:alert('xss') ) }">
<div style="{ background:u/**/rl( javascript:alert('xss') ) }">
<div style="{ background:\0075\0072\006c( javascript:alert('xss') ) }">
<div style="{ background:uʀʟ( javascript:alert('xss') )
}">
<div style="{ background:\0075\0280l( javascript:alert('xss')
) }">
<div style="{ background:u r l( javascript:alert('xss') ) }">
</body>
</html>
|
