diff options
Diffstat (limited to 'tests/parser/parserTests.txt')
-rw-r--r-- | tests/parser/parserTests.txt | 75 |
1 files changed, 75 insertions, 0 deletions
diff --git a/tests/parser/parserTests.txt b/tests/parser/parserTests.txt index 02a66b51..9658e8f8 100644 --- a/tests/parser/parserTests.txt +++ b/tests/parser/parserTests.txt @@ -11574,6 +11574,17 @@ Bug 3244: HTML attribute safety (extension; unsafe) !! end +!! test +Opera -o-link CSS +!! input +<div +title="data:text/html,<img src=1 onerror=alert(1)>" +style="-o-link:attr(title);-o-link-source:current">X</div> +!! result +<div title="data:text/html,<img src=1 onerror=alert(1)>" style="/* insecure input */">X</div> + +!! end + # More MSIE fun discovered by Tom Gilder !! test @@ -11612,6 +11623,70 @@ MSIE CSS safety test: comment in expression !! end +!! test +CSS safety test: vertical tab +!! input +<p style="font-size: 100px; background-image:url\b(https://www.google.com/images/srpr/logo6w.png)">A</p> +!! result +<p style="/* invalid control char */">A</p> + +!! end + +!! test +MSIE CSS safety test: Fullwidth +!! input +<p style="font-size: 100px; color: expression((title='XSSed'),'red')">A</p> +<div style="top:EXPRESSION(alert())">B</div> +!! result +<p style="/* insecure input */">A</p> +<div style="/* insecure input */">B</div> + +!! end + +!! test +MSIE CSS safety test: IPA extensions +!! input +<div style="background-image:uʀʟ(javascript:alert())">A</div> +<p style="font-size: 100px; color: expʀessɪoɴ((title='XSSed'),'red')">B</p> +!! result +<div style="/* insecure input */">A</div> +<p style="/* insecure input */">B</p> + +!! end + +!! test +MSIE CSS safety test: sup/sub script +!! input +<div style="background-image:url⁽javascript:alert())">A</div> +<div style="background-image:url₍javascript:alert())">B</div> +<p style="font-size: 100px; color: expressioⁿ((title='XSSed'),'red')">C</p> +!! result +<div style="/* insecure input */">A</div> +<div style="/* insecure input */">B</div> +<p style="/* insecure input */">C</p> + +!! end + +!! test +MSIE CSS safety test: Repetition markers +!! input +<p style="font-size: 100px; color: expres〱ion((title='XSSed'),'red')">A</p> +<p style="font-size: 100px; color: expresゝion((title='XSSed'),'red')">B</p> +<p style="font-size: 100px; color: expresーion((title='XSSed'),'red')">C</p> +<p style="font-size: 100px; color: expresヽion((title='XSSed'),'red')">D</p> +<p style="font-size: 100px; color: expresﹽion((title='XSSed'),'red')">E</p> +<p style="font-size: 100px; color: expresﹼion((title='XSSed'),'red')">F</p> +<p style="font-size: 100px; color: expresーion((title='XSSed'),'red')">G</p> +!! result +<p style="/* insecure input */">A</p> +<p style="/* insecure input */">B</p> +<p style="/* insecure input */">C</p> +<p style="/* insecure input */">D</p> +<p style="/* insecure input */">E</p> +<p style="/* insecure input */">F</p> +<p style="/* insecure input */">G</p> + +!! end !! test Table attribute legitimate extension |