commit | author | age
|
63d4b1
|
1 |
<html> |
T |
2 |
<head> |
|
3 |
</head> |
|
4 |
<body> |
|
5 |
<h1>1 test</h1> |
|
6 |
<p><style> block</p> |
|
7 |
<style>input { left:expression( alert('expression!') ) }</style> |
|
8 |
<style>div { background:url(alert('URL!') ) }</style> |
|
9 |
|
|
10 |
<h1>2 test</h1> |
|
11 |
<p><div> block</p> |
|
12 |
<div style="font-style:italic">valid css</div> |
98c2d6
|
13 |
<div style="color:red; background:url('//somedomain.com/somepath/somefile.png')"> |
63d4b1
|
14 |
<div style="{ left:expression( alert('expression!') ) }"> |
T |
15 |
<div style="{ background:url( alert('URL!') ) }"> |
|
16 |
|
|
17 |
<h1>3 test</h1> |
|
18 |
<p>Inject comment text</p> |
|
19 |
<div style="{ left:exp/* */ression( alert('xss3') ) }"> |
98c2d6
|
20 |
<div style=" background:u/* */rl( alert('xssurl3') ) "> |
63d4b1
|
21 |
|
T |
22 |
<h1>4 test</h1> |
|
23 |
<p>Using reverse solid to directe the codepoint</p> |
|
24 |
<div style="{ left:\0065\0078pression( alert('xss4') ) }"> |
|
25 |
<div style="{ background:\0075rl( alert('xssurl4') ) }"> |
|
26 |
|
|
27 |
<h1>5 test</h1> |
|
28 |
<p>Character entity references</p> |
|
29 |
<p>Character entity references is acceptable in "inline styles"</p> |
|
30 |
<div style="{ left:expression( alert('xss') ) }"> |
|
31 |
<div style="{ left:expression( alert('xss') ) }"> |
|
32 |
<div style="{ background:url( alert('URL!') ) }"> |
|
33 |
<div style="{ background:url( alert('URL!') ) }"> |
|
34 |
<div style="{ left:expression( alert('xss') ) }"> |
|
35 |
|
|
36 |
<div style="{ left:ï½.ï½.ï½ï½.ï½.ï½.ï½.ï½.ï½ï½.( alert('xss') ) }"> |
|
37 |
<div style="{ left:ï½.ï½./**/pression( alert('xss') ) }"> |
|
38 |
<div style="{ left:expʀessioɴ( alert('xss') ) }"> |
|
39 |
<div style="{ left:\0065\0078pression( alert('xss') ) }"> |
|
40 |
<div style="{ left:ex p ression( alert('xss') ) }"> |
|
41 |
|
|
42 |
<div style="{ background:ï½.ï½.ï½.( javascript:alert('xss') ) }"> |
|
43 |
<div style="{ background:u/**/rl( javascript:alert('xss') ) }"> |
|
44 |
<div style="{ background:\0075\0072\006c( javascript:alert('xss') ) }"> |
|
45 |
<div style="{ background:uʀʟ( javascript:alert('xss') ) |
|
46 |
}"> |
|
47 |
<div style="{ background:\0075\0280l( javascript:alert('xss') |
|
48 |
) }"> |
|
49 |
<div style="{ background:u r l( javascript:alert('xss') ) }"> |
|
50 |
|
|
51 |
</body> |
|
52 |
</html> |
|
53 |
|