Lines Matching refs:sanitize
12 sanitize("<html>\n" +
49 sanitize("'';!--\"<XSS>=&{()}", "'';!--"=&{()}");
50 sanitize("<img src=javascript:alert(String.fromCharCode(88,83,83))>", "");
51 sanitize("\\\";alert('XSS');//", "\\";alert('XSS');//");
52 sanitize("<br size=\"&{alert('XSS')}\">", "<br />");
53 sanitize("<xss style=\"xss:expression(alert('XSS'))\">", "");
54 sanitize("<xss style=\"behavior: url(xss.htc);\">", "");
55 sanitize("¼script¾alert(¢XSS¢)¼/script¾", "¼script¾alert(¢XSS¢)¼/script¾");
56 sanitize("<xml><i><b><img src=\"javas<!-- -->cript:alert('XSS')\"></b></i></xml>",
58 sanitize("<xml src=\"xsstest.xml\" id=I></xml>", "");
59 sanitize("<!--[if gte IE 4]>\n" +
62 sanitize("<body>\n" +
81 sanitize("<img src=\"http://www.here.com/awesome.png\"/>",
83 sanitize("<img src=\"https://www.here.com/awesome.png\"/>",
85 sanitize("<img src=\"cid:ii_145bda161daf6f9c\"/>",
88 sanitize("<a href=\"http://www.here.com/awesome.png\"/>",
90 sanitize("<a href=\"https://www.here.com/awesome.png\"/>",
92 sanitize("<a href=\"cid:ii_145bda161daf6f9c\"/>", "");
99 sanitize("<div style=\"float:none\"></div>", "<div style=\"float:none\"></div>");
100 sanitize("<div style=\"float:left\"></div>", "<div style=\"float:left\"></div>");
101 sanitize("<div style=\"float:right\"></div>", "<div style=\"float:right\"></div>");
102 sanitize("<div style=\"float:inherit\"></div>", "<div style=\"float:inherit\"></div>");
103 sanitize("<div style=\"float:initial\"></div>", "<div></div>");
104 sanitize("<div style=\"float:garbage\"></div>", "<div></div>");
111 sanitize("<div style=\"display:inline\"></div>", "<div style=\"display:inline\"></div>");
112 sanitize("<div style=\"display:block\"></div>", "<div style=\"display:block\"></div>");
113 sanitize("<div style=\"display:flex\"></div>", "<div></div>");
114 sanitize("<div style=\"display:inline-block\"></div>",
116 sanitize("<div style=\"display:inline-flex\"></div>", "<div></div>");
117 sanitize("<div style=\"display:inline-table\"></div>",
119 sanitize("<div style=\"display:list-item\"></div>",
121 sanitize("<div style=\"display:run-in\"></div>", "<div style=\"display:run-in\"></div>");
122 sanitize("<div style=\"display:table\"></div>", "<div style=\"display:table\"></div>");
123 sanitize("<div style=\"display:table-caption\"></div>",
125 sanitize("<div style=\"display:table-column-group\"></div>",
127 sanitize("<div style=\"display:table-header-group\"></div>",
129 sanitize("<div style=\"display:table-footer-group\"></div>",
131 sanitize("<div style=\"display:table-row-group\"></div>",
133 sanitize("<div style=\"display:table-cell\"></div>",
135 sanitize("<div style=\"display:table-column\"></div>",
137 sanitize("<div style=\"display:table-row\"></div>",
139 sanitize("<div style=\"display:none\"></div>", "<div style=\"display:none\"></div>");
140 sanitize("<div style=\"display:initial\"></div>", "<div></div>");
141 sanitize("<div style=\"display:inherit\"></div>", "<div style=\"display:inherit\"></div>");
146 // sanitize("<a href=\"http://www.google.com \">Send mail</a>",
148 sanitize("<a href=\" http://www.google.com\">Send mail</a>", "Send mail");
150 // sanitize("<a href=\"http://www.google.com \">Send mail</a> ",
152 sanitize("<a href=\"http://www.google.com \">Send mail</a>",
155 // sanitize("<a href=\" http://www.google.com \">Send mail</a> ",
157 sanitize("<a href=\" http://www.google.com \">Send mail</a>", "Send mail");
162 sanitize("<body dir=\"rtl\" onMouseOVer=\"alert(document.cookie)\">arr</body>",
164 sanitize("<DIV ONCLICK=alert(document.cookie) style=color:red>arr</DIV>",
166 sanitize("<b style=position:absolute;left:0;top:0>arr</b>", "<b>arr</b>");
169 sanitize("<img src=\"mailto:\">", "");
170 sanitize("<img src=\"mailto:hcnidumolu@google.com\">", "");
171 sanitize("<img src=\"mailto:hcnidumolu@google.com\">", "");
172 sanitize("<img src=\" mailto:hcnidumolu@google.com\">", "");
173 sanitize("<img src=\"mailto:hcnidumolu@google.com\">", "");
174 sanitize("<img src=\"m
ailto:hcnidumolu@google.com\">", "");
176 // sanitize("<a href=\"mailto:hcnidumolu@google.com\">Send mail </a>",
178 sanitize("<a href=\"mailto:hcnidumolu@google.com\">Send mail </a>",
183 sanitize("<img src=\"//images1-gm-opensocial.googleusercontent.com/gadgets/proxy?" +
195 // sanitize("<a href=\"foo:bar\" target=\"_blank\">link1</a>", "<a>link1</a>");
196 sanitize("<a href=\"foo:bar\" target=\"_blank\">link1</a>", "link1");
198 // sanitize("<a href=\"baz:alanbs@google.com\">link2</a>", "<a>link2</a>");
199 sanitize("<a href=\"baz:alanbs@google.com\">link2</a>", "link2");
203 sanitize("<div background=\"http://www.random.org/png\">stuff</div><div>more stuff</div>",
208 sanitize("<input type=\"image\" src=\"http://random.org/png\">",
215 sanitize("<input src=\"http://random.org/png\">",
222 // sanitize("<a href=\"http://www.google.com\" style=\"font-family: 'expression; " +
227 sanitize("<a href=\"http://www.google.com\" style=\"font-family: 'expression; " +
234 // sanitize("<a href=\"http://www.google.com\" style=\"background-image: " +
238 sanitize("<a href=\"http://www.google.com\" style=\"background-image: " +
244 sanitize("<head><style type='text/css'>verboten { color: red; }</style></head>" +
250 sanitize("<table><tr><td><b>This is a simple message</b></td></tr></table>",
252 sanitize("<table><tr><td><b>This is a simple message",
254 sanitize("<table><tr>This is a simple message</b></td></tr></table>",
256 sanitize("This is a simple message</b></td></tr></table>", "This is a simple message");
260 sanitize("<html><head><title>html to ruin your site</title>"
283 sanitize("Include this:<br/>"
304 sanitize("<a href=\"http://www.somesite.com\" target=\"_self\" "
318 sanitize("This is a test <a href=http://google.com>here</a> "
333 sanitize("<a href=http://google.com/boguslink>link</a>"
351 sanitize("<img alt=\"``onload=alert(1)\">",
353 sanitize("<img alt=\"'``onload=alert(1)'\">",
355 sanitize("<img alt=``onload=alert(1)\">", "<img alt=\"``onload=alert(1) \" />");
358 sanitize("<img alt=\"``onload=alert(1)\">",
360 sanitize("<img alt=\"``onload=alert(1)\">",
364 sanitize("<img alt=`x`onload=alert(1)>", "<img alt=\"`x`onload=alert(1) \" />");
365 sanitize("<img alt=foo`x`onload=alert(1)>",
367 sanitize("<img alt=\"`whatever\">Hello world ` onload=alert(1) <br>",
372 sanitize("<img alt=\"``onload=alert(1)\">",
377 sanitize("<img alt=\"&#x000060&#x000060onload=alert(2)\">",
379 sanitize("<img alt=\"&amp;#x000060&amp;#x000060onload=alert(2)\">",
384 sanitize("<div style=\"color:red\"></div>", "<div style=\"color:red\"></div>");
385 sanitize("<div style=\"color:r\\ne\\t d d\\r\\n\"></div>", "<div></div>");
386 sanitize("<div style=\"font-size:13.5pt; color:#804000 \"></div>",
388 sanitize("<div style=\"color:red;color\"></div>", "<div style=\"color:red\"></div>");
389 sanitize("<div style=\"color:red;color:a:b\"></div>", "<div style=\"color:red\"></div>");
390 sanitize("<div style=\"color:url(foo)\"></div>", "<div></div>");
391 sanitize("<div style=\"color:white; list-style:url(foo.gif);\"></div>",
393 sanitize("<div style=\"color:rgb(255, 0, 0)\"></div>",
395 sanitize("<div style=\"background-color:rgb(80%,92%,18%)\"></div>",
397 sanitize("<div style=\"border-left:1px rgb(0,255,0) solid\"></div>",
399 sanitize("<div style=\"background:rgb(0,255,0) url(foo) no-repeat top\"></div>",
401 sanitize("<div style=\"display:none; border-color: #ffeeff \"></div>",
405 sanitize("<div style=\"border-radius:10px\"></div>",
407 sanitize("<div style=\"border-bottom-left-radius:10px\"></div>",
409 sanitize("<div style=\"border-bottom-right-radius:10px\"></div>",
411 sanitize("<div style=\"border-top-left-radius:10px\"></div>",
413 sanitize("<div style=\"border-top-right-radius:10px\"></div>",
417 sanitize("<div style=\"margin:10 0 10 0\"></div>",
419 sanitize("<div style=\"margin-left:40px\"></div>",
423 sanitize("<div style=\"margin-left:-10\"></div>", "<div></div>");
426 sanitize("<div style=\"text-indent:10\"></div>", "<div style=\"text-indent:10\"></div>");
427 sanitize("<div style=\"text-indent:0\"></div>", "<div style=\"text-indent:0\"></div>");
431 // sanitize("<div style=\"text-indent:-10\"></div>", "<div></div>");
432 sanitize("<div style=\"text-indent:-10\"></div>", "<div style=\"text-indent:-10\"></div>");
436 sanitize("<div style=\"font-family:'courier new',monospace;font-size:x-small\"></div>",
439 sanitize("<div style=\"font-family:\"courier new\",monospace\"></div>", "<div></div>");
440 sanitize("<div style=\"font-family:''\"></div>", "<div></div>");
441 sanitize("<div style=\"font-family:a,''\"></div>",
443 sanitize("<div style=\"font-family:'',a,\"\",b\"></div>",
446 sanitize("<div style=\"font-family:'\"></div>", "<div></div>");
447 sanitize("<div style=\"font-family: 'courier new\",monospace;'\"></div>", "<div></div>");
448 sanitize("<div style=\"font-family: \"courier new',monospace;\"></div>", "<div></div>");
452 sanitize("<div style=\"background:url('http://www.here.com/awesome.png')\"></div>",
454 sanitize("<div style=\"background-image:url('http://www.here.com/awesome.png')\"></div>",
457 sanitize("<div style=\"background:url('javascript:evil()')\"></div>", "<div></div>");
458 sanitize("<div style=\"background-image:url('javascript:evil()')\"></div>", "<div></div>");
462 sanitize("<div style=\"width: expression(alert(1))\"></div>", "<div></div>");
466 sanitize("<div style=\"float:url(\"></div>", "<div></div>");
467 sanitize("<div style=\"float:\\075\\0072\\006C\\0028\"></div>", "<div></div>");
471 sanitize("<div style=\"ex\\pression(123)\"></div>", "<div></div>");
472 sanitize("<div style=\"_expression(123)\"></div>", "<div></div>");
473 sanitize("<div style=\"??????????(123)\"></div>", "<div></div>");
474 sanitize("<div style=\"funkyFunction(123)\"></div>", "<div></div>");
476 sanitize("<div style=\"color:expression(alert('xss'))\"></div>", "<div></div>");
477 sanitize("<div style=\"color:expression(alert\\000028\\000027xss\\000027\\000029)\"></div>",
479 sanitize("<div style=\"color:expression\\000028alert\\000028\\000027xss\\000027" +
481 sanitize("<div style=\"color:expressio\\00006E\\000028alert\\000028\\000027xss\\000027" +
483 sanitize("<div style=\"color:expression\\(alert\\)\"></div>", "<div></div>");
487 sanitize("<div style=\"position: absolute\"></div>", "<div></div>");
492 // sanitize("<div style=\"text-shadow: red -50px -100px 0px\"></div>", "<div></div>");
493 sanitize("<div style=\"text-shadow: red -50px -100px 0px\"></div>",
498 sanitize("<div style=\"color:red\"></div>", "<div style=\"color:red\"></div>");
499 sanitize("<div style=\"color: red\"></div>", "<div style=\"color:red\"></div>");
500 sanitize("<div style=\"color :red\"></div>", "<div style=\"color:red\"></div>");
501 sanitize("<div style=\"color :red; font-size:13.5pt;\"></div>",
503 sanitize("<div style=\"content:'\"'\"></div>", "<div></div>");
507 sanitize("<div style=\"color: 'red';\"></div>", "<div></div>");
511 sanitize("<div style=\"border-left-: solid thin red\"></div>", "<div></div>");
515 sanitize("<div style=\"color:rgba(255, 0, 0, 0.5)\"></div>",
521 // sanitize("<div style=\"font-style:normal!important\"></div>",
523 sanitize("<div style=\"font-style:normal!important\"></div>",
526 // sanitize("<div style=\"font-style:oblique !important\"></div>",
528 sanitize("<div style=\"font-style:oblique !important\"></div>",
530 sanitize("<div style=\"font-style:italic\"></div>",
534 private void sanitize(String dirtyHTML, String expectedHTML) {
