|
|
@ -10,13 +10,14 @@
|
|
|
|
<h1>2 test</h1>
|
|
|
|
<h1>2 test</h1>
|
|
|
|
<p><div> block</p>
|
|
|
|
<p><div> block</p>
|
|
|
|
<div style="font-style:italic">valid css</div>
|
|
|
|
<div style="font-style:italic">valid css</div>
|
|
|
|
|
|
|
|
<div style="color:red; background:url('//somedomain.com/somepath/somefile.png')">
|
|
|
|
<div style="{ left:expression( alert('expression!') ) }">
|
|
|
|
<div style="{ left:expression( alert('expression!') ) }">
|
|
|
|
<div style="{ background:url( alert('URL!') ) }">
|
|
|
|
<div style="{ background:url( alert('URL!') ) }">
|
|
|
|
|
|
|
|
|
|
|
|
<h1>3 test</h1>
|
|
|
|
<h1>3 test</h1>
|
|
|
|
<p>Inject comment text</p>
|
|
|
|
<p>Inject comment text</p>
|
|
|
|
<div style="{ left:exp/* */ression( alert('xss3') ) }">
|
|
|
|
<div style="{ left:exp/* */ression( alert('xss3') ) }">
|
|
|
|
<div style="{ background:u/* */rl( alert('xssurl3') ) }">
|
|
|
|
<div style=" background:u/* */rl( alert('xssurl3') ) ">
|
|
|
|
|
|
|
|
|
|
|
|
<h1>4 test</h1>
|
|
|
|
<h1>4 test</h1>
|
|
|
|
<p>Using reverse solid to directe the codepoint</p>
|
|
|
|
<p>Using reverse solid to directe the codepoint</p>
|
|
|
|