Home | History | Annotate | Download | only in cs 
      1 Parsing test.cs
      2 
      3 Start of File
      4 
      5 
      6   Blah == wow
      7 
      8 
      9 
     10 
     11 
     12 
     13 wow (true)
     14 
     15 
     16 
     17   This is True
     18 
     19 
     20 
     21 
     22 
     23   wow
     24 
     25 
     26 
     27 I'm in test2.cs
     28 
     29 
     30 wow2
     31 
     32 
     33 I'm in test2.cs
     34 
     35 
     36 wow2
     37 
     38 
     39 escape: not used
     40 UrlArg: Secret Password~!@#$%^&*()+=-_|\[]{}:";'<>,.?
     41 BlahJs: quote ' backslash \ semicolon ; end tag </script>
     42 Title:  </title><script>alert(1)</script>
     43 
     44 
     45 escape: none
     46 UrlArg: Secret Password~!@#$%^&*()+=-_|\[]{}:";'<>,.?
     47 BlahJs: quote ' backslash \ semicolon ; end tag </script>
     48 Title:  </title><script>alert(1)</script>
     49 
     50 
     51 
     52 escape: html
     53 UrlArg: Secret Password~!@#$%^&amp;*()+=-_|\[]{}:&quot;;&#39;&lt;&gt;,.?
     54 BlahJs: quote &#39; backslash \ semicolon ; end tag &lt;/script&gt;
     55 Title:  &lt;/title&gt;&lt;script&gt;alert(1)&lt;/script&gt;
     56 
     57 
     58 
     59 escape: js
     60 UrlArg: Secret Password~!@#$%^\x26*()+=-_|\x5C[]{}:\x22\x3B\x27\x3C\x3E,.?
     61 BlahJs: quote \x27 backslash \x5C semicolon \x3B end tag \x3C\x2Fscript\x3E
     62 Title:  \x3C\x2Ftitle\x3E\x3Cscript\x3Ealert(1)\x3C\x2Fscript\x3E
     63 
     64 
     65 
     66 escape: url
     67 UrlArg: Secret+Password%7E!%40%23%24%25%5E%26*()%2B%3D-_%7C%5C%5B%5D%7B%7D%3A%22%3B%27%3C%3E%2C.%3F
     68 BlahJs: quote+%27+backslash+%5C+semicolon+%3B+end+tag+%3C%2Fscript%3E
     69 Title:  %3C%2Ftitle%3E%3Cscript%3Ealert(1)%3C%2Fscript%3E
     70 
     71 
     72 
     73 Nested escaping: html
     74 The internal calls should take precedence
     75 url  -> UrlArg: Secret+Password%7E!%40%23%24%25%5E%26*()%2B%3D-_%7C%5C%5B%5D%7B%7D%3A%22%3B%27%3C%3E%2C.%3F
     76 js   -> BlahJs: quote \x27 backslash \x5C semicolon \x3B end tag \x3C\x2Fscript\x3E
     77 html -> Title:  &lt;/title&gt;&lt;script&gt;alert(1)&lt;/script&gt;
     78 
     79 
     80 Defining the macro echo_all inside of a "html" escape.
     81 
     82 
     83 Calling echo_all() macro:
     84 
     85 not used: </title><script>alert(1)</script>quote ' backslash \ semicolon ; end tag </script>
     86 none:     </title><script>alert(1)</script>quote ' backslash \ semicolon ; end tag </script>
     87 url:      %3C%2Ftitle%3E%3Cscript%3Ealert(1)%3C%2Fscript%3Equote+%27+backslash+%5C+semicolon+%3B+end+tag+%3C%2Fscript%3E
     88 js:       \x3C\x2Ftitle\x3E\x3Cscript\x3Ealert(1)\x3C\x2Fscript\x3Equote \x27 backslash \x5C semicolon \x3B end tag \x3C\x2Fscript\x3E
     89 html:     &lt;/title&gt;&lt;script&gt;alert(1)&lt;/script&gt;quote &#39; backslash \ semicolon ; end tag &lt;/script&gt;
     90 
     91 
     92 
     93 Calling echo_all() macro from within "html":
     94 
     95 not used: &lt;/title&gt;&lt;script&gt;alert(1)&lt;/script&gt;quote &#39; backslash \ semicolon ; end tag &lt;/script&gt;
     96 none:     </title><script>alert(1)</script>quote ' backslash \ semicolon ; end tag </script>
     97 url:      %3C%2Ftitle%3E%3Cscript%3Ealert(1)%3C%2Fscript%3Equote+%27+backslash+%5C+semicolon+%3B+end+tag+%3C%2Fscript%3E
     98 js:       \x3C\x2Ftitle\x3E\x3Cscript\x3Ealert(1)\x3C\x2Fscript\x3Equote \x27 backslash \x5C semicolon \x3B end tag \x3C\x2Fscript\x3E
     99 html:     &lt;/title&gt;&lt;script&gt;alert(1)&lt;/script&gt;quote &#39; backslash \ semicolon ; end tag &lt;/script&gt;
    100 
    101 
    102 
    103 
    104 Calling echo_all() macro from within "js":
    105 
    106 not used: \x3C\x2Ftitle\x3E\x3Cscript\x3Ealert(1)\x3C\x2Fscript\x3Equote \x27 backslash \x5C semicolon \x3B end tag \x3C\x2Fscript\x3E
    107 none:     </title><script>alert(1)</script>quote ' backslash \ semicolon ; end tag </script>
    108 url:      %3C%2Ftitle%3E%3Cscript%3Ealert(1)%3C%2Fscript%3Equote+%27+backslash+%5C+semicolon+%3B+end+tag+%3C%2Fscript%3E
    109 js:       \x3C\x2Ftitle\x3E\x3Cscript\x3Ealert(1)\x3C\x2Fscript\x3Equote \x27 backslash \x5C semicolon \x3B end tag \x3C\x2Fscript\x3E
    110 html:     &lt;/title&gt;&lt;script&gt;alert(1)&lt;/script&gt;quote &#39; backslash \ semicolon ; end tag &lt;/script&gt;
    111 
    112 
    113 
    114 
    115 Calling echo_all() macro from within "url":
    116 
    117 not used: %3C%2Ftitle%3E%3Cscript%3Ealert(1)%3C%2Fscript%3Equote+%27+backslash+%5C+semicolon+%3B+end+tag+%3C%2Fscript%3E
    118 none:     </title><script>alert(1)</script>quote ' backslash \ semicolon ; end tag </script>
    119 url:      %3C%2Ftitle%3E%3Cscript%3Ealert(1)%3C%2Fscript%3Equote+%27+backslash+%5C+semicolon+%3B+end+tag+%3C%2Fscript%3E
    120 js:       \x3C\x2Ftitle\x3E\x3Cscript\x3Ealert(1)\x3C\x2Fscript\x3Equote \x27 backslash \x5C semicolon \x3B end tag \x3C\x2Fscript\x3E
    121 html:     &lt;/title&gt;&lt;script&gt;alert(1)&lt;/script&gt;quote &#39; backslash \ semicolon ; end tag &lt;/script&gt;
    122 
    123 
    124 
    125 
    126 not used: &lt;/title&gt;&lt;script&gt;alert(1)&lt;/script&gt;
    127 none:     </title><script>alert(1)</script>
    128 url:      %3C%2Ftitle%3E%3Cscript%3Ealert(1)%3C%2Fscript%3E
    129 js:       \x3C\x2Ftitle\x3E\x3Cscript\x3Ealert(1)\x3C\x2Fscript\x3E
    130 html:     &lt;/title&gt;&lt;script&gt;alert(1)&lt;/script&gt;
    131 
    132 
    133 
    134   x = zero
    135   x.num = #0
    136 
    137 
    138   This is True.
    139 
    140 wow
    141 
    142   x = one
    143   x.num = 
    144 
    145 
    146   This is True.
    147 
    148 wow
    149 
    150   x = two
    151   x.num = #2
    152 
    153 
    154   This is True.
    155 
    156 wow
    157 
    158   x = three
    159   x.num = 
    160 
    161 
    162   This is True.
    163 
    164 wow
    165 
    166 
    167 
    168 
    169   This is False.
    170 
    171 
    172 
    173   Outside 0
    174   
    175     Inside = 0
    176   
    177     Inside = 1
    178   
    179 
    180   Outside 1
    181   
    182     Inside = 2
    183   
    184     Inside = 3
    185   
    186 
    187   Outside 2
    188   
    189     Inside = 2
    190   
    191     Inside = 3
    192   
    193 
    194   Outside 3
    195   
    196 
    197 
    198 
    199   TestIf == 0
    200 
    201 
    202 
    203 Correct, "1" == "1"
    204 
    205 
    206 
    207 
    208 between comments
    209 
    210 
    211 
    212 More?
    213