test-xss.html 898 B

123456789101112131415161718192021222324252627282930
  1. <!DOCTYPE HTML>
  2. <html>
  3. <head>
  4. <meta charset="UTF-8">
  5. <title>xss-test</title>
  6. <script src="../dist/template-native.js"></script>
  7. </head>
  8. <body>
  9. <div id="content"></div>
  10. <script id="test" type="text/html">
  11. <!--<img title="这是没转义的输出" src="<%=#url_0%>" />-->
  12. <img src="<%=url_1%>" />
  13. <img src="<%=url_2%>" />
  14. <img src="<%=url_3%>" data-index="<%=index%>" />
  15. </script>
  16. <script>
  17. var data = {
  18. url_0: 'http://mat1.gtimg.com/www/images/qq2012/qqlogo_1x.png?" onload="alert(\'no escape\')"',
  19. url_1: 'http://mat1.gtimg.com/www/images/qq2012/qqlogo_1x.png?" onload=alert(1)',
  20. url_2: 'http://mat1.gtimg.com/www/images/qq2012/qqlogo_1x.png?&#34; onload=alert(2)',
  21. url_3: 'http://mat1.gtimg.com/www/images/qq2012/qqlogo_1x.png?\\',
  22. index: '\\&quot;&#38;#34; onload=alert(2)'
  23. };
  24. var html = template('test', data);
  25. document.getElementById('content').innerHTML = html;
  26. </script>
  27. </body>
  28. </html>