// vectors by the html5security project (https://code.google.com/p/html5security/ & Creative Commons 3.0 BY), see CC-BY-LICENSE for the full license

var vectors = [
  {
    data: '

X',
    sanitized: "",
  },
  {
    data: '&ADz&AGn&AG0&AEf&ACA&AHM&AHI&AGO&AD0&AGn&ACA&AG8Abg&AGUAcgByAG8AcgA9AGEAbABlAHIAdAAoADEAKQ&ACAAPABi',
    sanitized:
      "&ADz&AGn&AG0&AEf&ACA&AHM&AHI&AGO&AD0&AGn&ACA&AG8Abg&AGUAcgByAG8AcgA9AGEAbABlAHIAdAAoADEAKQ&ACAAPABi",
  },
  {
    data: '&alert&A7&(1)&R&UA;&&<&A9&11/script&X&>',
    sanitized:
      "&alert&A7&(1)&R&UA;&&<&A9&11/script&X&>",
  },
  {
    data: "0? :postMessage(importScripts('data:;base64,cG9zdE1lc3NhZ2UoJ2FsZXJ0KDEpJyk'))",
    sanitized:
      "0? :postMessage(importScripts('data:;base64,cG9zdE1lc3NhZ2UoJ2FsZXJ0KDEpJyk'))",
  },
  {
    data: "",
    sanitized: "",
  },
  {
    data: "",
    sanitized: "",
  },
  {
    data: "",
    sanitized: "",
  },
  {
    data: "",
    sanitized: "",
  },
  {
    data: "-o-link:'javascript:alert(1)';-o-link-source:current\">X",
    sanitized: "X",
  },
  {
    data: "",
    sanitized:
      '',
  },
  {
    data: '',
    sanitized: "",
  },
  {
    data: "





...



",
    sanitized:
      "





...



",
  },
  {
    data: '01',
    sanitized: "01",
  },
  {
    data: "",
    sanitized: "",
  },
  {
    data: "",
    sanitized: "",
  },
  {
    data: "X",
    sanitized: "X",
  },
  {
    data: '',
    sanitized: "",
  },
  {
    data: '',
    sanitized: "",
  },
  {
    data: '�script �alert(1)//�/script �',
    sanitized:
      "�script �alert(1)//�/script �",
  },
  {
    data: "",
    sanitized: "",
  },
  {
    data: "",
    sanitized: "",
  },
  {
    data: "",
    sanitized: "",
  },
  {
    data: "

X",
    sanitized: "",
  },
  {
    data: "1",
    sanitized: "1",
  },
  {
    data: ';1',
    sanitized: ";1",
  },
  {
    data: "+ADw-html+AD4APA-body+AD4APA-div+AD4-top secret+ADw-/div+AD4APA-/body+AD4APA-/html+AD4-.toXMLString().match(/.*/m),alert(RegExp.input);",
    sanitized:
      "+ADw-html+AD4APA-body+AD4APA-div+AD4-top secret+ADw-/div+AD4APA-/body+AD4APA-/html+AD4-.toXMLString().match(/.*/m),alert(RegExp.input);",
  },
  {
    data: "",
    sanitized: "",
  },
  {
    data: "1",
    sanitized: "1",
  },
  {
    data: ",
    sanitized: "",
  },
  {
    data: '',
    sanitized: "",
  },
  {
    data: "",
    sanitized: "",
  },
  {
    data: '',
    sanitized: "",
  },
  {
    data: 'XXXXXX',
    sanitized:
      "XXXXXX",
  },
  {
    data: "1",
    sanitized: "1",
  },
  {
    data: "1",
    sanitized: '1',
  },
  {
    data: 'XXX',
    sanitized: "XXX",
  },
  {
    data: '',
    sanitized: "",
  },
  {
    data: '',
    sanitized: "",
  },
  {
    data: '\r\n\r\n\r\n\r\n',
    sanitized:
      '\n\n\n><image xlink:href="',
  },
  {
    data: '',
    sanitized: "",
  },
  {
    data: "

\n

",
    sanitized: "

\n

",
  },
  {
    data: 'XXX',
    sanitized: "XXX",
  },
  {
    data: '\r\n\r\n\r\n\r\n\r\nHello\r\n',
    sanitized: "\n\n\nHello\n",
  },
  {
    data: "X",
    sanitized: "X",
  },
  {
    data: "

font-family:'foo[a];color:red;';\">XXX

",
    sanitized: "

XXX

",
  },
  {
    data: '

XXX

',
    sanitized: "

XXX

",
  },
  {
    data: '',
    sanitized: "",
  },
  {
    data: "",
    sanitized: "",
  },
  {
    data: '',
    sanitized: "",
  },
  {
    data: '',
    sanitized: "",
  },
  {
    data: '',
    sanitized: "",
  },
  {
    data: '',
    sanitized: "",
  },
  {
    data: '\r\n',
    sanitized: "\n",
  },
  {
    data: "",
    sanitized: "",
  },
  {
    data: ',
    sanitized:
      '',
  },
  {
    data: '',
    sanitized:
      '',
  },
  {
    data: "alert(1)//0",
    sanitized: "alert(1)//0",
  },
  {
    data: "",
    sanitized: "",
  },
  {
    data: '

',
    sanitized:
      '

',
  },
  {
    data: '

XXX

',
    sanitized: "

XXX

",
  },
  {
    data: '

XXX

',
    sanitized: "

XXX

",
  },
  {
    data: "\r\nfoo\">\r\n\r\n\r\n\r\n",
    sanitized: "\n\n\n\n",
  },
  {
    data: ' // O10.10�, OM10.0�, GC6�, FF\r\n\r\n // IE6, O10.10�, OM10.0�\r\n // IE6, O11.01�, OM10.1�',
    sanitized:
      " // O10.10�, OM10.0�, GC6�, FF\n\n // IE6, O10.10�, OM10.0�\n // IE6, O11.01�, OM10.1�",
  },
  {
    data: 'http://html5sec.org/test.xxe">]>&x;',
    sanitized:
      "\n]>&x;",
  },
  {
    data: '',
    sanitized: "",
  },
  {
    data: "1.0\"?>\ntext/xsl\" href=\"data:,%3Cxsl:transform version='1.0' xmlns:xsl='http://www.w3.org/1999/XSL/Transform' id='xss'%3E%3Cxsl:output method='html'/%3E%3Cxsl:template match='/'%3E%3Cscript%3Ealert(1)%3C/script%3E%3C/xsl:template%3E%3C/xsl:transform%3E\"?>\n",
    sanitized: "",
  },
  {
    data: 'http://www.w3.org/1999/xhtml" src CDATA "xx:x"\r\n onerror CDATA "alert(1)"\r\n onload CDATA "alert(2)">\r\n]>',
    sanitized:
      "\n]>",
  },
  {
    data: '\r\n\tXXX\r\n',
    sanitized: "\n\tXXX\n",
  },
  {
    data: '',
    sanitized: "",
  },
  {
    data: "

x

",
    sanitized: "

x

",
  },
  {
    data: "",
    sanitized: "",
  },
  {
    data: '

X',
    sanitized: "",
  },
  {
    data: '',
    sanitized: "",
  },
  {
    data: '',
    sanitized: "",
  },
  {
    data: "",
    sanitized: "",
  },
  {
    data: '&x;',
    sanitized:
      '\n&x;',
  },
  {
    data: '',
    sanitized: "",
  },
  {
    data: '',
    sanitized: "",
  },
  {
    data: '',
    sanitized: "",
  },
  {
    data: "",
    sanitized: "",
  },
  {
    data: '',
    sanitized: "",
  },
  {
    data: '',
    sanitized: "",
  },
  {
    data: '',
    sanitized: "",
  },
  {
    data: '',
    sanitized: "",
  },
  {
    data: '/>',
    sanitized: "",
  },
  {
    data: "",
    sanitized: "",
  },
  {
    data: '',
    sanitized: "\n\n",
  },
  {
    data: '',
    sanitized: "\n\n\n\n\n\n\n\n\n\n",
  },
  {
    data: '',
    sanitized: "\n\n\n",
  },
  {
    data: '\r\n

\r\n\r\n\r\n\r\n\r\n

PRESS ENTER

',
    sanitized:
      "

\n\n\n\n\n

PRESS ENTER

",
  },
  {
    data: '[A]\n">\n">\n">\n[B]\n?><script>alert(1)</script>\'>">\n[C]\n\n[D]\n<% foo>',
    sanitized:
      '[A]\n">\n">\n">\n[B]\n">\n[C]\n\n[D]\n<% foo>',
  },
  {
    data: '

X

',
    sanitized: "

X

",
  },
  {
    data: '

X

',
    sanitized: "

X

",
  },
  {
    data: '',
    sanitized: "\nalert(1)\n",
  },
  {
    data: '',
    sanitized: "\n\n\n\n",
  },
  {
    data: "\n",
    sanitized: "\n",
  },
  {
    data: "\r\n

><iframe onload=alert(1)\">

\n\r\n\r\n\r\n

//'></div>\n<script>d.innerHTML+='';</script>",
    sanitized:
      '

\n\n\n\n

\n',
  },
  {
    data: '

X

\n',
    sanitized:
      '

X

\n',
  },
  {
    data: "XXX",
    sanitized: "XXX",
  },
  {
    data: '',
    sanitized: "",
  },
  {
    data: 'XXX',
    sanitized: "XXX",
  },
  {
    data: '',
    sanitized: "",
  },
  {
    data: "",
    sanitized: "",
  },
  {
    data: '',
    sanitized: "\n\n",
  },
  {
    data: '',
    sanitized: "",
  },
  {
    data: '"= alt=alert(1)//">',
    sanitized: "",
  },
  {
    data: "",
    sanitized:
      '',
  },
  {
    data: '\r\nhttp://foo.bar/#x=`y>\r\n\r\n\r\n\r\n',
    sanitized:
      '\n\n\n\n',
  },
  {
    data: '',
    sanitized: "\n\n\n",
  },
  {
    data: '',
    sanitized: "\n\n",
  },
  {
    data: '

X

',
    sanitized: "

X

",
  },
  {
    data: '

X

',
    sanitized: "

X

",
  },
  {
    data: '

XXX

\n',
    sanitized: '

XXX

\n',
  },
  {
    data: "background:url('x[a];color:red;/*')\">XXX",
    sanitized: "XXX",
  },
  {
    data: "\r\n",
    sanitized: "",
  },
  {
    data: '

x

\n\n\n',
    sanitized:
      '

x

\n\n\n',
  },
  {
    data: '\n\t\n',
    sanitized:
      '\n\t\n',
  },
  {
    data: '

\n\t

Drop me

\n

\n\n',
    sanitized:
      '

\n\t

Drop me

\n

\n\n',
  },
  {
    data: '\n\n',
    sanitized:
      '\n\n',
  },
  {
    data: "\n\n\n#\" onclick=\"makePopups()\">Spam",
    sanitized:
      '\n\n\nSpam',
  },
  {
    data: '\n\n',
    sanitized: "",
  },
  {
    data: 'Some text\nwww.example.org\n\n\n',
    sanitized:
      'Some text\nwww.example.org\n\n\n',
  },
  {
    data: ' // Safari 5.0, Chrome 9, 10\n // Safari 5.0',
    sanitized:
      " // Safari 5.0, Chrome 9, 10\n // Safari 5.0",
  },
  {
    data: '\r\n\r\n]>\r\n',
    sanitized:
      "\n]>\n\n \n \n \n \n \n \n",
  },
  {
    data: '\r\n',
    sanitized: "\n",
  },
  {
    data: '',
    sanitized: "\n\nalert(1)\n",
  },
  {
    data: "
    sanitized: "",
  },
  {
    data: "
    sanitized: "\n\n\n",
  },
  {
    data: '$CLICKME$\r\n\r\n',
    sanitized:
      '$CLICKME$\n\n',
  },
  {
    data: "drag and drop one of the following strings to the drop box:\r\n

---

\r\njAvascript:alert('Top Page Location: '+document.location+' Host Page Cookies: '+document.cookie);//\r\n

---

\r\nfeed:javascript:alert('Top Page Location: '+document.location+' Host Page Cookies: '+document.cookie);//\r\n

---

\r\nfeed:data:text/html,<script>alert('Top Page Location: '+document.location+' Host Page Cookies: '+document.cookie)</script><b>\r\n

---

\r\nfeed:feed:javAscript:javAscript:feed:alert('Top Page Location: '+document.location+' Host Page Cookies: '+document.cookie);//\r\n

---

\r\n

+ Drop Box +

",
    sanitized:
      "drag and drop one of the following strings to the drop box:\n

---

\njAvascript:alert('Top Page Location: '+document.location+' Host Page Cookies: '+document.cookie);//\n

---

\nfeed:javascript:alert('Top Page Location: '+document.location+' Host Page Cookies: '+document.cookie);//\n

---

\nfeed:data:text/html,<script>alert('Top Page Location: '+document.location+' Host Page Cookies: '+document.cookie)</script><b>\n

---

\nfeed:feed:javAscript:javAscript:feed:alert('Top Page Location: '+document.location+' Host Page Cookies: '+document.cookie);//\n

---

\n

+ Drop Box +

",
  },
  {
    data: '\r\n\r\ntype a,b,c,d - watch the network tab/traffic (JS is off, latest NoScript)\r\n
\r\n\r\n\r\n',
    sanitized:
      "\n\ntype a,b,c,d - watch the network tab/traffic (JS is off, latest NoScript)\n
\n\n\n\n\n\n\n\n\n\n",
  },
  {
    data: "",
    sanitized: "",
  },
  {
    data: "\r\n<%\r\n\r\n\r\n\r\n %>/\r\nalert(2)\r\n\r\n\r\nXXX\r\n\r\n-->{}\r\n*{color:red}",
    sanitized:
      '\n<%\n\n\n\n %>/\nalert(2)\n\n\nXXX\n\n-->{}\n*{color:red}',
  },
  {
    data: '

\r\n\r\n\r\n\r\n\r\n

',
    sanitized: "\n\n\n\n\n",
  },
  {
    data: "",
    sanitized: "",
  },
  {
    data: "'';!--\"<XSS>=&{()}",
    sanitized: "'';!--\"=&{()}</body></html>",
  },
  {
    data: "",
    sanitized: "",
  },
  {
    data: "javascript:alert('XSS');\">",
    sanitized: "",
  },
  {
    data: "",
    sanitized: "",
  },
  {
    data: "",
    sanitized: "",
  },
  {
    data: "",
    sanitized: "",
  },
  {
    data: "RSnake says, 'XSS'\")`>",
    sanitized: "",
  },
  {
    data: "",
    sanitized: "",
  },
  {
    data: "SRC= ",
    sanitized: "SRC=\n",
  },
  {
    data: "",
    sanitized: "",
  },
  {
    data: "",
    sanitized: "",
  },
  {
    data: "javascript:alert('XSS');\">",
    sanitized: "",
  },
  {
    data: "jav ascript:alert('XSS');\">",
    sanitized: "",
  },
  {
    data: "jav ascript:alert('XSS');\">",
    sanitized: "",
  },
  {
    data: "jav ascript:alert('XSS');\">",
    sanitized: "",
  },
  {
    data: "   javascript:alert('XSS');\">",
    sanitized: "",
  },
  {
    data: '',
    sanitized: "",
  },
  {
    data: "'\"-->",
    sanitized: "",
  },
  {
    data: ",
    sanitized: "",
  },
  {
    data: '',
    sanitized: "",
  },
  {
    data: ' +ADw-SCRIPT+AD4-alert(\'XSS\');+ADw-/SCRIPT+AD4-',
    sanitized:
      " +ADw-SCRIPT+AD4-alert('XSS');+ADw-/SCRIPT+AD4-",
  },
  {
    data: '',
    sanitized: "",
  },
  {
    data: '',
    sanitized: "",
  },
  {
    data: '',
    sanitized: "",
  },
  {
    data: '',
    sanitized: "",
  },
  {
    data: 'PT SRC',
    sanitized: "PT SRC",
  },
  {
    data: "",
    sanitized: "",
  },
  {
    data: "

allowed

",
    sanitized:
      "

allowed

",
  },
  {
    data: "

allowed

",
    sanitized: "

allowed

",
  },
  {
    data: "allowed",
    sanitized:
      "allowed",
  },
  {
    data: "",
    sanitized:
      "",
  },
  {
    // traverse into HTML template elements
    data: '',
    sanitized:
      "",
  },
  {
    // do not traverse into SVG template elements (that's not a thing)
    data: "",
    sanitized: "",
  },
  {
    data: "",
    flags: 1, // ParserUtils.SanitizerAllowStyle
    sanitized: "",
  },
  {
    // fragments that reference the same document are allowed.
    data: "",
    flags: 1, // ParserUtils.SanitizerAllowStyle
    sanitized:
      '',
  },
  {
    data: '',
    flags: 1, // ParserUtils.SanitizerAllowStyl,
    sanitized: "",
  },
];

Messung V0.5

¤ Dauer der Verarbeitung: 0.15 Sekunden  ¤

*© Formatika GbR, Deutschland