diff options
author | Julius Härtl <jus@bitgrid.net> | 2019-07-05 11:19:54 +0300 |
---|---|---|
committer | Julius Härtl <jus@bitgrid.net> | 2019-07-05 11:19:54 +0300 |
commit | 055187a625ac0534cf3fa72d339a53b4bce8f336 (patch) | |
tree | cb7353efe727363e11f694f8a03b9b3565f72fc9 /src/tests | |
parent | 7a5063d10564bd2bb0142c532a845b963ca533fd (diff) |
Add test vectors
Signed-off-by: Julius Härtl <jus@bitgrid.net>
Diffstat (limited to 'src/tests')
-rw-r--r-- | src/tests/fixtures/xssFuzzVectors.js | 49 |
1 files changed, 49 insertions, 0 deletions
diff --git a/src/tests/fixtures/xssFuzzVectors.js b/src/tests/fixtures/xssFuzzVectors.js new file mode 100644 index 000000000..37eb7cd43 --- /dev/null +++ b/src/tests/fixtures/xssFuzzVectors.js @@ -0,0 +1,49 @@ +/* + * @copyright Copyright (c) 2019 Julius Härtl <jus@bitgrid.net> + * + * @author Julius Härtl <jus@bitgrid.net> + * + * @license GNU AGPL version 3 or any later version + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as + * published by the Free Software Foundation, either version 3 of the + * License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + * + */ + +const xssFuzzVectors = '>"><script>alert("XSS")</script>&\n' + + '"><STYLE>@import"javascript:alert(\'XSS\')";</STYLE>\n' + + '>"\'><img%20src%3D%26%23x6a;%26%23x61;%26%23x76;%26%23x61;%26%23x73;%26%23x63;%26%23x72;%26%23x69;%26%23x70;%26%23x74;%26%23x3a;\n' + + ' alert(%26quot;%26%23x20;XSS%26%23x20;Test%26%23x20;Successful%26quot;)>\n' + + '\n' + + '>%22%27><img%20src%3d%22javascript:alert(%27%20XSS%27)%22>\n' + + '\'%uff1cscript%uff1ealert(\'XSS\')%uff1c/script%uff1e\'\n' + + '">\n' + + '>"\n' + + '\'\';!--"<XSS>=&{()}\n' + + '<IMG SRC="javascript:alert(\'XSS\');">\n' + + '<IMG SRC=javascript:alert(\'XSS\')>\n' + + '<IMG SRC=JaVaScRiPt:alert(\'XSS\')> \n' + + '<IMG SRC=JaVaScRiPt:alert("XSS<WBR>")>\n' + + '<IMGSRC=java&<WBR>#115;crip&<WBR>#116;:a\n' + + ' le&<WBR>#114;t('XS<WBR>;S')>\n' + + '<IMGSRC=ja&<WBR>#0000118as&<WBR>#0000099ri&<WBR>#0000112t:\n' + + ' &<WBR>#0000097le&<WBR>#0000114t(&<WBR>#0000039XS&<WBR>#0000083')>\n' + + ' \n' + + '<IMGSRC=javas&<WBR>#x63ript:&<WBR>#x61lert(\n' + + ' &<WBR>#x27XSS')>\n' + + '\n' + + '<IMG SRC="jav	ascript:alert(<WBR>\'XSS\');">\n' + + '<IMG SRC="jav
ascript:alert(<WBR>\'XSS\');">\n' + + '<IMG SRC="jav
ascript:alert(<WBR>\'XSS\');">'; + +export default xssFuzzVectors |