<!-- Description: item description is crazy Expect: not bozo and entries[0]['description'] == u'Crazy HTML -' + u'- Can Your Regex Parse This?\n\n\n\n<!-' + u'- <script> -' + u'->\n\n<!-' + u'- \n\t<script> \n-' + u'->\n\n\n\nfunction executeMe()\n{\n\n\n\n\n/* \n<h1>Did The Javascript Execute?</h1>\n<div>\nI will execute here, too, if you mouse over me\n</div>' --> <rss version="2.0"> <channel> <title>Crazy RSS</title> <description>Contains unsafe script</description> <link>http://crazy.example.com/</link> <language>en</language> <item> <description> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title>Crazy HTML -- Can Your Regex Parse This?</title> </head> <body notRealAttribute="value"onload="executeMe();"foo="bar" > <!-- <script> --> <!-- <script> --> </script> <script > function executeMe() { /* <script> function am_i_javascript() { var str = "Some innocuously commented out stuff"; } < /script> */ alert("Executed"); } </script > <h1>Did The Javascript Execute?</h1> <div notRealAttribute="value "onmouseover=" executeMe(); "foo="bar"> I will execute here, too, if you mouse over me </div> </body> </html> </description> </item> </channel> </rss>