Skip to content

Commit

Permalink
add xss tests
Browse files Browse the repository at this point in the history
  • Loading branch information
@aidantwoods
aidantwoods committed May 1, 2017
1 parent 6bb66db commit af04ac9
Show file tree
Hide file tree
Showing 7 changed files with 85 additions and 0 deletions.
2 changes: 2 additions & 0 deletions test/ParsedownTest.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -46,6 +46,8 @@ function test_($test, $dir)
$expectedMarkup = str_replace("\r\n", "\n", $expectedMarkup);
$expectedMarkup = str_replace("\r", "\n", $expectedMarkup);

$this->Parsedown->setMarkupEscaped($test === 'xss_text_encoding');

$actualMarkup = $this->Parsedown->text($markdown);

$this->assertEquals($expectedMarkup, $actualMarkup);
Expand Down
6 changes: 6 additions & 0 deletions test/data/xss_attribute_encoding.html
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
<p><a href="https://www.example.com&quot;">xss</a></p>
<p><img src="https://www.example.com&quot;" alt="xss" /></p>
<p><a href="https://www.example.com&#039;">xss</a></p>
<p><img src="https://www.example.com&#039;" alt="xss" /></p>
<p><img src="https://www.example.com" alt="xss&quot;" /></p>
<p><img src="https://www.example.com" alt="xss&#039;" /></p>
11 changes: 11 additions & 0 deletions test/data/xss_attribute_encoding.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
[xss](https://www.example.com")

![xss](https://www.example.com")

[xss](https://www.example.com')

![xss](https://www.example.com')

![xss"](https://www.example.com)

![xss'](https://www.example.com)
16 changes: 16 additions & 0 deletions test/data/xss_bad_url.html
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,16 @@
<p><a>xss</a></p>
<p><a>xss</a></p>
<p><a>xss</a></p>
<p><a>xss</a></p>
<p><img alt="xss" /></p>
<p><img alt="xss" /></p>
<p><img alt="xss" /></p>
<p><img alt="xss" /></p>
<p><a>xss</a></p>
<p><a>xss</a></p>
<p><a>xss</a></p>
<p><a>xss</a></p>
<p><img alt="xss" /></p>
<p><img alt="xss" /></p>
<p><img alt="xss" /></p>
<p><img alt="xss" /></p>
31 changes: 31 additions & 0 deletions test/data/xss_bad_url.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,31 @@
[xss](javascript:alert(1))

[xss]( javascript:alert(1))

[xss](javascript://alert(1))

[xss](javascript&colon;alert(1))

![xss](javascript:alert(1))

![xss]( javascript:alert(1))

![xss](javascript://alert(1))

![xss](javascript&colon;alert(1))

[xss](data:text/html;base64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg==)

[xss]( data:text/html;base64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg==)

[xss](data://text/html;base64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg==)

[xss](data&colon;text/html;base64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg==)

![xss](data:text/html;base64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg==)

![xss]( data:text/html;base64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg==)

![xss](data://text/html;base64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg==)

![xss](data&colon;text/html;base64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg==)
7 changes: 7 additions & 0 deletions test/data/xss_text_encoding.html
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
<p>&lt;script&gt;alert(1)&lt;/script&gt;</p>
<p>&lt;script&gt;</p>
<p>alert(1)</p>
<p>&lt;/script&gt;</p>
<p>&lt;script&gt;
alert(1)
&lt;/script&gt;</p>
12 changes: 12 additions & 0 deletions test/data/xss_text_encoding.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
<script>alert(1)</script>

<script>

alert(1)

</script>


<script>
alert(1)
</script>

0 comments on commit af04ac9

Please sign in to comment.