Skip to content

Commit

Permalink
Merge pull request #205 from flavorjones/flavorjones-test-unicode-enc…
Browse files Browse the repository at this point in the history
…oded-exploit

test: actually test against a working unicode-encoded exploit
  • Loading branch information
flavorjones authored Apr 8, 2021
2 parents 4a6be02 + 895b5f4 commit db365d0
Showing 1 changed file with 22 additions and 0 deletions.
22 changes: 22 additions & 0 deletions test/assets/testdata_sanitizer_tests1.dat
Original file line number Diff line number Diff line change
Expand Up @@ -34,11 +34,33 @@
},

{
/* original */
"name": "div_background_image_unicode_encoded",
"input": "<div style=\"background-image:\u00a5\u00a2\u006C\u0028'\u006a\u0061\u00a6\u0061\u00a3\u0063\u00a2\u0069\u00a0\u00a4\u003a\u0061\u006c\u0065\u00a2\u00a4\u0028.1027\u0058.1053\u0053\u0027\u0029'\u0029\">foo</div>",
"output": "<div>foo</div>"
},

{
/* from https://owasp.org/www-community/xss-filter-evasion-cheatsheet */
"name": "div_background_image_unicode_encoded2",
"input": "<DIV STYLE=\"background-image:\u0075\u0072\u006C\u0028'\u006a\u0061\u0076\u0061\u0073\u0063\u0072\u0069\u0070\u0074\u003a\u0061\u006c\u0065\u0072\u0074\u0028.1027\u0058.1053\u0053\u0027\u0029'\u0029\">foo</div>",
"output": "<div>foo</div>"
},

{
/* uh, fix what appear to be typos that have propagated over the years */
"name": "div_background_image_unicode_encoded3",
"input": "<DIV STYLE=\"background-image:\u0075\u0072\u006C\u0028'\u006a\u0061\u0076\u0061\u0073\u0063\u0072\u0069\u0070\u0074\u003a\u0061\u006c\u0065\u0072\u0074\u0028\u0027\u0058\u0053\u0053\u0027\u0029'\u0029\">foo</div>",
"output": "<div>foo</div>"
},

{
/* and finally a version that has a chance of actually demonstrating a javascript vulnerability */
"name": "div_background_image_unicode_encoded4",
"input": "<DIV STYLE=\"background-image:\u0075\u0072\u006C\u0028'\u006a\u0061\u0076\u0061\u0073\u0063\u0072\u0069\u0070\u0074\u003a\u0061\u006c\u0065\u0072\u0074\u0028\u0031\u0032\u0033\u0034\u0029'\u0029\">foo</div>",
"output": "<div>foo</div>"
},

{
"name": "div_expression",
"input": "<div style=\"width: expression(alert('XSS'));\">foo</div>",
Expand Down

0 comments on commit db365d0

Please sign in to comment.