forked from DevExpress/testcafe-hammerhead
-
Notifications
You must be signed in to change notification settings - Fork 1
/
src.html
131 lines (120 loc) · 5.08 KB
/
src.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html manifest="/some.url">
<head>
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=7" />
<link id="stylesheet" rel="stylesheet" type="text/css" href="http://stylesheet.url" integrity="sha384-Li9vy3DqF8tnTXuiaAJuML3ky+er10rcgNR/VqsVpcw+ThHmYcwiB1pbOxEbzJr7" crossorigin="anonymous">
<link rel="prefetch" href="http://prefetch.url">
<link rel="preload" href="http://link.url" as="script">
<link rel="modulepreload" href="http://link.url" as="script">
<script type="text/javascript" src="http://link.url" integrity="sha384-Li9vy3DqF8tnTXuiaAJuML3ky+er10rcgNR/VqsVpcw+ThHmYcwiB1pbOxEbzJr7" crossorigin="anonymous"></script>
<script type="text/javascript" charset="utf-16be" src="http://link.url"></script>
<meta http-equiv="Refresh" content="0;URL=http://link.url/">
<meta http-equiv="Content-Security-Policy" content="default-src https: 'unsafe-inline';">
<meta http-equiv="Content-Security-Policy" id="metaWithoutContentAttr">
<meta name="referrer" content="no-referrer">
<base href="http://base.url">
<title></title>
<style type="text/css">
@import "http://some.url";
@import url("http://some.url");
@import 'http://some.url';
@import url('http://some.url');
.src:hover {
src : 'fakeUrl';
}
.src {
src : 'fakeUrl';
}
.someRule {
background-image: url('http://some.url');
background: repeat-y url('/some/other/url') #fc0;
background-image: url("http://some.url");
background: repeat-y url("/some/other/url") #fc0;
background-image: url(http://some.url);
background: repeat-y url(/some/other/url) #fc0;
}
</style>
<script type="text/javascript">
{ a : window.location }
</script>
<script type="text/javascript">
//<![CDATA[
window.location='test';
location='test';
document.location='test';
document.domain='test';
document.cookie='test';
//]]>
</script>
<script type="text/javascript">
<!--//--><![CDATA[//><!--
var someScript;
//--><!]]>
</script>
<!-- T217636: Health monitor - script incorrectly processes html-comments (flipkart.com) -->
<script type="text/javascript">
<!--<script type="text/javascript">-->
var someScript;
</script>
<script type="module">
import foo from 'foo.js';
foo();
</script>
<link rel="import" href="http://link.url/some-imported-page.html">
</head>
<body>
<map>
<area href="http://link.url">
</map>
<img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAEcAAAARCAYAAAH4YIF">
<a id="link" href="http://link.url"></a>
<a id="httpsLink" href="https://link.url"></a>
<a id="javascriptLink" href="javascript: void(0);"></a>
<a id="mailtoLink" href="mailto: some@e.mail"></a>
<a id="hashLink" href="#42"></a>
<a id="aboutBlankLink" href="about:blank"></a>
<a id="aboutErrorLink" href="about:error"></a>
<img src="about:blank"/>
<iframe src="about:blank"></iframe>
<div id="href-test" class="HP-innerHTML" data-test="{location: 9034, filter: 'dlk4k', action: 349}"></div>
<a href='javascript:onclick("1");'></a>
<a href='javascript:a.src="test"'></a>
<div style="background: url(/image.png)" onclick="window.location='test'; return false;"></div>
<div onclick="javascript:window.location='test'; return false;"></div>
<form id="form" method="post" action="http://post.something.here">
<input type="file" required>
<input formaction="http://input.formaction.com/" />
<button formaction="http://button.formaction.com/"></button>
</form>
<embed id="swf" src="http://some.nice.kitty.image">
<input>
<input type="text" autocomplete="on">
<input type="password" autocomplete="off">
<input type="email" autocomplete>
<iframe src="javascript:'<html><body><a id="link" href="http://link.url"></a></body></html>'"></iframe>
<iframe src='javascript:"<html><body><a id='link' href='http://link.url'> </a></body></html>"'></iframe>
<iframe src="javascript:'<div></div>'"></iframe>
<svg xml:base="http://domain.com/">
<rect xml:base="http://sub.domain.com/">
<use xlink:href="#svg-rect"></use>
</rect>
<use xlink:href="http://domain.com/test.svg#rect"></use>
</svg>
<div xlink:href="http://domain.com/test.svg#rect"></div>
<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink= "http://www.w3.org/1999/xlink">
<image xlink:href="http://domain.com/test.svg">
</image>
<image href="http://domain.com/test.svg">
</image>
</svg>
<a id="wrong-url-1" href="//:0"></a>
<a id="wrong-url-2" href="//:0/"></a>
<a id="wrong-url-3" href="http://test:0"></a>
<a id="wrong-url-4" href="http://test:123456789"></a>
<input formaction="http://input.formaction.com/" />
<button formaction="http://button.formaction.com/"></button>
<iframe srcdoc="<a href='http://link.url'>link</a>"></iframe>
<iframe src="http://cross.domain.com"></iframe>
</body>
</html>