mirror of
https://github.com/erusev/parsedown.git
synced 2023-08-10 21:13:06 +03:00
add xss tests
This commit is contained in:
parent
6bb66db00f
commit
af04ac92e2
@ -46,6 +46,8 @@ class ParsedownTest extends PHPUnit_Framework_TestCase
|
|||||||
$expectedMarkup = str_replace("\r\n", "\n", $expectedMarkup);
|
$expectedMarkup = str_replace("\r\n", "\n", $expectedMarkup);
|
||||||
$expectedMarkup = str_replace("\r", "\n", $expectedMarkup);
|
$expectedMarkup = str_replace("\r", "\n", $expectedMarkup);
|
||||||
|
|
||||||
|
$this->Parsedown->setMarkupEscaped($test === 'xss_text_encoding');
|
||||||
|
|
||||||
$actualMarkup = $this->Parsedown->text($markdown);
|
$actualMarkup = $this->Parsedown->text($markdown);
|
||||||
|
|
||||||
$this->assertEquals($expectedMarkup, $actualMarkup);
|
$this->assertEquals($expectedMarkup, $actualMarkup);
|
||||||
|
6
test/data/xss_attribute_encoding.html
Normal file
6
test/data/xss_attribute_encoding.html
Normal file
@ -0,0 +1,6 @@
|
|||||||
|
<p><a href="https://www.example.com"">xss</a></p>
|
||||||
|
<p><img src="https://www.example.com"" alt="xss" /></p>
|
||||||
|
<p><a href="https://www.example.com'">xss</a></p>
|
||||||
|
<p><img src="https://www.example.com'" alt="xss" /></p>
|
||||||
|
<p><img src="https://www.example.com" alt="xss"" /></p>
|
||||||
|
<p><img src="https://www.example.com" alt="xss'" /></p>
|
11
test/data/xss_attribute_encoding.md
Normal file
11
test/data/xss_attribute_encoding.md
Normal file
@ -0,0 +1,11 @@
|
|||||||
|
[xss](https://www.example.com")
|
||||||
|
|
||||||
|
![xss](https://www.example.com")
|
||||||
|
|
||||||
|
[xss](https://www.example.com')
|
||||||
|
|
||||||
|
![xss](https://www.example.com')
|
||||||
|
|
||||||
|
![xss"](https://www.example.com)
|
||||||
|
|
||||||
|
![xss'](https://www.example.com)
|
16
test/data/xss_bad_url.html
Normal file
16
test/data/xss_bad_url.html
Normal file
@ -0,0 +1,16 @@
|
|||||||
|
<p><a>xss</a></p>
|
||||||
|
<p><a>xss</a></p>
|
||||||
|
<p><a>xss</a></p>
|
||||||
|
<p><a>xss</a></p>
|
||||||
|
<p><img alt="xss" /></p>
|
||||||
|
<p><img alt="xss" /></p>
|
||||||
|
<p><img alt="xss" /></p>
|
||||||
|
<p><img alt="xss" /></p>
|
||||||
|
<p><a>xss</a></p>
|
||||||
|
<p><a>xss</a></p>
|
||||||
|
<p><a>xss</a></p>
|
||||||
|
<p><a>xss</a></p>
|
||||||
|
<p><img alt="xss" /></p>
|
||||||
|
<p><img alt="xss" /></p>
|
||||||
|
<p><img alt="xss" /></p>
|
||||||
|
<p><img alt="xss" /></p>
|
31
test/data/xss_bad_url.md
Normal file
31
test/data/xss_bad_url.md
Normal file
@ -0,0 +1,31 @@
|
|||||||
|
[xss](javascript:alert(1))
|
||||||
|
|
||||||
|
[xss]( javascript:alert(1))
|
||||||
|
|
||||||
|
[xss](javascript://alert(1))
|
||||||
|
|
||||||
|
[xss](javascript:alert(1))
|
||||||
|
|
||||||
|
![xss](javascript:alert(1))
|
||||||
|
|
||||||
|
![xss]( javascript:alert(1))
|
||||||
|
|
||||||
|
![xss](javascript://alert(1))
|
||||||
|
|
||||||
|
![xss](javascript:alert(1))
|
||||||
|
|
||||||
|
[xss](data:text/html;base64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg==)
|
||||||
|
|
||||||
|
[xss]( data:text/html;base64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg==)
|
||||||
|
|
||||||
|
[xss](data://text/html;base64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg==)
|
||||||
|
|
||||||
|
[xss](data:text/html;base64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg==)
|
||||||
|
|
||||||
|
![xss](data:text/html;base64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg==)
|
||||||
|
|
||||||
|
![xss]( data:text/html;base64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg==)
|
||||||
|
|
||||||
|
![xss](data://text/html;base64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg==)
|
||||||
|
|
||||||
|
![xss](data:text/html;base64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg==)
|
7
test/data/xss_text_encoding.html
Normal file
7
test/data/xss_text_encoding.html
Normal file
@ -0,0 +1,7 @@
|
|||||||
|
<p><script>alert(1)</script></p>
|
||||||
|
<p><script></p>
|
||||||
|
<p>alert(1)</p>
|
||||||
|
<p></script></p>
|
||||||
|
<p><script>
|
||||||
|
alert(1)
|
||||||
|
</script></p>
|
12
test/data/xss_text_encoding.md
Normal file
12
test/data/xss_text_encoding.md
Normal file
@ -0,0 +1,12 @@
|
|||||||
|
<script>alert(1)</script>
|
||||||
|
|
||||||
|
<script>
|
||||||
|
|
||||||
|
alert(1)
|
||||||
|
|
||||||
|
</script>
|
||||||
|
|
||||||
|
|
||||||
|
<script>
|
||||||
|
alert(1)
|
||||||
|
</script>
|
Loading…
Reference in New Issue
Block a user