mirror of
https://github.com/PrivateBin/PrivateBin.git
synced 2024-12-28 00:39:25 -05:00
add some more tests from OWASP
This commit is contained in:
parent
9fa2ea3373
commit
3d2dbabaec
18
js/test.js
18
js/test.js
@ -1451,9 +1451,6 @@ describe('PasteViewer', function () {
|
||||
// https://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet
|
||||
jsc.elements([
|
||||
'<PLAINTEXT>',
|
||||
// @TODO these two pass, but aren't evaluated in this context - do they need to be sanitized, too?
|
||||
// '\';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//";',
|
||||
// 'alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//--',
|
||||
'></SCRIPT>">\'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>',
|
||||
'\'\';!--"<XSS>=&{()}',
|
||||
'<SCRIPT SRC=http://example.com/xss.js></SCRIPT>',
|
||||
@ -1466,8 +1463,18 @@ describe('PasteViewer', function () {
|
||||
'<a onmouseover="alert(document.cookie)">xxs link</a>',
|
||||
'<a onmouseover=alert(document.cookie)>xxs link</a>',
|
||||
'<IMG """><SCRIPT>alert("XSS")</SCRIPT>">',
|
||||
'<IMG SRC=javascript:alert(String.fromCharCode(88,83,83))>'
|
||||
// @TODO the list goes on…
|
||||
'<IMG SRC=javascript:alert(String.fromCharCode(88,83,83))>',
|
||||
'<IMG STYLE="xss:expr/*XSS*/ession(alert(\'XSS\'))">',
|
||||
'<FRAMESET><FRAME SRC="javascript:alert(\'XSS\');"></FRAMESET>',
|
||||
'<TABLE BACKGROUND="javascript:alert(\'XSS\')">',
|
||||
'<TABLE><TD BACKGROUND="javascript:alert(\'XSS\')">',
|
||||
'<SCRIPT>document.write("<SCRI");</SCRIPT>PT SRC="httx://xss.rocks/xss.js"></SCRIPT>',
|
||||
'(alert)(1)',
|
||||
'a=alert,a(1)',
|
||||
'top[“al”+”ert”](1)',
|
||||
'top[/al/.source+/ert/.source](1)',
|
||||
'al\u0065rt(1)',
|
||||
'top[8680439..toString(30)](1)'
|
||||
]),
|
||||
'string',
|
||||
function (format, prefix, xss, suffix) {
|
||||
@ -1490,4 +1497,3 @@ describe('PasteViewer', function () {
|
||||
);
|
||||
});
|
||||
});
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user