-
-
Notifications
You must be signed in to change notification settings - Fork 559
/
entry_content_crazy.data
84 lines (52 loc) · 1.5 KB
/
entry_content_crazy.data
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
Description: entry content is crazy
Expect: not bozo and entries[0]['content'][0]['value'] == u'Crazy HTML -' + u'- Can Your Regex Parse This?\n\n\n\n<!-' + u'- <script> -' + u'->\n\n<!-' + u'- \n\t<script> \n-' + u'->\n\n\n\nfunction executeMe()\n{\n\n\n\n\n/* \n<h1>Did The Javascript Execute?</h1>\n<div>\nI will execute here, too, if you mouse over me\n</div>'
Options: -page_structure
Notes: for some reason the comments in the expected field are acting weird
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Crazy HTML -- Can Your Regex Parse This?</title>
</head>
<body notRealAttribute="value"onload="executeMe();"foo="bar"
>
<!-- <script> -->
<!--
<script>
-->
</script>
<script
>
function executeMe()
{
/* <script>
function am_i_javascript()
{
var str = "Some innocuously commented out stuff";
}
< /script>
*/
alert("Executed");
}
</script
>
<h1>Did The Javascript Execute?</h1>
<div notRealAttribute="value
"onmouseover="
executeMe();
"foo="bar">
I will execute here, too, if you mouse over me
</div>
</body>
</html>
----------
<html>
<head>
<title>Crazy HTML -- Can Your Regex Parse This?</title>
</head>
<body>
<h1>Did The Javascript Execute?</h1>
<div>
I will execute here, too, if you mouse over me
</div>
</body>
</html>