diff options
Diffstat (limited to 'mod/htmlawed/vendors/htmLawed/htmLawed_TESTCASE.txt')
| -rwxr-xr-x[-rw-r--r--] | mod/htmlawed/vendors/htmLawed/htmLawed_TESTCASE.txt | 101 |
1 files changed, 90 insertions, 11 deletions
diff --git a/mod/htmlawed/vendors/htmLawed/htmLawed_TESTCASE.txt b/mod/htmlawed/vendors/htmLawed/htmLawed_TESTCASE.txt index ea24b1839..c5cccaaba 100644..100755 --- a/mod/htmlawed/vendors/htmLawed/htmLawed_TESTCASE.txt +++ b/mod/htmlawed/vendors/htmLawed/htmLawed_TESTCASE.txt @@ -1,8 +1,8 @@ /* -htmLawed_TESTCASE.txt, 22 December 2009 -htmLawed 1.1.9, 22 December 2009 +htmLawed_TESTCASE.txt, 27 August 2013 +htmLawed 1.1.16, 29 August 2013 Copyright Santosh Patnaik -GPL v3 license +Dual licensed with LGPL 3 and GPL 2+ A PHP Labware internal utility - http://www.bioinformatics.org/phplabware/internal_utilities/htmLawed */ @@ -27,6 +27,8 @@ character encoding to Unicode/UTF-8 <strong>Duplicated:</strong> <a id="id5" id="id6">a</a><br /> <strong>Deprecated:</strong> <a id="id7" target="self" name="n">a</a>, <hr noshade="noshade" /><br /> <strong>Casing:</strong> <a HREF=""></a><br /> +<strong>Custom:</strong> <img alt="image" my:data="portrait" /><br /> +<strong>Data-*:</strong> <a data-xml="x" data-xmnt="x" data-xmlnt="x" data-xmn:t="x" data-xmxm="x">a</a><br /> <strong>Admin-restricted?:</strong> <a href="x" onclick="alert();"></a> <h6>Attribute values</h6> @@ -46,6 +48,11 @@ character encoding to Unicode/UTF-8 <blockquote><div>abc</div>def</blockquote><br /> <blockquote>abc<div>def</div>ghi</blockquote><br /> abc<div>def</div>ghi<br /> +<blockquote>QQQ<div>x</div><!-- comment --></blockquote><br /> +<blockquote><div>x</div><!-- comment -->QQQ</blockquote><br /> +<blockquote><!-- comment --><div>x</div>QQQ<div>x</div></blockquote><br /> +<blockquote><div>x<!-- comment --></div>QQQ</blockquote><p>x</p><br /> +<br /> (try with blockquote parent) <h6>CDATA sections</h6> @@ -94,6 +101,15 @@ The PHP <s>software</s> script used for this <strike>web-page</strike> webpage i <area href="5" shape="Rect" coords="0,0,118,28"> </map></object> +<param name="name">value</param> + +<object id="obj1"> + <param name="param1"> + <object id="obj2"> + <param name="param2"> + </object> +</object> + <h6>Complex-4: nested and other tables</h6> <table border="1" bgcolor="red"> <tr> <td> Cell </td> <td colspan="2" rowspan="2"> <table border="1" bgcolor="green"> <tr> <td> Cell </td> <td colspan="2" rowspan="2"> </td> </tr> <tr> <td> Cell </td> </tr> <tr> <td> Cell </td> <td> Cell </td> <td> Cell </td> </tr> </table> </td> </tr> <tr> <td> Cell </td> </tr> <tr> <td> Cell </td> <td> Cell </td> <td> Cell </td> </tr> </table><br /> @@ -119,8 +135,9 @@ Disallowed tag p <strong>Invalid:</strong> <image src="s" alt="a" /><br /> <strong>Empty:</strong> <img src="s" alt="a" />, <img src="s" alt="a"></img>, <img src="s" alt="a">text</img><br /> <strong>Content invalid:</strong> <a href="h">1<a>2</a></a><br /> -<strong>Content invalid?:</strong> <form></form><br /> (try setting 'form' as parent) -<strong>Casing:</strong> <A href=""></a> +<strong>Content invalid?:</strong> <form></form><br /> (try setting 'form' as parent)<br /> +<strong>Casing:</strong> <A href=""></a><br /> +<strong>Check for tidy:</strong> <br /><hr /></div><hr /></div><hr /></div><div>hi</div> <h6>Entities</h6> @@ -181,10 +198,20 @@ text <img src="none" alt="none" /> <b>t<em> e <strong> x </strong> t</em></b> <h6>HTML comments (also CDATA)</h6> -Special characters inside: <!-- <![CDATA check ]]> -->, <!-- 3 < 4 > 3.5, & 4 > 4 -->, <!-- che--ck -->, <!--[if !IE]> <--><a>c</a><!--> <![endif]--><br /> -Normal: <!-- check -->, <!--check -->, <em>comment:<!-- check --></em><!-- check -->, <table><!-- check --><tr><td>text not allowed</td></tr></table><br /> -Malformed: <![cdata check ]]>, < ![CDATA check ]]>, < ![CDATA check ] ]><br /> -Invalid: <em <!-- check -->>comment in tag content</em>, <!--check--> +<strong>Script inside:</strong> <!--[if gte IE 4]> +<SCRIPT>alert('XSS');</SCRIPT> +<![endif]--><br /> +<strong>Special characters inside: <!-- <![CDATA check ]]> -->, <!-- 3 < 4 > 3.5, & 4 > 4 -->, <!-- che--ck -->, <!--[if !IE]> <--><a>c</a><!--> <![endif]--><br /> +<strong>Normal:</strong> <!-- check -->, <!--check -->, <em>comment:<!-- check --></em><!-- check -->, <table><!-- check --><tr><td>text not allowed</td></tr></table><br /> +<strong>Malformed:</strong> <![cdata check ]]>, < ![CDATA check ]]>, < ![CDATA check ] ]><br /> +Invalid:</strong> <em <!-- check -->>comment in tag content</em>, <!--check--> + +<h6>HTML5</h6> + +<strong>figure and figcaption:</strong> <figure><img src="picture.jpg" alt="picture"><figcaption>Caption for the awesome picture</figcaption></figure> +<strong>article:</strong> <h1>A</h1><p>B</p><article><h2>C</h2></article><article><h2>E</h2><p>F</p><p>G</p></article> +<strong>meter</strong>: <p>Heat <meter min="100" max="200" value="150">150</meter>.</p> +<strong>datalist</strong>: <input list="b" /><datalist id="b"><option value="c"><option value="d"></datalist> <h6>Ins-Del</h6> @@ -224,6 +251,11 @@ Invalid: <em <!-- check -->>comment in tag content</em>, <!--check--> <li>l3</li> <li>l4<ol><li>lo3</li><li>lo4<ol><li>lo5</li></ol></li></ol></li> </ul><br /> +<strong>Nested, directly</strong>: <ul> + <li>l1</li> + <ol>l2</ol> + <li>l3</li> +</ul><br /> <strong>Nested, close-tags omitted</strong>: <ul> <li>l1</li> <li>l2<ol><li>lo1<li>lo2</ol> @@ -241,6 +273,27 @@ Invalid: <em <!-- check -->>comment in tag content</em>, <!--check--> </form> </li></ul> </td></tr></table></li></ol> +<strong>Menu</strong>: <menu type="toolbar"><li><menu label="File"> + <button type="button" onclick="new()">New...</button> + </menu></li><li><menu label="Edit"><button type="button" onclick="cut()">Cut...</button></menu></li> + </menu> + +<h6>Microdata</h6> + +<div itemscope itemtype="http://data-vocabulary.org/Person"> +I am <span itemprop="name">X</span> but people call me <span itemprop="nickname">Y</span>. +Find me at <a href="http://www.xy.com" itemprop="url">www.xy.com</a> +</div> + +<h6>Microsoft Word</h6> + +<strong>Proprietary tag</strong>: <p class=3DMsoNormal><o:p> </o:p></p><br /> +<strong>XML declaration</strong>: <?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" /><br /> +<strong>XML-invalid character code-point (may not replicate)</strong>: <p class=3DMsoNormal>“Where is he?” asked both Mary – the one so lovely – and Jane.</p> + +<h6>Nesting</h6> + +<strong>Block or inline a</strong>: <p><a href="link">text</a></p><a href="link"><div>hi</div></a><br /> <h6>Non-English text-1</h6> @@ -289,6 +342,7 @@ na Alemanha. <rp>(</rp><rt>aaa</rt><rp>)</rp> </ruby> + <h6>Tables</h6> <strong>Omitted closing tags:</strong> <table> @@ -315,12 +369,21 @@ na Alemanha. <tr><td>r2c1<td>r2c2 </table><br /> +<h6>Tag transformation</h6> +<strong>Font element intended as 'inline' element:</strong> <p><font color='red'>hi</font></p><br /> +<strong>Font element intended as 'block' element:</strong> <div><font color='red'><div>hi</div></font></div><br /> +<strong>Font element intended as 'block' element:</strong> <center><font color='red'><div>hi</div><div>QQQ</div></font></center><br /> + +<h6>Tidy</h6> +<strong>White-space handling:</strong> abc<em> def </em> ghi abc <em>def</em> ghi + <h6>URLs</h6> <strong>Relative and absolute:</strong> <a href="mailto:x"></a>, <a href="http://a.com/b/c/d.f"></a>, <a href="./../d.f"></a>, <a href="./d.f"></a>, <a href="d.f"></a>, <a href="#s"></a>, <a href="./../../d.f#s"></a><br /> (try base URL value of 'http://a.com/b/')<br /> <strong>CSS URLs:</strong> <div style="background-image: url('a.gif');"></div>, <div style="background-image: URL("a.gif");"></div>, <div style="background-image: url('http://a.com/a.gif');"></div>, <div style="background-image: url('./../a.gif');"></div>, <div style="background-image: url('js:xss')"></div><br /> -<strong>Anti-spam:</strong> (try regex for 'http://a.com', etc.) <a href="mailto:x@y.com"></a>, <a href="http://a.com/b@d.f"></a>, <a href="a.com/d.f" rel="nofollow"></a>, <a href="a.com/d.f" rel="1, 2"></a>, <a href="a.com/d.f"></a>, <a href="b.com/d.f"></a>, <a href="c.com/d.f"></a><br /> +<strong>Double URLs:</strong> <a style="behaviour: url(foo) url(http://example.com/xss.htc)">b</a><br /> +<strong>Anti-spam:</strong> (try regex for 'http://a.com', etc.) <a href="mailto:x@y.com"></a>, <a href="http://a.com/b@d.f"></a>, <a href="a.com/d.f" rel="nofollow"></a>, <a href="a.com/d.f" rel="1, 2"></a>, <a href="a.com/d.f"></a>, <a href="b.com/d.f"></a>, <a href="c.com/d.f">, <a href="denied:http://c.com/d.f"></a><br /> <h6>XSS</h6> @@ -339,6 +402,7 @@ src=javascript:al <a style=";-moz-binding:url(http://lukasz.pilorz.net/xss/xss.xml#xss)" href="http://example.com">test</a><br /> <strong>Bad IE7:</strong> <a href="http://x&x=%22+style%3d%22background-image%3a+expression%28alert %28%27xss%3f%29%29">x</a><br /> +<strong>Opera:</strong> <a href="\xE2\x80\x83javascript:alert(123)">link</a> <strong>Bad IE7:</strong> <a style=color:expr/*comment*/ession(alert(document.domain))>xxx</a><br /> <strong>Bad IE7:</strong> <a href="xxx" style="background: expression(alert('xss'));">xxx</a><br /> <strong>Bad IE7:</strong> <a href="xxx" style="background: expression(alert('xss'));">xxx</a><br /> @@ -368,4 +432,19 @@ script:eval(document.all.mycode.expr)')">hi</a><br /> 3 < 4 <br /> 3 > 4 <br /> - > 3 <br />
\ No newline at end of file + > 3 <br /> +<._.> hi! <br /> +<<< ALERT >>> <br /> +<![if !vml]> some stuff <![endif]> <br /> +<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" /> <br /> +<uml:ns ns = "urn:www"> <br /> +<uml:ns ns = 'urn:www'> <br /> +if(13<age AND 21>age){say 'teen'} <br /> +age >51 and a smoking history of >51 pack-years <b>was</b> <br /> +age > 51 and a smoking history of >51 pack-years <b>was</b> <br /> +age <51 and a smoking history of <51 pack-years <b>was</b> <br /> +age < 51 and a smoking history of < 51 pack-years <b>was</b> <br /> +<b>age >51 and a smoking history of >51 pack-years</b> <br /> +<b>age > 51 and a smoking history of >51 pack-years</b> <br /> +<b>age <51 and a smoking history of <51 pack-years</b> <br /> +<b>age < 51 and a smoking history of < 51 pack-years</b> <br />
\ No newline at end of file |