Server : Apache System : Linux webd348.cluster026.gra.hosting.ovh.net 5.15.148-ovh-vps-grsec-zfs-classid #1 SMP Thu Feb 8 09:41:04 UTC 2024 x86_64 User : hednacluml ( 122243) PHP Version : 8.3.9 Disable Function : _dyuweyrj4,_dyuweyrj4r,dl Directory : /home/hednacluml/christian/plugins-dist/safehtml/tests/ |
<?php namespace Spip\Core\Tests; use PHPUnit\Framework\TestCase; class SafeHtmlTest extends TestCase { protected static $safehtml; public static function setUpBeforeClass(): void{ find_in_path("inc/texte_mini.php",'',true); // chercher la fonction si elle n'existe pas if (!function_exists(static::$safehtml='safehtml')){ find_in_path("inc/filtres.php",'',true); static::$safehtml = chercher_filtre(static::$safehtml); } } /** * @dataProvider providerXSS */ public function testXSS($expected, $source) { $safehtml = static::$safehtml; $actual = $safehtml($source); if (is_string($expected) and strpos($expected, """) !== false) { $expected = [$expected, str_replace('"', '"', $expected)]; } if (is_array($expected)) { $this->assertContains($actual, $expected); } else { $this->assertEquals($expected, $actual); } } public function providerXSS() { $essais = array ( 0 => array ( 0 => '', 1 => '', ), 1 => array ( 0 => '0', 1 => '0', ), 2 => array ( 0 => [ 'Un texte avec des <a href="http://spip.net">liens</a> [Article 1->art1] [spip->https://www.spip.net] https://www.spip.net', 'Un texte avec des <a href="http://spip.net">liens</a> [Article 1->art1] [spip->https://www.spip.net] https://www.spip.net', ], 1 => 'Un texte avec des <a href="http://spip.net">liens</a> [Article 1->art1] [spip->https://www.spip.net] https://www.spip.net', ), 3 => array ( 0 => 'Un texte avec des entités &<>"', 1 => 'Un texte avec des entités &<>"', ), 4 => array ( 0 => 'Un texte avec des entit&eacute;s echap&eacute; &amp;&lt;&gt;&quot;', 1 => 'Un texte avec des entit&eacute;s echap&eacute; &amp;&lt;&gt;&quot;', ), 5 => array ( 0 => 'Un texte avec des entités numériques &<>"', 1 => 'Un texte avec des entités numériques &<>"', ), 6 => array ( 0 => 'Un texte avec des entit&#233;s num&#233;riques echap&#233;es &#38;&#60;&#62;&quot;', 1 => 'Un texte avec des entit&#233;s num&#233;riques echap&#233;es &#38;&#60;&#62;&quot;', ), 7 => array ( 0 => [ 'Un texte sans entites &<>"\'', 'Un texte sans entites &<>"\'', ], 1 => 'Un texte sans entites &<>"\'', ), 8 => array ( 0 => '{{{Des raccourcis}}} {italique} {{gras}} <code>du code</code>', 1 => '{{{Des raccourcis}}} {italique} {{gras}} <code>du code</code>', ), 9 => array ( 0 => [ 'Un modele https://www.spip.net]>', 'Un modele https://www.spip.net]>', ], 1 => 'Un modele <modeleinexistant|lien=[->https://www.spip.net]>', ), 10 => array ( 0 => 'Un texte avec des retour a la ligne et meme des paragraphes', 1 => 'Un texte avec des retour a la ligne et meme des paragraphes', ), 11 => array ( 0 => [ '\';alert(String.fromCharCode(88,83,83))//\\\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//\\";alert(String.fromCharCode(88,83,83))//-->">\'><code class="echappe-js"><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT></code>=&{}', '\';alert(String.fromCharCode(88,83,83))//\\\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//\\";alert(String.fromCharCode(88,83,83))//-->">\'><code class="echappe-js"><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT></code>=&{}', ], 1 => '\';alert(String.fromCharCode(88,83,83))//\\\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//\\";alert(String.fromCharCode(88,83,83))//--></SCRIPT>">\'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>=&{}', ), 12 => array ( 0 => [ '\'\';!--"<xss>=&{()}</xss>', '\'\';!--"=&{()}', ], 1 => '\'\';!--"<XSS>=&{()}', ), 13 => array ( 0 => '<code class="echappe-js"><SCRIPT>alert(\'XSS\')</SCRIPT></code>', 1 => '<SCRIPT>alert(\'XSS\')</SCRIPT>', ), 14 => array ( 0 => '<code class="echappe-js"><SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT></code>', 1 => '<SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT>', ), 15 => array ( 0 => '<code class="echappe-js"><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT></code>', 1 => '<SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>', ), 16 => array ( 0 => [ '<base HREF="javascript:alert(\'XSS\');//">', '<base HREF="javascript:alert(\'XSS\');//">', ], 1 => '<BASE HREF="javascript:alert(\'XSS\');//">', ), 17 => array ( 0 => '<code class="echappe-js"><BGSOUND SRC="javascript:alert(\'XSS\');"></code>', 1 => '<BGSOUND SRC="javascript:alert(\'XSS\');">', ), 18 => array ( 0 => '<code class="echappe-js"><BODY BACKGROUND="javascript:alert(\'XSS\');"></code>', 1 => '<BODY BACKGROUND="javascript:alert(\'XSS\');">', ), 19 => array ( 0 => '<code class="echappe-js"><BODY ONLOAD=alert(\'XSS\')></code>', 1 => '<BODY ONLOAD=alert(\'XSS\')>', ), 20 => array ( 0 => '<div></div>', 1 => '<DIV STYLE="background-image: url(javascript:alert(\'XSS\'))">', ), 21 => array ( 0 => '<div></div>', 1 => '<DIV STYLE="background-image: url(javascript:alert(\'XSS\'))">', ), 22 => array ( 0 => '<div></div>', 1 => '<DIV STYLE="width: expression(alert(\'XSS\'));">', ), 23 => array ( 0 => '', 1 => '<FRAMESET><FRAME SRC="javascript:alert(\'XSS\');"></FRAMESET>', ), 24 => array ( 0 => '<code class="echappe-js"><IFRAME SRC="javascript:alert(\'XSS\');"></IFRAME></code>', 1 => '<IFRAME SRC="javascript:alert(\'XSS\');"></IFRAME>', ), 25 => array ( 0 => [ '<input type="IMAGE" />', '<input type="image" />', '<input type="image" alt="image">', ], 1 => '<INPUT TYPE="IMAGE" SRC="javascript:alert(\'XSS\');">', ), 26 => array ( 0 => '<code class="echappe-js"><IMG SRC="javascript:alert(\'XSS\');"></code>', 1 => '<IMG SRC="javascript:alert(\'XSS\');">', ), 27 => array ( 0 => '<code class="echappe-js"><IMG SRC=javascript:alert(\'XSS\')></code>', 1 => '<IMG SRC=javascript:alert(\'XSS\')>', ), 28 => array ( 0 => '<code class="echappe-js"><IMG DYNSRC="javascript:alert(\'XSS\');"></code>', 1 => '<IMG DYNSRC="javascript:alert(\'XSS\');">', ), 29 => array ( 0 => '<code class="echappe-js"><IMG LOWSRC="javascript:alert(\'XSS\');"></code>', 1 => '<IMG LOWSRC="javascript:alert(\'XSS\');">', ), 30 => array ( 0 => [ '<img src="http://www.thesiteyouareon.com/somecommand.php?somevariables=maliciouscode" />', '<img src="http://www.thesiteyouareon.com/somecommand.php?somevariables=maliciouscode" alt="somecommand.php?somevariables=maliciouscode" />', '<img src="http://www.thesiteyouareon.com/somecommand.php?somevariables=maliciouscode" alt="somecommand.php?somevariables=maliciouscode">', ], 1 => '<IMG SRC="http://www.thesiteyouareon.com/somecommand.php?somevariables=maliciouscode">', ), 31 => array ( 0 => [ 'exp/*<xss style="noxss:noxss("*/pression(alert("XSS"))"></xss>', 'exp/*', ], 1 => 'exp/*<XSS STYLE=\'no\\xss:noxss("*//*"); xss:ex/*XSS*//*/*/pression(alert("XSS"))\'>', ), 32 => array ( 0 => '<ul><li>XSS</li></ul>', 1 => '<STYLE>li {list-style-image: url("javascript:alert(\'XSS\')");}</STYLE><UL><LI>XSS', ), 33 => array ( 0 => '<code class="echappe-js"><IMG SRC=\'vbscript:msgbox("XSS")\'></code>', 1 => '<IMG SRC=\'vbscript:msgbox("XSS")\'>', ), 34 => array ( 0 => '', 1 => '<LAYER SRC="http://ha.ckers.org/scriptlet.html"></LAYER>', ), 35 => array ( 0 => '<code class="echappe-js"><IMG SRC="livescript:[code]"></code>', 1 => '<IMG SRC="livescript:[code]">', ), 36 => array ( 0 => '�script�alert(�XSS�)�/script�', 1 => '�script�alert(�XSS�)�/script�', ), 37 => array ( 0 => '<code class="echappe-js"><META HTTP-EQUIV="refresh" CONTENT="0;url=javascript:alert(\'XSS\');"></code>', 1 => '<META HTTP-EQUIV="refresh" CONTENT="0;url=javascript:alert(\'XSS\');">', ), 38 => array ( 0 => '<code class="echappe-js"><META HTTP-EQUIV="refresh" CONTENT="0;url=data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K"></code>', 1 => '<META HTTP-EQUIV="refresh" CONTENT="0;url=data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K">', ), 39 => array ( 0 => '<code class="echappe-js"><META HTTP-EQUIV="refresh" CONTENT="0; URL=http://;URL=javascript:alert(\'XSS\');"></code>', 1 => '<META HTTP-EQUIV="refresh" CONTENT="0; URL=http://;URL=javascript:alert(\'XSS\');">', ), 40 => array ( 0 => [ '<img />', '', ], 1 => '<IMG SRC="mocha:[code]">', ), 41 => array ( 0 => '', 1 => '<OBJECT TYPE="text/x-scriptlet" DATA="http://ha.ckers.org/scriptlet.html"></OBJECT>', ), 42 => array ( 0 => '<code class="echappe-js"><OBJECT classid=clsid:ae24fdae-03c6-11d1-8b76-0080c744f389><param name=url value=javascript:alert(\'XSS\')></OBJECT></code>', 1 => '<OBJECT classid=clsid:ae24fdae-03c6-11d1-8b76-0080c744f389><param name=url value=javascript:alert(\'XSS\')></OBJECT>', ), 43 => array ( 0 => '', 1 => '<EMBED SRC="http://ha.ckers.org/xss.swf" AllowScriptAccess="always"></EMBED>', ), 44 => array ( 0 => '', 1 => '<STYLE TYPE="text/javascript">alert(\'XSS\');</STYLE>', ), 45 => array ( 0 => [ '<img />', '', ], 1 => '<IMG STYLE="xss:expr/*XSS*/ession(alert(\'XSS\'))">', ), 46 => array ( 0 => [ '<xss></xss>', '', ], 1 => '<XSS STYLE="xss:expression(alert(\'XSS\'))">', ), 47 => array ( 0 => '<a class="XSS"></a>', 1 => '<STYLE>.XSS{background-image:url("javascript:alert(\'XSS\')");}</STYLE><A CLASS=XSS></A>', ), 48 => array ( 0 => '', 1 => '<STYLE type="text/css">BODY{background:url("javascript:alert(\'XSS\')")}</STYLE>', ), 49 => array ( 0 => '', 1 => '<LINK REL="stylesheet" HREF="javascript:alert(\'XSS\');">', ), 50 => array ( 0 => '', 1 => '<LINK REL="stylesheet" HREF="http://ha.ckers.org/xss.css">', ), 51 => array ( 0 => '', 1 => '<STYLE>@import\'http://ha.ckers.org/xss.css\';</STYLE>', ), 52 => array ( 0 => '', 1 => '<META HTTP-EQUIV="Link" Content="<http://ha.ckers.org/xss.css>; REL=stylesheet">', ), 53 => array ( 0 => '', 1 => '<STYLE>BODY{-moz-binding:url("http://ha.ckers.org/xssmoz.xml#xss")}</STYLE>', ), 54 => array ( 0 => [ '<table></table>', '', ], 1 => '<TABLE BACKGROUND="javascript:alert(\'XSS\')"></TABLE>', ), 55 => array ( 0 => [ '<table><td></td></table>', '<table></table>', '', ], 1 => '<TABLE><TD BACKGROUND="javascript:alert(\'XSS\')"></TD></TABLE>', ), 56 => array ( 0 => [ ' <?import namespace="xss" implementation="http://ha.ckers.org/xss.htc"> XSS ', ' <?import namespace="xss" implementation="http://ha.ckers.org/xss.htc"> XSS', ], 1 => '<HTML xmlns:xss> <?import namespace="xss" implementation="http://ha.ckers.org/xss.htc"> <xss:xss>XSS</xss:xss> </HTML>', ), 57 => array ( 0 => [ '<span></span>', '<IMG SRC="javascript:alert(\'XSS\');"> <span></span>', ], 1 => '<XML ID=I><X><C><![CDATA[<IMG SRC="javas]]><![CDATA[cript:alert(\'XSS\');">]]> </C></X></xml><SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML>', ), 58 => array ( 0 => [' <span></span>', '<i><b><img src="javas" alt="javas<!-- -->cript:alert(\'XSS\')" /></b></i><span></span>', '<i><b><img src="javas" alt="javas<!-- -->cript:alert(\'XSS\')"></b></i><span></span>', ], 1 => '<XML ID="xss"><I><B><IMG SRC="javas<!-- -->cript:alert(\'XSS\')"></B></I></XML> <SPAN DATASRC="#xss" DATAFLD="B" DATAFORMATAS="HTML"></SPAN>', ), 59 => array ( 0 => [ ' <span></span>', '<span></span>', ], 1 => '<XML SRC="http://ha.ckers.org/xsstest.xml" ID=I></XML> <SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML></SPAN>', ), 60 => array ( 0 => [ ' <?xml:namespace prefix="t" ns="urn:schemas-microsoft-com:time"> <?import namespace="t" implementation="#default#time2"> <SCRIPT DEFER>alert(\'XSS\')</SCRIPT>"> ', ' <?xml:namespace prefix="t" ns="urn:schemas-microsoft-com:time"> <?import namespace="t" implementation="#default#time2"> <SCRIPT DEFER>alert(\'XSS\')</SCRIPT>"> ', ], 1 => '<HTML><BODY> <?xml:namespace prefix="t" ns="urn:schemas-microsoft-com:time"> <?import namespace="t" implementation="#default#time2"> <t:set attributeName="innerHTML" to="XSS<SCRIPT DEFER>alert(\'XSS\')</SCRIPT>"> </BODY></HTML>', ), 61 => array ( 0 => '', 1 => '<!--[if gte IE 4]> <SCRIPT>alert(\'XSS\');</SCRIPT> <![endif]-->', ), 62 => array ( 0 => [ '<SCRIPT>alert(\'XSS\')</SCRIPT>">', '<SCRIPT>alert(\'XSS\')</SCRIPT>">', ], 1 => '<META HTTP-EQUIV="Set-Cookie" Content="USERID=<SCRIPT>alert(\'XSS\')</SCRIPT>">', ), 63 => array ( 0 => [ '<xss></xss>', '', ], 1 => '<XSS STYLE="behavior: url(http://ha.ckers.org/xss.htc);">', ), 64 => array ( 0 => '<code class="echappe-js"><SCRIPT SRC="http://ha.ckers.org/xss.jpg"></SCRIPT></code>', 1 => '<SCRIPT SRC="http://ha.ckers.org/xss.jpg"></SCRIPT>', ), 65 => array ( 0 => '', 1 => '<!--#exec cmd="/bin/echo \'<SCRIPT SRC\'"--><!--#exec cmd="/bin/echo \'=http://ha.ckers.org/xss.js></SCRIPT>\'"-->', ), 66 => array ( 0 => [ '<? echo(\'alert("XSS")\'); ?>', '<? echo(\'alert("XSS")\'); ?>', ], 1 => '<? echo(\'<SCR)\'; echo(\'IPT>alert("XSS")</SCRIPT>\'); ?>', ), 67 => array ( 0 => [ '<br size="&{alert(\'XSS\')}" />', '<br />', '<br>', ], 1 => '<BR SIZE="&{alert(\'XSS\')}">', ), 68 => array ( 0 => [ '< %3C < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < \\x3c \\x3C \\u003c \\u003C', '< %3C &lt < &LT &LT; < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < \\x3c \\x3C \\u003c \\u003C', ], 1 => '< %3C < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < \\x3c \\x3C \\u003c \\u003C', ), 69 => array ( 0 => '<code class="echappe-js"><IMG SRC=JaVaScRiPt:alert(\'XSS\')></code>', 1 => '<IMG SRC=JaVaScRiPt:alert(\'XSS\')>', ), 70 => array ( 0 => '<code class="echappe-js"><IMG SRC=javascript:alert(&quot;XSS&quot;)></code>', 1 => '<IMG SRC=javascript:alert("XSS")>', ), 71 => array ( 0 => '<code class="echappe-js"><IMG SRC=`javascript:alert("RSnake says, \'XSS\'")`></code>', 1 => '<IMG SRC=`javascript:alert("RSnake says, \'XSS\'")`>', ), 72 => array ( 0 => '<code class="echappe-js"><IMG SRC=javascript:alert(String.fromCharCode(88,83,83))></code>', 1 => '<IMG SRC=javascript:alert(String.fromCharCode(88,83,83))>', ), 73 => array ( 0 => [ '<img />', '' ], 1 => '<IMG SRC=javascript:alert('XSS')>', ), 74 => array ( 0 => [ '<img />', '', ], 1 => '<IMG SRC=javascript:alert('XSS')>', ), 75 => array ( 0 => [ '<div style="background-image:00750072006C0028\'006a006100760061007300630072006900700074003a0061006c0065007200740028.10270058.1053005300270029\'0029"></div>', '<div></div>' ], 1 => '<DIV STYLE="background-image:\\0075\\0072\\006C\\0028\'\\006a\\0061\\0076\\0061\\0073\\0063\\0072\\0069\\0070\\0074\\003a\\0061\\006c\\0065\\0072\\0074\\0028.1027\\0058.1053\\0053\\0027\\0029\'\\0029">', ), 76 => array ( 0 => [ '<img />', '', ], 1 => '<IMG SRC=javascript:alert('XSS')>', ), 77 => array ( 0 => [ ' ', '+ADw-SCRIPT+AD4-alert(\'XSS\');+ADw-/SCRIPT+AD4-', ], 1 => '<HEAD><META HTTP-EQUIV="CONTENT-TYPE" CONTENT="text/html; charset=UTF-7"> </HEAD>+ADw-SCRIPT+AD4-alert(\'XSS\');+ADw-/SCRIPT+AD4-', ), 78 => array ( 0 => '\\";alert(\'XSS\');//', 1 => '\\";alert(\'XSS\');//', ), 79 => array ( 0 => '<code class="echappe-js"><SCRIPT>alert("XSS");</SCRIPT></code>', 1 => '</TITLE><SCRIPT>alert("XSS");</SCRIPT>', ), 80 => array ( 0 => '', 1 => '<STYLE>@im\\port\'\\ja\\vasc\\ript:alert("XSS")\';</STYLE>', ), 81 => array ( 0 => '<code class="echappe-js"><IMG SRC="jav ascript:alert(\'XSS\');"></code>', 1 => '<IMG SRC="jav ascript:alert(\'XSS\');">', ), 82 => array ( 0 => '<code class="echappe-js"><IMG SRC="jav&#x09;ascript:alert(\'XSS\');"></code>', 1 => '<IMG SRC="jav	ascript:alert(\'XSS\');">', ), 83 => array ( 0 => '<code class="echappe-js"><IMG SRC="jav&#x0A;ascript:alert(\'XSS\');"></code>', 1 => '<IMG SRC="jav
ascript:alert(\'XSS\');">', ), 84 => array ( 0 => '<code class="echappe-js"><IMG SRC="jav&#x0D;ascript:alert(\'XSS\');"></code>', 1 => '<IMG SRC="jav
ascript:alert(\'XSS\');">', ), 85 => array ( 0 => [ '<img /> ', '<img src="j%20a%20v%20a%20s%20c%20r%20i%20p%20t%20%3A%20a%20l%20e%20r%20t%20(%20\'%20X%20S%20S%20\'%20)" alt="j a v a s c r i p t : a l e r t ( \' X S S \' )" />', '<img src="j%20a%20v%20a%20s%20c%20r%20i%20p%20t%20%3A%20a%20l%20e%20r%20t%20(%20\'%20X%20S%20S%20\'%20)" alt="j a v a s c r i p t : a l e r t ( \' X S S \' )">', ], 1 => '<IMG SRC = " j a v a s c r i p t : a l e r t ( \' X S S \' ) " > ', ), 86 => array ( 0 => [ '<code class="echappe-js"><IMG SRC=java' . "\0" . 'script:alert("XSS")></code>', '<code class="echappe-js"><IMG SRC=javascript:alert("XSS")></code>', ], 1 => '<IMG SRC=java' . "\0" . 'script:alert("XSS")>', ), 87 => array ( 0 => [ '&alert("XSS")', '&', ], 1 => '&<SCR' . "\0" . 'IPT>alert("XSS")</SCR' . "\0" . 'IPT>', ), 88 => array ( 0 => '<code class="echappe-js"><IMG SRC=" &#14; javascript:alert(\'XSS\');"></code>', 1 => '<IMG SRC="  javascript:alert(\'XSS\');">', ), 89 => array ( 0 => '<code class="echappe-js"><SCRIPT/XSS SRC="http://ha.ckers.org/xss.js"></SCRIPT></code>', 1 => '<SCRIPT/XSS SRC="http://ha.ckers.org/xss.js"></SCRIPT>', ), 90 => array ( 0 => [ '|\\]^`=alert("XSS")>', '', ], 1 => '<BODY onload!#$%&()*~+-_.,:;?@[/|\\]^`=alert("XSS")>', ), 91 => array ( 0 => '<code class="echappe-js"><SCRIPT SRC=http://ha.ckers.org/xss.js</code>', 1 => '<SCRIPT SRC=http://ha.ckers.org/xss.js', ), 92 => array ( 0 => '<code class="echappe-js"><SCRIPT SRC=//ha.ckers.org/.j></code>', 1 => '<SCRIPT SRC=//ha.ckers.org/.j>', ), 93 => array ( 0 => '<code class="echappe-js"><IMG SRC="javascript:alert(\'XSS\')"</code>', 1 => '<IMG SRC="javascript:alert(\'XSS\')"', ), 94 => array ( 0 => '', 1 => '<IFRAME SRC=http://ha.ckers.org/scriptlet.html <', ), 95 => array ( 0 => '<<code class="echappe-js"><SCRIPT>alert("XSS");//<</SCRIPT></code>', 1 => '<<SCRIPT>alert("XSS");//<</SCRIPT>', ), 96 => array ( 0 => [ '<img /><code class="echappe-js"><SCRIPT>alert("XSS")</SCRIPT></code>">', '<code class="echappe-js"><SCRIPT>alert("XSS")</SCRIPT></code>">', ], 1 => '<IMG """><SCRIPT>alert("XSS")</SCRIPT>">', ), 97 => array ( 0 => [ '<code class="echappe-js"><SCRIPT>a=/XSS/<br /> alert(a.source)</SCRIPT></code>', '<code class="echappe-js"><SCRIPT>a=/XSS/<br> alert(a.source)</SCRIPT></code>', ], 1 => '<SCRIPT>a=/XSS/ alert(a.source)</SCRIPT>', ), 98 => array ( 0 => '<code class="echappe-js"><SCRIPT a=">" SRC="http://ha.ckers.org/xss.js"></SCRIPT></code>', 1 => '<SCRIPT a=">" SRC="http://ha.ckers.org/xss.js"></SCRIPT>', ), 99 => array ( 0 => '<code class="echappe-js"><SCRIPT ="blah" SRC="http://ha.ckers.org/xss.js"></SCRIPT></code>', 1 => '<SCRIPT ="blah" SRC="http://ha.ckers.org/xss.js"></SCRIPT>', ), 100 => array ( 0 => '<code class="echappe-js"><SCRIPT a="blah" \'\' SRC="http://ha.ckers.org/xss.js"></SCRIPT></code>', 1 => '<SCRIPT a="blah" \'\' SRC="http://ha.ckers.org/xss.js"></SCRIPT>', ), 101 => array ( 0 => '<code class="echappe-js"><SCRIPT "a=\'>\'" SRC="http://ha.ckers.org/xss.js"></SCRIPT></code>', 1 => '<SCRIPT "a=\'>\'" SRC="http://ha.ckers.org/xss.js"></SCRIPT>', ), 102 => array ( 0 => '<code class="echappe-js"><SCRIPT a=`>` SRC="http://ha.ckers.org/xss.js"></SCRIPT></code>', 1 => '<SCRIPT a=`>` SRC="http://ha.ckers.org/xss.js"></SCRIPT>', ), 103 => array ( 0 => [ '<code class="echappe-js"><SCRIPT>document.write("<SCRI");</SCRIPT></code>PT SRC="http://ha.ckers.org/xss.js">', '<code class="echappe-js"><SCRIPT>document.write("<SCRI");</SCRIPT></code>PT SRC="http://ha.ckers.org/xss.js">', ], 1 => '<SCRIPT>document.write("<SCRI");</SCRIPT>PT SRC="http://ha.ckers.org/xss.js"></SCRIPT>', ), 104 => array ( 0 => '<code class="echappe-js"><SCRIPT a=">\'>" SRC="http://ha.ckers.org/xss.js"></SCRIPT></code>', 1 => '<SCRIPT a=">\'>" SRC="http://ha.ckers.org/xss.js"></SCRIPT>', ), 105 => array ( 0 => '<a href="http://66.102.7.147/">XSS</a>', 1 => '<A HREF="http://66.102.7.147/">XSS</A>', ), 106 => array ( 0 => [ '<a href="http://%77%77%77%2E%67%6F%6F%67%6C%65%2E%63%6F%6D">XSS</a>', '<a href="http://www.google.com">XSS</a>', ], 1 => '<A HREF="http://%77%77%77%2E%67%6F%6F%67%6C%65%2E%63%6F%6D">XSS</A>', ), 107 => array ( 0 => '<a href="http://1113982867/">XSS</a>', 1 => '<A HREF="http://1113982867/">XSS</A>', ), 108 => array ( 0 => '<a href="http://0x42.0x0000066.0x7.0x93/">XSS</a>', 1 => '<A HREF="http://0x42.0x0000066.0x7.0x93/">XSS</A>', ), 109 => array ( 0 => '<a href="http://0102.0146.0007.00000223/">XSS</a>', 1 => '<A HREF="http://0102.0146.0007.00000223/">XSS</A>', ), 110 => array ( 0 => [ '<a>XSS</a>', '<a href="h%20tt%20p%3A//6%206.000146.0x7.147/">XSS</a>', ], 1 => '<A HREF="h tt p://6	6.000146.0x7.147/">XSS</A>', ), 111 => array ( 0 => '<a href="//www.google.com/">XSS</a>', 1 => '<A HREF="//www.google.com/">XSS</A>', ), 112 => array ( 0 => '<a href="//google">XSS</a>', 1 => '<A HREF="//google">XSS</A>', ), 113 => array ( 0 => [ '<a href="http://ha.ckers.org@google">XSS</a>', '<a href="http://google">XSS</a>', ], 1 => '<A HREF="http://ha.ckers.org@google">XSS</A>', ), 114 => array ( 0 => [ '<a href="http://google:ha.ckers.org">XSS</a>', '<a href="http://google">XSS</a>', ], 1 => '<A HREF="http://google:ha.ckers.org">XSS</A>', ), 115 => array ( 0 => '<a href="http://google.com/">XSS</a>', 1 => '<A HREF="http://google.com/">XSS</A>', ), 116 => array ( 0 => '<a href="http://www.google.com./">XSS</a>', 1 => '<A HREF="http://www.google.com./">XSS</A>', ), 117 => array ( 0 => '<a>XSS</a>', 1 => '<A HREF="javascript:document.location=\'http://www.google.com/\'">XSS</A>', ), 118 => array ( 0 => [ '<a href="http://www.gohttp://www.google.com/ogle.com/">XSS</a>', // safehtml '<a href="http://www.gohttp//www.google.com/ogle.com/">XSS</a>', // htmlpurifier ], 1 => '<A HREF="http://www.gohttp://www.google.com/ogle.com/">XSS</A>', ), 119 => array ( 0 => '<span class="montant" data-montant-nombre="100" data-montant-devise="EUR"></span>', 1 => '<span class="montant" data-montant-nombre="100" data-montant-devise="EUR">', ), 120 => array ( 0 => '<span class="montant" itemscope itemtype="https://schema.org/PriceSpecification" data-montant-nombre="30" data-montant-devise="EUR"><span class="montant__inner" itemprop="price" content="30">30,00 <span class="montant__devise" itemprop="priceCurrency" content="EUR">EUR</span></span></span>', 1 => '<span class="montant" itemscope itemtype="https://schema.org/PriceSpecification" data-montant-nombre="30" data-montant-devise="EUR"><span class="montant__inner" itemprop="price" content="30">30,00 <span class="montant__devise" itemprop="priceCurrency" content="EUR">EUR</span></span></span>', ), 121 => array ( 0 => '<span class="montant" data-montant-nombre="30" data-montant-devise="EUR">30,00 <span class="montant__devise">EUR</span><meta itemprop="price" content="30" /><meta itemprop="priceCurrency" content="EUR"></span>', 1 => '<span class="montant" data-montant-nombre="30" data-montant-devise="EUR">30,00 <span class="montant__devise">EUR</span><meta itemprop="price" content="30" /><meta itemprop="priceCurrency" content="EUR"></span>', ), 122 => array ( 0 => '<span class="montant" data-montant-nombre="30" data-montant-devise="EUR">30,00 <span class="montant__devise">EUR</span><meta itemprop="price" content="30" /><meta itemprop="priceCurrency" content="EUR"></span>', 1 => '<span class="montant" data-montant-nombre="30" data-montant-devise="EUR">30,00 <span class="montant__devise">EUR</span><meta itemprop="price" content="30" /><meta itemprop="priceCurrency" content="EUR"></span>', ), 123 => array ( 0 => '<span class="montant" data-montant-nombre="30" data-montant-devise="EUR">30,00 <span class="montant__devise">EUR</span><meta itemprop="price" content="30" /><meta itemprop="priceCurrency" content="EUR" /></span>', 1 => '<span class="montant" data-montant-nombre="30" data-montant-devise="EUR">30,00 <span class="montant__devise">EUR</span><meta itemprop="price" content="30" /><meta http-equiv="Link" itemprop="priceCurrency" content="EUR"></span>', ), ); return $essais; } }