mirror of
https://github.com/moparisthebest/SickRage
synced 2024-11-18 23:35:03 -05:00
0e82c5f573
Adjusted code for custom RSS feed parsing now that feedparser does the parsing for us all we do is pull the data from the returned entries.
81 lines
1.4 KiB
XML
81 lines
1.4 KiB
XML
<!--
|
|
Description: item description is crazy
|
|
Expect: not bozo and entries[0]['description'] == u'Crazy HTML -' + u'- Can Your Regex Parse This?\n\n\n\n<!-' + u'- <script> -' + u'->\n\n<!-' + u'- \n\t<script> \n-' + u'->\n\n\n\nfunction executeMe()\n{\n\n\n\n\n/* \n<h1>Did The Javascript Execute?</h1>\n<div>\nI will execute here, too, if you mouse over me\n</div>'
|
|
-->
|
|
<rss version="2.0">
|
|
<channel>
|
|
<title>Crazy RSS</title>
|
|
<description>Contains unsafe script</description>
|
|
<link>http://crazy.example.com/</link>
|
|
<language>en</language>
|
|
<item>
|
|
<description>
|
|
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
|
|
|
|
<html xmlns="http://www.w3.org/1999/xhtml">
|
|
<head>
|
|
<title>Crazy HTML -- Can Your Regex Parse This?</title>
|
|
|
|
</head>
|
|
<body notRealAttribute="value"onload="executeMe();"foo="bar"
|
|
|
|
>
|
|
<!-- <script> -->
|
|
|
|
<!--
|
|
<script>
|
|
-->
|
|
|
|
</script>
|
|
|
|
|
|
<script
|
|
|
|
|
|
>
|
|
|
|
function executeMe()
|
|
{
|
|
|
|
|
|
|
|
|
|
/* <script>
|
|
function am_i_javascript()
|
|
{
|
|
var str = "Some innocuously commented out stuff";
|
|
}
|
|
< /script>
|
|
*/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
alert("Executed");
|
|
}
|
|
|
|
</script
|
|
|
|
|
|
|
|
>
|
|
<h1>Did The Javascript Execute?</h1>
|
|
<div notRealAttribute="value
|
|
"onmouseover="
|
|
executeMe();
|
|
"foo="bar">
|
|
I will execute here, too, if you mouse over me
|
|
</div>
|
|
|
|
</body>
|
|
|
|
</html>
|
|
</description>
|
|
</item>
|
|
</channel>
|
|
</rss> |