mirror of
https://github.com/minetest/contentdb.git
synced 2024-12-22 22:12:24 +01:00
Add XSS strings to test data
This commit is contained in:
parent
595d6ea3b6
commit
5e60cb83de
@ -304,6 +304,38 @@ No warranty is provided, express or implied, for any part of the project.
|
||||
game1.desc = """
|
||||
As seen on the Capture the Flag server (minetest.rubenwardy.com:30000)
|
||||
|
||||
` `[`javascript:/*--></title></style></textarea></script></xmp><svg/onload='+/"/+/onmouseover=1/+/`](javascript:/*--%3E%3C/title%3E%3C/style%3E%3C/textarea%3E%3C/script%3E%3C/xmp%3E%3Csvg/onload='+/%22/+/onmouseover=1/+/)`[*/[]/+alert(1)//'>`
|
||||
|
||||
<IMG SRC="javascript:alert('XSS');">
|
||||
|
||||
<IMG SRC=javascript:alert(&quot;XSS&quot;)>
|
||||
|
||||
``<IMG SRC=`javascript:alert("RSnake says, 'XSS'")`>``
|
||||
|
||||
\<a onmouseover="alert(document.cookie)"\>xxs link\</a\>
|
||||
|
||||
\<a onmouseover=alert(document.cookie)\>xxs link\</a\>
|
||||
|
||||
<IMG SRC=javascript:alert(String.fromCharCode(88,83,83))>
|
||||
|
||||
<script>alert("hello");</script>
|
||||
|
||||
<SCRIPT SRC=`[`http://xss.rocks/xss.js></SCRIPT>`](http://xss.rocks/xss.js%3E%3C/SCRIPT%3E)`;`
|
||||
|
||||
`<IMG \"\"\">`
|
||||
|
||||
<SCRIPT>
|
||||
|
||||
alert("XSS")
|
||||
|
||||
</SCRIPT>
|
||||
|
||||
<IMG SRC= onmouseover="alert('xxs')">
|
||||
|
||||
<img src=x onerror="javascript:alert('XSS')">
|
||||
|
||||
"\>
|
||||
|
||||
Uses the CTF PvP Engine.
|
||||
"""
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user