diff options
| author | Andy Staudacher <andy.st@gmail.com> | 2009-08-31 01:11:50 -0700 |
|---|---|---|
| committer | Andy Staudacher <andy.st@gmail.com> | 2009-08-31 01:11:50 -0700 |
| commit | 26f6d8192ffdfd0280987ec2b9df0305e983746d (patch) | |
| tree | 7cd75cd0a04d79dba7c796206759564b0210c47f /modules/gallery/tests/xss_data.txt | |
| parent | ddb84c84e16766c6b79bd7fea61532257e83ef8b (diff) | |
Adding XSS test for href="javascript: and onclick="..."
Diffstat (limited to 'modules/gallery/tests/xss_data.txt')
| -rw-r--r-- | modules/gallery/tests/xss_data.txt | 125 |
1 files changed, 63 insertions, 62 deletions
diff --git a/modules/gallery/tests/xss_data.txt b/modules/gallery/tests/xss_data.txt index 5686bf9e..b22114a4 100644 --- a/modules/gallery/tests/xss_data.txt +++ b/modules/gallery/tests/xss_data.txt @@ -10,12 +10,12 @@ modules/comment/views/admin_comments.html.php 122 DIRTY_JS $item- modules/comment/views/admin_comments.html.php 124 DIRTY $item->thumb_url() modules/comment/views/admin_comments.html.php 126 DIRTY photo::img_dimensions($item->thumb_width,$item->thumb_height,75) modules/comment/views/admin_comments.html.php 134 DIRTY gallery::date($comment->created) -modules/comment/views/admin_comments.html.php 141 DIRTY $comment->id -modules/comment/views/admin_comments.html.php 150 DIRTY $comment->id -modules/comment/views/admin_comments.html.php 159 DIRTY $comment->id -modules/comment/views/admin_comments.html.php 168 DIRTY $comment->id -modules/comment/views/admin_comments.html.php 175 DIRTY $comment->id -modules/comment/views/admin_comments.html.php 183 DIRTY $comment->id +modules/comment/views/admin_comments.html.php 141 DIRTY_JS $comment->id +modules/comment/views/admin_comments.html.php 150 DIRTY_JS $comment->id +modules/comment/views/admin_comments.html.php 159 DIRTY_JS $comment->id +modules/comment/views/admin_comments.html.php 168 DIRTY_JS $comment->id +modules/comment/views/admin_comments.html.php 175 DIRTY_JS $comment->id +modules/comment/views/admin_comments.html.php 183 DIRTY_JS $comment->id modules/comment/views/admin_comments.html.php 196 DIRTY $pager modules/comment/views/comment.html.php 2 DIRTY $comment->id; modules/comment/views/comment.mrss.php 10 DIRTY $feed->uri @@ -69,20 +69,23 @@ modules/gallery/views/admin_languages.html.php 31 DIRTY form:: modules/gallery/views/admin_languages.html.php 102 DIRTY $share_translations_form modules/gallery/views/admin_maintenance.html.php 24 DIRTY log::severity_class($task->severity) modules/gallery/views/admin_maintenance.html.php 24 DIRTY ($i%2==0)?"gOddRow":"gEvenRow" +modules/gallery/views/admin_maintenance.html.php 25 DIRTY log::severity_class($task->severity) modules/gallery/views/admin_maintenance.html.php 26 DIRTY $task->name modules/gallery/views/admin_maintenance.html.php 29 DIRTY $task->description +modules/gallery/views/admin_maintenance.html.php 72 DIRTY $task->state=="stalled"?"gWarning":"" +modules/gallery/views/admin_maintenance.html.php 72 DIRTY ($i%2==0)?"gOddRow":"gEvenRow" modules/gallery/views/admin_maintenance.html.php 73 DIRTY $task->state=="stalled"?"gWarning":"" -modules/gallery/views/admin_maintenance.html.php 73 DIRTY ($i%2==0)?"gOddRow":"gEvenRow" -modules/gallery/views/admin_maintenance.html.php 75 DIRTY gallery::date_time($task->updated) -modules/gallery/views/admin_maintenance.html.php 78 DIRTY $task->name -modules/gallery/views/admin_maintenance.html.php 93 DIRTY $task->status -modules/gallery/views/admin_maintenance.html.php 147 DIRTY $task->state=="success"?"gSuccess":"gError" -modules/gallery/views/admin_maintenance.html.php 147 DIRTY ($i%2==0)?"gOddRow":"gEvenRow" -modules/gallery/views/admin_maintenance.html.php 149 DIRTY gallery::date_time($task->updated) -modules/gallery/views/admin_maintenance.html.php 152 DIRTY $task->name -modules/gallery/views/admin_maintenance.html.php 164 DIRTY $task->status +modules/gallery/views/admin_maintenance.html.php 74 DIRTY gallery::date_time($task->updated) +modules/gallery/views/admin_maintenance.html.php 77 DIRTY $task->name +modules/gallery/views/admin_maintenance.html.php 92 DIRTY $task->status +modules/gallery/views/admin_maintenance.html.php 145 DIRTY $task->state=="success"?"gSuccess":"gError" +modules/gallery/views/admin_maintenance.html.php 145 DIRTY ($i%2==0)?"gOddRow":"gEvenRow" +modules/gallery/views/admin_maintenance.html.php 146 DIRTY $task->state=="success"?"gSuccess":"gError" +modules/gallery/views/admin_maintenance.html.php 147 DIRTY gallery::date_time($task->updated) +modules/gallery/views/admin_maintenance.html.php 150 DIRTY $task->name +modules/gallery/views/admin_maintenance.html.php 162 DIRTY $task->status modules/gallery/views/admin_maintenance_show_log.html.php 13 DIRTY $task->name -modules/gallery/views/admin_maintenance_task.html.php 54 DIRTY $task->name +modules/gallery/views/admin_maintenance_task.html.php 55 DIRTY $task->name modules/gallery/views/admin_modules.html.php 9 DIRTY access::csrf_form_field() modules/gallery/views/admin_modules.html.php 19 DIRTY ($i%2==0)?"gOddRow":"gEvenRow" modules/gallery/views/admin_modules.html.php 22 DIRTY form::checkbox($data,'1',module::is_active($module_name)) @@ -123,45 +126,45 @@ modules/gallery/views/maintenance.html.php 46 DIRTY user:: modules/gallery/views/move_browse.html.php 39 DIRTY $tree modules/gallery/views/move_browse.html.php 43 DIRTY access::csrf_form_field() modules/gallery/views/move_tree.html.php 2 DIRTY $parent->thumb_img(array(),25); -modules/gallery/views/move_tree.html.php 4 DIRTY $parent->id -modules/gallery/views/move_tree.html.php 6 DIRTY $parent->id +modules/gallery/views/move_tree.html.php 4 DIRTY_JS $parent->id +modules/gallery/views/move_tree.html.php 6 DIRTY_JS $parent->id modules/gallery/views/move_tree.html.php 8 DIRTY $parent->id modules/gallery/views/move_tree.html.php 10 DIRTY $child->id modules/gallery/views/move_tree.html.php 11 DIRTY $child->thumb_img(array(),25); -modules/gallery/views/move_tree.html.php 13 DIRTY $child->id -modules/gallery/views/move_tree.html.php 15 DIRTY $child->id +modules/gallery/views/move_tree.html.php 13 DIRTY_JS $child->id +modules/gallery/views/move_tree.html.php 15 DIRTY_JS $child->id modules/gallery/views/movieplayer.html.php 2 DIRTY html::anchor($item->file_url(true),"",$attrs) modules/gallery/views/movieplayer.html.php 5 DIRTY $attrs["id"] modules/gallery/views/permissions_browse.html.php 41 DIRTY $parent->id -modules/gallery/views/permissions_browse.html.php 42 DIRTY $parent->id +modules/gallery/views/permissions_browse.html.php 42 DIRTY_JS $parent->id modules/gallery/views/permissions_browse.html.php 47 DIRTY $item->id -modules/gallery/views/permissions_browse.html.php 48 DIRTY $item->id +modules/gallery/views/permissions_browse.html.php 48 DIRTY_JS $item->id modules/gallery/views/permissions_browse.html.php 55 DIRTY $form -modules/gallery/views/permissions_form.html.php 24 DIRTY $lock->id -modules/gallery/views/permissions_form.html.php 32 DIRTY $group->id -modules/gallery/views/permissions_form.html.php 32 DIRTY $permission->id -modules/gallery/views/permissions_form.html.php 32 DIRTY $item->id -modules/gallery/views/permissions_form.html.php 36 DIRTY $group->id -modules/gallery/views/permissions_form.html.php 36 DIRTY $permission->id -modules/gallery/views/permissions_form.html.php 36 DIRTY $item->id -modules/gallery/views/permissions_form.html.php 43 DIRTY $group->id -modules/gallery/views/permissions_form.html.php 43 DIRTY $permission->id -modules/gallery/views/permissions_form.html.php 43 DIRTY $item->id -modules/gallery/views/permissions_form.html.php 47 DIRTY $group->id -modules/gallery/views/permissions_form.html.php 47 DIRTY $permission->id -modules/gallery/views/permissions_form.html.php 47 DIRTY $item->id -modules/gallery/views/permissions_form.html.php 56 DIRTY $group->id -modules/gallery/views/permissions_form.html.php 56 DIRTY $permission->id -modules/gallery/views/permissions_form.html.php 56 DIRTY $item->id -modules/gallery/views/permissions_form.html.php 63 DIRTY $group->id -modules/gallery/views/permissions_form.html.php 63 DIRTY $permission->id -modules/gallery/views/permissions_form.html.php 63 DIRTY $item->id -modules/gallery/views/permissions_form.html.php 74 DIRTY $group->id -modules/gallery/views/permissions_form.html.php 74 DIRTY $permission->id -modules/gallery/views/permissions_form.html.php 74 DIRTY $item->id -modules/gallery/views/permissions_form.html.php 79 DIRTY $group->id -modules/gallery/views/permissions_form.html.php 79 DIRTY $permission->id -modules/gallery/views/permissions_form.html.php 79 DIRTY $item->id +modules/gallery/views/permissions_form.html.php 24 DIRTY_JS $lock->id +modules/gallery/views/permissions_form.html.php 32 DIRTY_JS $group->id +modules/gallery/views/permissions_form.html.php 32 DIRTY_JS $permission->id +modules/gallery/views/permissions_form.html.php 32 DIRTY_JS $item->id +modules/gallery/views/permissions_form.html.php 36 DIRTY_JS $group->id +modules/gallery/views/permissions_form.html.php 36 DIRTY_JS $permission->id +modules/gallery/views/permissions_form.html.php 36 DIRTY_JS $item->id +modules/gallery/views/permissions_form.html.php 43 DIRTY_JS $group->id +modules/gallery/views/permissions_form.html.php 43 DIRTY_JS $permission->id +modules/gallery/views/permissions_form.html.php 43 DIRTY_JS $item->id +modules/gallery/views/permissions_form.html.php 47 DIRTY_JS $group->id +modules/gallery/views/permissions_form.html.php 47 DIRTY_JS $permission->id +modules/gallery/views/permissions_form.html.php 47 DIRTY_JS $item->id +modules/gallery/views/permissions_form.html.php 56 DIRTY_JS $group->id +modules/gallery/views/permissions_form.html.php 56 DIRTY_JS $permission->id +modules/gallery/views/permissions_form.html.php 56 DIRTY_JS $item->id +modules/gallery/views/permissions_form.html.php 63 DIRTY_JS $group->id +modules/gallery/views/permissions_form.html.php 63 DIRTY_JS $permission->id +modules/gallery/views/permissions_form.html.php 63 DIRTY_JS $item->id +modules/gallery/views/permissions_form.html.php 74 DIRTY_JS $group->id +modules/gallery/views/permissions_form.html.php 74 DIRTY_JS $permission->id +modules/gallery/views/permissions_form.html.php 74 DIRTY_JS $item->id +modules/gallery/views/permissions_form.html.php 79 DIRTY_JS $group->id +modules/gallery/views/permissions_form.html.php 79 DIRTY_JS $permission->id +modules/gallery/views/permissions_form.html.php 79 DIRTY_JS $item->id modules/gallery/views/upgrader.html.php 44 DIRTY $module->version==$module->code_version?"current":"upgradeable" modules/gallery/views/upgrader.html.php 45 DIRTY $id modules/gallery/views/upgrader.html.php 49 DIRTY $module->version @@ -188,12 +191,12 @@ modules/organize/views/organize_thumb_grid.html.php 5 DIRTY $child modules/organize/views/organize_thumb_grid.html.php 6 DIRTY $child->thumb_img(array("class"=>"gThumbnail","ref"=>$child->id),90,true) modules/organize/views/organize_tree.html.php 2 DIRTY access::can("edit",$album)?"":"gViewOnly" modules/organize/views/organize_tree.html.php 3 DIRTY $album->id -modules/organize/views/organize_tree.html.php 7 DIRTY $selected&&$album->id==$selected->id?"selected":"" -modules/organize/views/organize_tree.html.php 9 DIRTY $album->id -modules/organize/views/organize_tree.html.php 15 DIRTY View::factory("organize_tree.html",array("selected"=>$selected,"album"=>$child)); -modules/organize/views/organize_tree.html.php 17 DIRTY access::can("edit",$child)?"":"gViewOnly" -modules/organize/views/organize_tree.html.php 18 DIRTY $child->id -modules/organize/views/organize_tree.html.php 21 DIRTY $child->id +modules/organize/views/organize_tree.html.php 6 DIRTY $selected&&$album->id==$selected->id?"selected":"" +modules/organize/views/organize_tree.html.php 7 DIRTY $album->id +modules/organize/views/organize_tree.html.php 13 DIRTY View::factory("organize_tree.html",array("selected"=>$selected,"album"=>$child)); +modules/organize/views/organize_tree.html.php 15 DIRTY access::can("edit",$child)?"":"gViewOnly" +modules/organize/views/organize_tree.html.php 16 DIRTY $child->id +modules/organize/views/organize_tree.html.php 19 DIRTY $child->id modules/recaptcha/views/admin_recaptcha.html.php 10 DIRTY $form modules/recaptcha/views/admin_recaptcha.html.php 23 DIRTY $public_key modules/recaptcha/views/form_recaptcha.html.php 7 DIRTY $public_key @@ -234,7 +237,7 @@ modules/search/views/search.html.php 30 DIRTY $item_ modules/search/views/search.html.php 32 DIRTY $item->thumb_img() modules/server_add/views/admin_server_add.html.php 15 DIRTY $id modules/server_add/views/admin_server_add.html.php 24 DIRTY $form -modules/server_add/views/server_add_tree.html.php 12 DIRTY html::js_string($dir) +modules/server_add/views/server_add_tree.html.php 12 DIRTY_JS html::js_string($dir) modules/server_add/views/server_add_tree.html.php 20 DIRTY is_dir($file)?"ui-icon-folder-collapsed":"ui-icon-document" modules/server_add/views/server_add_tree_dialog.html.php 23 DIRTY $tree modules/tag/views/admin_tags.html.php 13 DIRTY $csrf @@ -252,8 +255,8 @@ modules/user/views/admin_users.html.php 83 DIRTY ($user modules/user/views/admin_users.html.php 121 DIRTY $group->id modules/user/views/admin_users.html.php 121 DIRTY ($group->special?"gDefaultGroup":"") modules/user/views/admin_users.html.php 123 DIRTY $v -modules/user/views/admin_users_group.html.php 22 DIRTY $user->id -modules/user/views/admin_users_group.html.php 22 DIRTY $group->id +modules/user/views/admin_users_group.html.php 22 DIRTY_JS $user->id +modules/user/views/admin_users_group.html.php 22 DIRTY_JS $group->id modules/user/views/login_ajax.html.php 37 DIRTY $form modules/watermark/views/admin_watermarks.html.php 19 DIRTY $width modules/watermark/views/admin_watermarks.html.php 19 DIRTY $height @@ -293,8 +296,6 @@ themes/default/views/dynamic.html.php 14 DIRTY $child themes/default/views/dynamic.html.php 15 DIRTY $child->thumb_url() themes/default/views/dynamic.html.php 16 DIRTY $child->thumb_width themes/default/views/dynamic.html.php 17 DIRTY $child->thumb_height -themes/default/views/footer.html.php 4 DIRTY $footer_text -themes/default/views/header.html.php 5 DIRTY $header_text themes/default/views/movie.html.php 8 DIRTY_JS $previous_item->url() themes/default/views/movie.html.php 18 DIRTY_JS $next_item->url() themes/default/views/movie.html.php 28 DIRTY $item->movie_img(array("class"=>"gMovie","id"=>"gMovieId-{$item->id}")) @@ -304,10 +305,10 @@ themes/default/views/page.html.php 32 DIRTY_JS $theme themes/default/views/page.html.php 41 DIRTY $new_width themes/default/views/page.html.php 42 DIRTY $new_height themes/default/views/page.html.php 43 DIRTY $thumb_proportion -themes/default/views/page.html.php 79 DIRTY newView("header.html") -themes/default/views/page.html.php 86 DIRTY $content -themes/default/views/page.html.php 92 DIRTY newView("sidebar.html") -themes/default/views/page.html.php 97 DIRTY newView("footer.html") +themes/default/views/page.html.php 82 DIRTY $header_text +themes/default/views/page.html.php 112 DIRTY $content +themes/default/views/page.html.php 118 DIRTY newView("sidebar.html") +themes/default/views/page.html.php 125 DIRTY $footer_text themes/default/views/pager.html.php 13 DIRTY_JS str_replace('{page}',1,$url) themes/default/views/pager.html.php 20 DIRTY_JS str_replace('{page}',$previous_page,$url) themes/default/views/pager.html.php 27 DIRTY $from_to_msg |