We are no longer offering accounts on this server. Consider https://gitlab.freedesktop.org/ as a place to host projects.

Commit f01c478a authored by mattl's avatar mattl

htmLawed extlib updated

parent f268c3f8
This diff is collapsed.
This diff is collapsed.
This source diff could not be displayed because it is too large. You can view the blob instead.
This source diff could not be displayed because it is too large. You can view the blob instead.
/*
htmLawed_TESTCASE.txt, 23 April 2009
htmLawed 1.1.8.1, 16 July 2009
htmLawed_TESTCASE.txt, 27 August 2013
htmLawed 1.1.16, 29 August 2013
Copyright Santosh Patnaik
GPL v3 license
Dual licensed with LGPL 3 and GPL 2+
A PHP Labware internal utility - http://www.bioinformatics.org/phplabware/internal_utilities/htmLawed
*/
......@@ -27,6 +27,8 @@ character encoding to Unicode/UTF-8
<strong>Duplicated:</strong> <a id="id5" id="id6">a</a><br />
<strong>Deprecated:</strong> <a id="id7" target="self" name="n">a</a>, <hr noshade="noshade" /><br />
<strong>Casing:</strong> <a HREF=""></a><br />
<strong>Custom:</strong> <img alt="image" my:data="portrait" /><br />
<strong>Data-*:</strong> <a data-xml="x" data-xmnt="x" data-xmlnt="x" data-xmn:t="x" data-xmxm="x">a</a><br />
<strong>Admin-restricted?:</strong> <a href="x" onclick="alert();"></a>
<h6>Attribute values</h6>
......@@ -46,6 +48,11 @@ character encoding to Unicode/UTF-8
<blockquote><div>abc</div>def</blockquote><br />
<blockquote>abc<div>def</div>ghi</blockquote><br />
abc<div>def</div>ghi<br />
<blockquote>QQQ<div>x</div><!-- comment --></blockquote><br />
<blockquote><div>x</div><!-- comment -->QQQ</blockquote><br />
<blockquote><!-- comment --><div>x</div>QQQ<div>x</div></blockquote><br />
<blockquote><div>x<!-- comment --></div>QQQ</blockquote><p>x</p><br />
<br />
(try with blockquote parent)
<h6>CDATA sections</h6>
......@@ -94,6 +101,15 @@ The PHP <s>software</s> script used for this <strike>web-page</strike> webpage i
<area href="5" shape="Rect" coords="0,0,118,28">
</map></object>
<param name="name">value</param>
<object id="obj1">
<param name="param1">
<object id="obj2">
<param name="param2">
</object>
</object>
<h6>Complex-4: nested and other tables</h6>
<table border="1" bgcolor="red"> <tr> <td> Cell </td> <td colspan="2" rowspan="2"> <table border="1" bgcolor="green"> <tr> <td> Cell </td> <td colspan="2" rowspan="2"> </td> </tr> <tr> <td> Cell </td> </tr> <tr> <td> Cell </td> <td> Cell </td> <td> Cell </td> </tr> </table> </td> </tr> <tr> <td> Cell </td> </tr> <tr> <td> Cell </td> <td> Cell </td> <td> Cell </td> </tr> </table><br />
......@@ -119,8 +135,9 @@ Disallowed tag p
<strong>Invalid:</strong> <image src="s" alt="a" /><br />
<strong>Empty:</strong> <img src="s" alt="a" />, <img src="s" alt="a"></img>, <img src="s" alt="a">text</img><br />
<strong>Content invalid:</strong> <a href="h">1<a>2</a></a><br />
<strong>Content invalid?:</strong> <form></form><br /> (try setting 'form' as parent)
<strong>Casing:</strong> <A href=""></a>
<strong>Content invalid?:</strong> <form></form><br /> (try setting 'form' as parent)<br />
<strong>Casing:</strong> <A href=""></a><br />
<strong>Check for tidy:</strong> <br /><hr /></div><hr /></div><hr /></div><div>hi</div>
<h6>Entities</h6>
......@@ -181,10 +198,20 @@ text <img src="none" alt="none" /> <b>t<em> e <strong> x </strong> t</em></b>
<h6>HTML comments (also CDATA)</h6>
Special characters inside: <!-- <![CDATA check ]]> -->, <!-- 3 < 4 > 3.5, & 4 &gt; 4 -->, <!-- che--ck -->, <!--[if !IE]> <--><a>c</a><!--> <![endif]--><br />
Normal: <!-- check -->, <!--check -->, <em>comment:<!-- check --></em><!-- check -->, <table><!-- check --><tr><td>text not allowed</td></tr></table><br />
Malformed: <![cdata check ]]>, < ![CDATA check ]]>, < ![CDATA check ] ]><br />
Invalid: <em <!-- check -->>comment in tag content</em>, <!--check-->
<strong>Script inside:</strong> <!--[if gte IE 4]>
<SCRIPT>alert('XSS');</SCRIPT>
<![endif]--><br />
<strong>Special characters inside: <!-- <![CDATA check ]]> -->, <!-- 3 < 4 > 3.5, & 4 &gt; 4 -->, <!-- che--ck -->, <!--[if !IE]> <--><a>c</a><!--> <![endif]--><br />
<strong>Normal:</strong> <!-- check -->, <!--check -->, <em>comment:<!-- check --></em><!-- check -->, <table><!-- check --><tr><td>text not allowed</td></tr></table><br />
<strong>Malformed:</strong> <![cdata check ]]>, < ![CDATA check ]]>, < ![CDATA check ] ]><br />
Invalid:</strong> <em <!-- check -->>comment in tag content</em>, <!--check-->
<h6>HTML5</h6>
<strong>figure and figcaption:</strong> <figure><img src="picture.jpg" alt="picture"><figcaption>Caption for the awesome picture</figcaption></figure>
<strong>article:</strong> <h1>A</h1><p>B</p><article><h2>C</h2></article><article><h2>E</h2><p>F</p><p>G</p></article>
<strong>meter</strong>: <p>Heat <meter min="100" max="200" value="150">150</meter>.</p>
<strong>datalist</strong>: <input list="b" /><datalist id="b"><option value="c"><option value="d"></datalist>
<h6>Ins-Del</h6>
......@@ -224,6 +251,11 @@ Invalid: <em <!-- check -->>comment in tag content</em>, <!--check-->
<li>l3</li>
<li>l4<ol><li>lo3</li><li>lo4<ol><li>lo5</li></ol></li></ol></li>
</ul><br />
<strong>Nested, directly</strong>: <ul>
<li>l1</li>
<ol>l2</ol>
<li>l3</li>
</ul><br />
<strong>Nested, close-tags omitted</strong>: <ul>
<li>l1</li>
<li>l2<ol><li>lo1<li>lo2</ol>
......@@ -241,12 +273,34 @@ Invalid: <em <!-- check -->>comment in tag content</em>, <!--check-->
</form>
</li></ul>
</td></tr></table></li></ol>
<strong>Menu</strong>: <menu type="toolbar"><li><menu label="File">
<button type="button" onclick="new()">New...</button>
</menu></li><li><menu label="Edit"><button type="button" onclick="cut()">Cut...</button></menu></li>
</menu>
<h6>Microdata</h6>
<div itemscope itemtype="http://data-vocabulary.org/Person">
I am <span itemprop="name">X</span> but people call me <span itemprop="nickname">Y</span>.
Find me at <a href="http://www.xy.com" itemprop="url">www.xy.com</a>
</div>
<h6>Microsoft Word</h6>
<strong>Proprietary tag</strong>: <p class=3DMsoNormal><o:p>&nbsp;</o:p></p><br />
<strong>XML declaration</strong>: <?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" /><br />
<strong>XML-invalid character code-point (may not replicate)</strong>: <p class=3DMsoNormal>“Where is he?” asked both Mary – the one so lovely – and Jane.</p>
<h6>Nesting</h6>
<strong>Block or inline a</strong>: <p><a href="link">text</a></p><a href="link"><div>hi</div></a><br />
<h6>Non-English text-1</h6>
Inscrieţi-vă acum la a Zecea Conferinţă Internaţională<br />
გთხოვთ ახლავე გაიაროთ რეგისტრაცია<br />
večjezično računalništvo<br />
<a title="อ.อ่าง">อ.อ่าง</a><br />
<a title="הירשמו
כעת לכנס ">Зарегистрируйтесь сейчас
на Десятую Международную Конференцию по</a><br />
......@@ -288,6 +342,7 @@ na Alemanha.
<rp>(</rp><rt>aaa</rt><rp>)</rp>
</ruby>
<h6>Tables</h6>
<strong>Omitted closing tags:</strong> <table>
......@@ -314,12 +369,21 @@ na Alemanha.
<tr><td>r2c1<td>r2c2
</table><br />
<h6>Tag transformation</h6>
<strong>Font element intended as 'inline' element:</strong> <p><font color='red'>hi</font></p><br />
<strong>Font element intended as 'block' element:</strong> <div><font color='red'><div>hi</div></font></div><br />
<strong>Font element intended as 'block' element:</strong> <center><font color='red'><div>hi</div><div>QQQ</div></font></center><br />
<h6>Tidy</h6>
<strong>White-space handling:</strong> abc<em> def </em> ghi abc <em>def</em> ghi
<h6>URLs</h6>
<strong>Relative and absolute:</strong> <a href="mailto:x"></a>, <a href="http://a.com/b/c/d.f"></a>, <a href="./../d.f"></a>, <a href="./d.f"></a>, <a href="d.f"></a>, <a href="#s"></a>, <a href="./../../d.f#s"></a><br />
(try base URL value of 'http://a.com/b/')<br />
<strong>CSS URLs:</strong> <div style="background-image: url('a.gif');"></div>, <div style="background-image: URL(&quot;a.gif&quot;);"></div>, <div style="background-image: url('http://a.com/a.gif');"></div>, <div style="background-image: url('./../a.gif');"></div>, <div style="background-image: &#117;r&#x6C;('js&#58;xss'&#x29;"></div><br />
<strong>Anti-spam:</strong> (try regex for 'http://a.com', etc.) <a href="mailto:x@y.com"></a>, <a href="http://a.com/b@d.f"></a>, <a href="a.com/d.f" rel="nofollow"></a>, <a href="a.com/d.f" rel="1, 2"></a>, <a href="a.com/d.f"></a>, <a href="b.com/d.f"></a>, <a href="c.com/d.f"></a><br />
<strong>Double URLs:</strong> <a style="behaviour: url(foo) url(http://example.com/xss.htc)">b</a><br />
<strong>Anti-spam:</strong> (try regex for 'http://a.com', etc.) <a href="mailto:x@y.com"></a>, <a href="http://a.com/b@d.f"></a>, <a href="a.com/d.f" rel="nofollow"></a>, <a href="a.com/d.f" rel="1, 2"></a>, <a href="a.com/d.f"></a>, <a href="b.com/d.f"></a>, <a href="c.com/d.f">, <a href="denied:http://c.com/d.f"></a><br />
<h6>XSS</h6>
......@@ -338,6 +402,7 @@ src=&#106;&#97;&#118;&#97;&#115;&#99;&#114;&#105;&#112;&#116;&#58;&#97;&#108;&#1
<a style=";-moz-binding:url(http://lukasz.pilorz.net/xss/xss.xml#xss)" href="http://example.com">test</a><br />
<strong>Bad IE7:</strong> <a href="http://x&x=%22+style%3d%22background-image%3a+expression%28alert
%28%27xss%3f%29%29">x</a><br />
<strong>Opera:</strong> <a href="\xE2\x80\x83javascript:alert(123)">link</a>
<strong>Bad IE7:</strong> <a style=color:expr/*comment*/ession(alert(document.domain))>xxx</a><br />
<strong>Bad IE7:</strong> <a href="xxx" style="background: exp&#x72;ession(alert('xss'));">xxx</a><br />
<strong>Bad IE7:</strong> <a href="xxx" style="background: &#101;xpression(alert('xss'));">xxx</a><br />
......@@ -367,4 +432,19 @@ script:eval(document.all.mycode.expr)')">hi</a><br />
3 < 4 <br />
3 > 4 <br />
> 3 <br />
\ No newline at end of file
> 3 <br />
<._.> hi! <br />
<<< ALERT >>> <br />
<![if !vml]> some stuff <![endif]> <br />
<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" /> <br />
<uml:ns ns = "urn:www"> <br />
<uml:ns ns = 'urn:www'> <br />
if(13<age AND 21>age){say 'teen'} <br />
age >51 and a smoking history of >51 pack-years <b>was</b> <br />
age > 51 and a smoking history of >51 pack-years <b>was</b> <br />
age <51 and a smoking history of <51 pack-years <b>was</b> <br />
age < 51 and a smoking history of < 51 pack-years <b>was</b> <br />
<b>age >51 and a smoking history of >51 pack-years</b> <br />
<b>age > 51 and a smoking history of >51 pack-years</b> <br />
<b>age <51 and a smoking history of <51 pack-years</b> <br />
<b>age < 51 and a smoking history of < 51 pack-years</b> <br />
\ No newline at end of file
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment