Sha256: 6d69f26f058c7eaaac0bf34459c64d01737405dd1fe948bb367dd3467d07d717
Contents?: true
Size: 1.48 KB
Versions: 31
Compression:
Stored size: 1.48 KB
Contents
<!--
Description: item description is crazy
Expect: bozo and entries[0]['description'] == u'Crazy HTML -' + '- Can Your Regex Parse This?\n\n\n\n<!-' + '- <script> -' + '->\n\n<!-' + '- \n\t<script> \n-' + '->\n\n\n\nfunction executeMe()\n{\n\n\n\n\n/* \n<h1>Did The Javascript Execute?</h1>\n<div>\nI will execute here, too, if you mouse over me\n</div>'
-->
<rss version="2.0">
<channel>
<title>Crazy RSS</title>
<description>Contains unsafe script</description>
<link>http://crazy.example.com/</link>
<language>en</language>
<item>
<description>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Crazy HTML -- Can Your Regex Parse This?</title>
</head>
<body notRealAttribute="value"onload="executeMe();"foo="bar"
>
<!-- <script> -->
<!--
<script>
-->
</script>
<script
>
function executeMe()
{
/* <script>
function am_i_javascript()
{
var str = "Some innocuously commented out stuff";
}
< /script>
*/
alert("Executed");
}
</script
>
<h1>Did The Javascript Execute?</h1>
<div notRealAttribute="value
"onmouseover="
executeMe();
"foo="bar">
I will execute here, too, if you mouse over me
</div>
</body>
</html>
</description>
</item>
</channel>
</rss
Version data entries
31 entries across 31 versions & 6 rubygems