1 files changed, 22 insertions, 0 deletions

diff --git a/modules/organize/tests/xss_data.txt b/modules/organize/tests/xss_data.txt
new file mode 100644
index 00000000..ced5602b
--- /dev/null
+++ b/modules/organize/tests/xss_data.txt
@@ -0,0 +1,22 @@
+modules/organize/views/organize_dialog.html.php              3   DIRTY_JS url::site("organize/move_to/__ALBUM_ID__?csrf=$csrf")
+modules/organize/views/organize_dialog.html.php              4   DIRTY_JS url::site("organize/rearrange/__TARGET_ID__/__BEFORE__?csrf=$csrf")
+modules/organize/views/organize_dialog.html.php              5   DIRTY_JS url::site("organize/sort_order/__ALBUM_ID__/__COL__/__DIR__?csrf=$csrf")
+modules/organize/views/organize_dialog.html.php              6   DIRTY_JS url::site("organize/tree/__ALBUM_ID__")
+modules/organize/views/organize_dialog.html.php              14  DIRTY    $album_tree
+modules/organize/views/organize_dialog.html.php              24  DIRTY    $micro_thumb_grid
+modules/organize/views/organize_dialog.html.php              32  DIRTY    form::dropdown(array("id"=>"g-organize-sort-column"),album::get_sort_order_options(),$album->sort_column)
+modules/organize/views/organize_dialog.html.php              33  DIRTY    form::dropdown(array("id"=>"g-organize-sort-order"),array("ASC"=>"Ascending","DESC"=>"Descending"),$album->sort_order)
+modules/organize/views/organize_thumb_grid.html.php          3   DIRTY_ATTR $child->id
+modules/organize/views/organize_thumb_grid.html.php          4   DIRTY_ATTR $child->id
+modules/organize/views/organize_thumb_grid.html.php          5   DIRTY_ATTR $child->is_album()?"g-album":"g-photo"
+modules/organize/views/organize_thumb_grid.html.php          6   DIRTY    $child->thumb_img(array("class"=>"g-thumbnail","ref"=>$child->id),90,true)
+modules/organize/views/organize_thumb_grid.html.php          7   DIRTY    $child->is_album()?" class=\"ui-icon ui-icon-note\"":""
+modules/organize/views/organize_thumb_grid.html.php          15  DIRTY_JS url::site("organize/album/$album->id/".($offset+25))
+modules/organize/views/organize_tree.html.php                2   DIRTY_ATTR access::can("edit",$album)?"":"g-view-only"
+modules/organize/views/organize_tree.html.php                3   DIRTY_ATTR $album->id
+modules/organize/views/organize_tree.html.php                6   DIRTY_ATTR $selected&&$album->id==$selected->id?"selected":""
+modules/organize/views/organize_tree.html.php                7   DIRTY_ATTR $album->id
+modules/organize/views/organize_tree.html.php                13  DIRTY    View::factory("organize_tree.html",array("selected"=>$selected,"album"=>$child));
+modules/organize/views/organize_tree.html.php                15  DIRTY_ATTR access::can("edit",$child)?"":"g-view-only"
+modules/organize/views/organize_tree.html.php                16  DIRTY_ATTR $child->id
+modules/organize/views/organize_tree.html.php                18  DIRTY_ATTR $child->id