Aleksander Machniak
2016-05-20 9e64dc2debfa1c7410f82bf71f4d10856751e258
commit | author | age
63d4b1 1 <html>
T 2 <head>
3 </head>
4 <body>
5 <h1>1 test</h1>
6 <p>&lt;style&gt; block</p>
7 <style>input { left:expression( alert(&#039;expression!&#039;) ) }</style>
8 <style>div   { background:url(alert(&#039;URL!&#039;) ) }</style>
9
10 <h1>2 test</h1>
11 <p>&lt;div&gt; block</p>
12 <div style="font-style:italic">valid css</div>
98c2d6 13 <div style="color:red; background:url('//somedomain.com/somepath/somefile.png')">
63d4b1 14 <div style="{ left:expression( alert(&#039;expression!&#039;) ) }">
T 15 <div style="{ background:url( alert(&#039;URL!&#039;) ) }">
16
17 <h1>3 test</h1>
18 <p>Inject comment text</p>
19 <div style="{ left:exp/*  */ression( alert(&#039;xss3&#039;) ) }">
98c2d6 20 <div style=" background:u/* */rl( alert(&#039;xssurl3&#039;) ) ">
63d4b1 21
T 22 <h1>4 test</h1>
23 <p>Using reverse solid to directe the codepoint</p>
24 <div style="{ left:\0065\0078pression( alert(&#039;xss4&#039;) ) }">
25 <div style="{ background:\0075rl( alert(&#039;xssurl4&#039;) ) }">
26
27 <h1>5 test</h1>
28 <p>Character entity references</p>
29 <p>Character entity references is acceptable in "inline styles"</p>
30 <div style="{ left:&#x0065;xpression( alert(&#039;xss&#039;) ) }">
31 <div style="{ left:&#101;xpression( alert(&#039;xss&#039;) ) }">
32 <div style="{ background:&#x0075;rl( alert(&#039;URL!&#039;) ) }">
33 <div style="{ background:&#117;rl( alert(&#039;URL!&#039;) ) }">
34 <div style="{ left:&#x0065xpression( alert(&#039;xss&#039;) ) }">
35
36 <div style="{ left:ï½.ï½.pï½.ï½.ï½.ï½.ï½.oï½.( alert(&#039;xss&#039;) ) }">
37 <div style="{ left:ï½.ï½.&#x2f;**/pression( alert(&#039;xss&#039;) ) }">
38 <div style="{ left:exp&#x0280;essio&#x0274;( alert(&#039;xss&#039;) ) }">
39 <div style="{ left:&#x5c;0065&#x5c;0078pression( alert(&#039;xss&#039;) ) }">
40 <div style="{ left:ex p ression( alert(&#039;xss&#039;) ) }">
41
42 <div style="{ background:ï½.ï½.ï½.( javascript:alert(&#039;xss&#039;) ) }">
43 <div style="{ background:&#x0075;/**/rl( javascript:alert(&#039;xss&#039;) ) }">
44 <div style="{ background:\0075\0072\006c( javascript:alert(&#039;xss&#039;) ) }">
45 <div style="{ background:u&#x0280;&#x029F;( javascript:alert(&#039;xss&#039;) ) 
46 }">
47 <div style="{ background:&#x5c;0075&#x5c;0280l( javascript:alert(&#039;xss&#039;) 
48 ) }">
49 <div style="{ background:u r l( javascript:alert(&#039;xss&#039;) ) }">
50
51 </body>
52 </html>
53