xss-test
A brief slogan.
foo/xss'"&#
[xss link](javascript:alert(2))
A thrilling description, it should let me know clearly:
- What can it do (and what cannot do)?
- Why is it my best choice?
Features
- List core freatures here.
- The less the better.
- Make sure not more than 5.
Requirement
If your project must run in a paticular enviroment.
e.g.
node >= 0.11.14
or
- IE6~10 ×
- IE11 √
- chrome √
Installation
How to install or download the project, show the installation steps or download links.
$ npm install xss-test
Quick start
A carefully prepared demo is indispensable!
It should:
- Always works (believe me, it is not easy).
- Easy to run, typically with default config.
- Demostrate the core features.
- Use code snippet, screenshot and video when necessary.
var xss-test = ; xss-test;
Cli options / Configs
-o, --option
Option description.
Default: default value
Give a code snippet if it's hard to understand
Subcommand(e.g. totoro config)
Subcommand description.
-s, --suboption
Suboption description.
Default: default value
API Reference
Class(config)
Class description.
- config: description.
- config.property: description.
Code snippet here
#classProperty
Property description.
#classMethod(param1, param2)
Method description.
- param1: description.
- param2: description.
Code snippet here
.objectProperty
Property description.
.objectMethod(param1, param2)
Method description.
- param1: description.
- param2: description.
Code snippet here
Contributing
Plain text or a link both be OK.
License
MIT
xss markdown
come from https://github.com/markdown-it/markdown-it/blob/master/test/fixtures/markdown-it/xss.txt
. normal link .
.Should not allow some protocols in links and images
. [xss link](javascript:alert(1))
[xss link](JAVASCRIPT:alert(1))
[xss link](vbscript:alert(1))
[xss link](VBSCRIPT:alert(1))
[xss link](file:///123) .
[xss link](javascript:alert(1))
[xss link](JAVASCRIPT:alert(1))
[xss link](vbscript:alert(1))
[xss link](VBSCRIPT:alert(1))
[xss link](file:///123)
.. xss link .
.. [xss link](<javascript:alert(1)>) .
[xss link](<javascript:alert(1)>)
.. [xss link](javascript:alert(1)) .
[xss link](javascript:alert(1))
.Image parser use the same code base.
. ![xss link](javascript:alert(1)) .
![xss link](javascript:alert(1))
.Autolinks
. <javascript:alert(1)>
<javascript:alert(1)> .
<javascript:alert(1)>
<javascript:alert(1)>
.Linkifier
. javascript:alert(1)
javascript:alert(1) .
javascript:alert(1)
javascript:alert(1)
.