mirror of
https://github.com/SickGear/SickGear.git
synced 2024-12-11 13:43:37 +00:00
81 lines
1.4 KiB
XML
81 lines
1.4 KiB
XML
|
<!--
|
||
|
Description: item description is crazy
|
||
|
Expect: not bozo and entries[0]['description'] == u'Crazy HTML -' + u'- Can Your Regex Parse This?\n\n\n\n<!-' + u'- <script> -' + u'->\n\n<!-' + u'- \n\t<script> \n-' + u'->\n\n\n\nfunction executeMe()\n{\n\n\n\n\n/* \n<h1>Did The Javascript Execute?</h1>\n<div>\nI will execute here, too, if you mouse over me\n</div>'
|
||
|
-->
|
||
|
<rss version="2.0">
|
||
|
<channel>
|
||
|
<title>Crazy RSS</title>
|
||
|
<description>Contains unsafe script</description>
|
||
|
<link>http://crazy.example.com/</link>
|
||
|
<language>en</language>
|
||
|
<item>
|
||
|
<description>
|
||
|
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
|
||
|
|
||
|
<html xmlns="http://www.w3.org/1999/xhtml">
|
||
|
<head>
|
||
|
<title>Crazy HTML -- Can Your Regex Parse This?</title>
|
||
|
|
||
|
</head>
|
||
|
<body notRealAttribute="value"onload="executeMe();"foo="bar"
|
||
|
|
||
|
>
|
||
|
<!-- <script> -->
|
||
|
|
||
|
<!--
|
||
|
<script>
|
||
|
-->
|
||
|
|
||
|
</script>
|
||
|
|
||
|
|
||
|
<script
|
||
|
|
||
|
|
||
|
>
|
||
|
|
||
|
function executeMe()
|
||
|
{
|
||
|
|
||
|
|
||
|
|
||
|
|
||
|
/* <script>
|
||
|
function am_i_javascript()
|
||
|
{
|
||
|
var str = "Some innocuously commented out stuff";
|
||
|
}
|
||
|
< /script>
|
||
|
*/
|
||
|
|
||
|
|
||
|
|
||
|
|
||
|
|
||
|
|
||
|
|
||
|
|
||
|
|
||
|
alert("Executed");
|
||
|
}
|
||
|
|
||
|
</script
|
||
|
|
||
|
|
||
|
|
||
|
>
|
||
|
<h1>Did The Javascript Execute?</h1>
|
||
|
<div notRealAttribute="value
|
||
|
"onmouseover="
|
||
|
executeMe();
|
||
|
"foo="bar">
|
||
|
I will execute here, too, if you mouse over me
|
||
|
</div>
|
||
|
|
||
|
</body>
|
||
|
|
||
|
</html>
|
||
|
</description>
|
||
|
</item>
|
||
|
</channel>
|
||
|
</rss>
|