Skip to content

Commit 41dec4d

Browse files
sidharthv96sidharthv96
committed
Fix XSS htmls
1 parent 91478ca commit 41dec4d

18 files changed

+544
-437
lines changed

cypress/platform/xss10.html

+33-27
Original file line numberDiff line numberDiff line change
@@ -1,20 +1,25 @@
11
<html>
22
<head>
3+
<link href="https://fonts.googleapis.com/css?family=Montserrat&display=swap" rel="stylesheet" />
4+
<link href="https://unpkg.com/tailwindcss@^1.0/dist/tailwind.min.css" rel="stylesheet" />
35
<link
4-
href="https://fonts.googleapis.com/css?family=Montserrat&display=swap"
6+
rel="stylesheet"
7+
href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css"
8+
/>
9+
<link
10+
href="https://fonts.googleapis.com/css?family=Noto+Sans+SC&display=swap"
511
rel="stylesheet"
612
/>
7-
<link href="https://unpkg.com/tailwindcss@^1.0/dist/tailwind.min.css" rel="stylesheet">
8-
<link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css">
9-
<link href="https://fonts.googleapis.com/css?family=Noto+Sans+SC&display=swap" rel="stylesheet">
1013
<style>
1114
body {
1215
/* background: rgb(221, 208, 208); */
1316
/* background:#333; */
1417
font-family: 'Arial';
1518
/* font-size: 18px !important; */
16-
}
17-
h1 { color: grey;}
19+
}
20+
h1 {
21+
color: grey;
22+
}
1823
.mermaid2 {
1924
display: none;
2025
}
@@ -23,9 +28,9 @@
2328
}
2429
.malware {
2530
position: fixed;
26-
bottom:0;
27-
left:0;
28-
right:0;
31+
bottom: 0;
32+
left: 0;
33+
right: 0;
2934
height: 150px;
3035
background: red;
3136
color: black;
@@ -43,7 +48,8 @@
4348
<div class="flex">
4449
<div id="diagram" class="mermaid"></div>
4550
<div id="res" class=""></div>
46-
<script src="./mermaid.js"></script>
51+
</div>
52+
<script src="./mermaid.js"></script>
4753
<script>
4854
mermaid.parseError = function (err, hash) {
4955
// console.error('Mermaid error: ', err);
@@ -59,8 +65,8 @@
5965
flowchart: {
6066
// defaultRenderer: 'dagre-wrapper',
6167
nodeSpacing: 10,
62-
curve: 'cardinal',
63-
htmlLabels: true,
68+
curve: 'cardinal',
69+
htmlLabels: true,
6470
},
6571
htmlLabels: true,
6672
// gantt: { axisFormat: '%m/%d/%Y' },
@@ -76,8 +82,8 @@
7682
// themeVariables: {relationLabelColor: 'red'}
7783
});
7884
function callback() {
79-
alert('It worked');
80-
}
85+
alert('It worked');
86+
}
8187
function xssAttack() {
8288
const div = document.createElement('div');
8389
div.id = 'the-malware';
@@ -88,20 +94,20 @@
8894
}
8995

9096
var diagram = 'classDiagram\n';
91-
diagram += 'class Square~<img/src';
92-
diagram += "='1'/onerror=xssAttack()>~{\n";
93-
diagram += 'id A\n';
94-
diagram += '}';
97+
diagram += 'class Square~<img/src';
98+
diagram += "='1'/onerror=xssAttack()>~{\n";
99+
diagram += 'id A\n';
100+
diagram += '}';
95101

96-
// var diagram = "stateDiagram-v2\n";
97-
// diagram += "<img/src='1'/onerror"
98-
// diagram += "=xssAttack()> --> B";
99-
console.log(diagram);
100-
// document.querySelector('#diagram').innerHTML = diagram;
101-
mermaid.render('diagram', diagram, (res) => {
102-
console.log(res);
103-
document.querySelector('#res').innerHTML = res;
104-
});
102+
// var diagram = "stateDiagram-v2\n";
103+
// diagram += "<img/src='1'/onerror"
104+
// diagram += "=xssAttack()> --> B";
105+
console.log(diagram);
106+
// document.querySelector('#diagram').innerHTML = diagram;
107+
mermaid.render('diagram', diagram, (res) => {
108+
console.log(res);
109+
document.querySelector('#res').innerHTML = res;
110+
});
105111
</script>
106112
</body>
107113
</html>

cypress/platform/xss11.html

+32-26
Original file line numberDiff line numberDiff line change
@@ -1,20 +1,25 @@
11
<html>
22
<head>
3+
<link href="https://fonts.googleapis.com/css?family=Montserrat&display=swap" rel="stylesheet" />
4+
<link href="https://unpkg.com/tailwindcss@^1.0/dist/tailwind.min.css" rel="stylesheet" />
35
<link
4-
href="https://fonts.googleapis.com/css?family=Montserrat&display=swap"
6+
rel="stylesheet"
7+
href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css"
8+
/>
9+
<link
10+
href="https://fonts.googleapis.com/css?family=Noto+Sans+SC&display=swap"
511
rel="stylesheet"
612
/>
7-
<link href="https://unpkg.com/tailwindcss@^1.0/dist/tailwind.min.css" rel="stylesheet">
8-
<link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css">
9-
<link href="https://fonts.googleapis.com/css?family=Noto+Sans+SC&display=swap" rel="stylesheet">
1013
<style>
1114
body {
1215
/* background: rgb(221, 208, 208); */
1316
/* background:#333; */
1417
font-family: 'Arial';
1518
/* font-size: 18px !important; */
16-
}
17-
h1 { color: grey;}
19+
}
20+
h1 {
21+
color: grey;
22+
}
1823
.mermaid2 {
1924
display: none;
2025
}
@@ -23,9 +28,9 @@
2328
}
2429
.malware {
2530
position: fixed;
26-
bottom:0;
27-
left:0;
28-
right:0;
31+
bottom: 0;
32+
left: 0;
33+
right: 0;
2934
height: 150px;
3035
background: red;
3136
color: black;
@@ -43,7 +48,8 @@
4348
<div class="flex">
4449
<div id="diagram" class="mermaid"></div>
4550
<div id="res" class=""></div>
46-
<script src="./mermaid.js"></script>
51+
</div>
52+
<script src="./mermaid.js"></script>
4753
<script>
4854
mermaid.parseError = function (err, hash) {
4955
// console.error('Mermaid error: ', err);
@@ -59,8 +65,8 @@
5965
flowchart: {
6066
// defaultRenderer: 'dagre-wrapper',
6167
nodeSpacing: 10,
62-
curve: 'cardinal',
63-
htmlLabels: true,
68+
curve: 'cardinal',
69+
htmlLabels: true,
6470
},
6571
htmlLabels: true,
6672
// gantt: { axisFormat: '%m/%d/%Y' },
@@ -76,8 +82,8 @@
7682
// themeVariables: {relationLabelColor: 'red'}
7783
});
7884
function callback() {
79-
alert('It worked');
80-
}
85+
alert('It worked');
86+
}
8187
function xssAttack() {
8288
const div = document.createElement('div');
8389
div.id = 'the-malware';
@@ -87,19 +93,19 @@
8793
throw new Error('XSS Succeeded');
8894
}
8995

90-
var diagram = 'stateDiagram-v2\n';
91-
diagram += 's2 : This is a state description<img/src';
92-
diagram += "='1'/onerror=xssAttack()>";
96+
var diagram = 'stateDiagram-v2\n';
97+
diagram += 's2 : This is a state description<img/src';
98+
diagram += "='1'/onerror=xssAttack()>";
9399

94-
// var diagram = "stateDiagram-v2\n";
95-
// diagram += "<img/src='1'/onerror"
96-
// diagram += "=xssAttack()> --> B";
97-
console.log(diagram);
98-
// document.querySelector('#diagram').innerHTML = diagram;
99-
mermaid.render('diagram', diagram, (res) => {
100-
console.log(res);
101-
document.querySelector('#res').innerHTML = res;
102-
});
100+
// var diagram = "stateDiagram-v2\n";
101+
// diagram += "<img/src='1'/onerror"
102+
// diagram += "=xssAttack()> --> B";
103+
console.log(diagram);
104+
// document.querySelector('#diagram').innerHTML = diagram;
105+
mermaid.render('diagram', diagram, (res) => {
106+
console.log(res);
107+
document.querySelector('#res').innerHTML = res;
108+
});
103109
</script>
104110
</body>
105111
</html>

cypress/platform/xss12.html

+32-26
Original file line numberDiff line numberDiff line change
@@ -1,20 +1,25 @@
11
<html>
22
<head>
3+
<link href="https://fonts.googleapis.com/css?family=Montserrat&display=swap" rel="stylesheet" />
4+
<link href="https://unpkg.com/tailwindcss@^1.0/dist/tailwind.min.css" rel="stylesheet" />
35
<link
4-
href="https://fonts.googleapis.com/css?family=Montserrat&display=swap"
6+
rel="stylesheet"
7+
href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css"
8+
/>
9+
<link
10+
href="https://fonts.googleapis.com/css?family=Noto+Sans+SC&display=swap"
511
rel="stylesheet"
612
/>
7-
<link href="https://unpkg.com/tailwindcss@^1.0/dist/tailwind.min.css" rel="stylesheet">
8-
<link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css">
9-
<link href="https://fonts.googleapis.com/css?family=Noto+Sans+SC&display=swap" rel="stylesheet">
1013
<style>
1114
body {
1215
/* background: rgb(221, 208, 208); */
1316
/* background:#333; */
1417
font-family: 'Arial';
1518
/* font-size: 18px !important; */
16-
}
17-
h1 { color: grey;}
19+
}
20+
h1 {
21+
color: grey;
22+
}
1823
.mermaid2 {
1924
display: none;
2025
}
@@ -23,9 +28,9 @@
2328
}
2429
.malware {
2530
position: fixed;
26-
bottom:0;
27-
left:0;
28-
right:0;
31+
bottom: 0;
32+
left: 0;
33+
right: 0;
2934
height: 150px;
3035
background: red;
3136
color: black;
@@ -43,7 +48,8 @@
4348
<div class="flex">
4449
<div id="diagram" class="mermaid"></div>
4550
<div id="res" class=""></div>
46-
<script src="./mermaid.js"></script>
51+
</div>
52+
<script src="./mermaid.js"></script>
4753
<script>
4854
mermaid.parseError = function (err, hash) {
4955
// console.error('Mermaid error: ', err);
@@ -59,8 +65,8 @@
5965
flowchart: {
6066
// defaultRenderer: 'dagre-wrapper',
6167
nodeSpacing: 10,
62-
curve: 'cardinal',
63-
htmlLabels: true,
68+
curve: 'cardinal',
69+
htmlLabels: true,
6470
},
6571
htmlLabels: true,
6672
// gantt: { axisFormat: '%m/%d/%Y' },
@@ -76,8 +82,8 @@
7682
// themeVariables: {relationLabelColor: 'red'}
7783
});
7884
function callback() {
79-
alert('It worked');
80-
}
85+
alert('It worked');
86+
}
8187
function xssAttack() {
8288
const div = document.createElement('div');
8389
div.id = 'the-malware';
@@ -87,19 +93,19 @@
8793
throw new Error('XSS Succeeded');
8894
}
8995

90-
var diagram = 'stateDiagram-v2\n';
91-
diagram += 's2 : A<img/src';
92-
diagram += "='1'/onerror=xssAttack()>";
96+
var diagram = 'stateDiagram-v2\n';
97+
diagram += 's2 : A<img/src';
98+
diagram += "='1'/onerror=xssAttack()>";
9399

94-
// var diagram = "stateDiagram-v2\n";
95-
// diagram += "<img/src='1'/onerror"
96-
// diagram += "=xssAttack()> --> B";
97-
console.log(diagram);
98-
// document.querySelector('#diagram').innerHTML = diagram;
99-
mermaid.render('diagram', diagram, (res) => {
100-
console.log(res);
101-
document.querySelector('#res').innerHTML = res;
102-
});
100+
// var diagram = "stateDiagram-v2\n";
101+
// diagram += "<img/src='1'/onerror"
102+
// diagram += "=xssAttack()> --> B";
103+
console.log(diagram);
104+
// document.querySelector('#diagram').innerHTML = diagram;
105+
mermaid.render('diagram', diagram, (res) => {
106+
console.log(res);
107+
document.querySelector('#res').innerHTML = res;
108+
});
103109
</script>
104110
</body>
105111
</html>

0 commit comments

Comments
 (0)