public void AnchorTagContentReplaceXSSTest() { // Arrange HtmlAgilityPackSanitizerProvider target = new HtmlAgilityPackSanitizerProvider(); Dictionary<string, string[]> elementWhiteList = CreateElementWhiteList(); Dictionary<string, string[]> attributeWhiteList = CreateAttributeWhiteList(); // Act string htmlFragment = "<A HREF=\"http://www.gohttp://www.google.com/ogle.com/\">XSS</A>"; string actual = target.GetSafeHtmlFragment(htmlFragment, elementWhiteList); // Assert string expected = "<A HREF=\"http://www.gohttp://www.google.com/ogle.com/\">XSS</A>"; StringAssert.AreEqualIgnoringCase(expected, actual); }
public void MakeSureItSanitized() { var target = new HtmlAgilityPackSanitizerProvider(); var elementWhiteList = CreateElementWhiteList(); var attributeWhiteList = CreateAttributeWhiteList(); var htmlFragment = (string)TestContext.DataRow["code"]; var label = " ---> " + (string)TestContext.DataRow["label"]; var actual = target.GetSafeHtmlFragment(htmlFragment, elementWhiteList, attributeWhiteList); if (htmlFragment != "See Below") { Assert.AreNotEqual(htmlFragment, actual, true, label); } }
public void ImageXSS2Test() { // Arrange HtmlAgilityPackSanitizerProvider target = new HtmlAgilityPackSanitizerProvider(); Dictionary<string, string[]> elementWhiteList = CreateElementWhiteList(); Dictionary<string, string[]> attributeWhiteList = CreateAttributeWhiteList(); // Act string htmlFragment = "<IMG SRC=javascript:alert('XSS')>"; string actual = target.GetSafeHtmlFragment(htmlFragment, elementWhiteList); // Assert string expected = "<IMG SRC=\":alert(&#39;XSS&#39;)\">"; StringAssert.AreEqualIgnoringCase(expected, actual); }
public void AnchorTagNoQuotesXSSTest() { // Arrange HtmlAgilityPackSanitizerProvider target = new HtmlAgilityPackSanitizerProvider(); Dictionary<string, string[]> elementWhiteList = CreateElementWhiteList(); Dictionary<string, string[]> attributeWhiteList = CreateAttributeWhiteList(); // Act string htmlFragment = "<A HREF=\"http://www.codeplex.com?url=<SCRIPT>a=/XSS/alert(a.source)</SCRIPT>\">XSS</A>"; string actual = target.GetSafeHtmlFragment(htmlFragment, elementWhiteList); // Assert string expected = "<A HREF=\"http://www.codeplex.com?url=&lt;&gt;a=/XSS/alert(a.source)&lt;/&gt;\">XSS</A>"; StringAssert.AreEqualIgnoringCase(expected, actual); }
public void AnchorTagDownlevelHiddenBlockXSSTest() { // Arrange HtmlAgilityPackSanitizerProvider target = new HtmlAgilityPackSanitizerProvider(); Dictionary<string, string[]> elementWhiteList = CreateElementWhiteList(); Dictionary<string, string[]> attributeWhiteList = CreateAttributeWhiteList(); // Act string htmlFragment = "<A HREF=\"http://www.codeplex.com?url=<!--[if gte IE 4]><SCRIPT>alert('XSS');</SCRIPT><![endif]-->\">XSS</A>"; string actual = target.GetSafeHtmlFragment(htmlFragment, elementWhiteList); // Assert string expected = "<A HREF=\"http://www.codeplex.com?url=&lt;!--[if gte IE 4]&gt;&lt;&gt;alert(&#39;XSS&#39;);&lt;/&gt;&lt;![endif]--&gt;\">XSS</A>"; StringAssert.AreEqualIgnoringCase(expected, actual); }
public void DivExtraneousOpenBracketsXSSTest() { // Arrange HtmlAgilityPackSanitizerProvider target = new HtmlAgilityPackSanitizerProvider(); Dictionary<string, string[]> elementWhiteList = CreateElementWhiteList(); Dictionary<string, string[]> attributeWhiteList = CreateAttributeWhiteList(); // Act string htmlFragment = "<Div style=\"background-color: http://www.codeplex.com?url=<<SCRIPT>alert(\"XSS\");//<</SCRIPT>\">"; string actual = target.GetSafeHtmlFragment(htmlFragment, elementWhiteList); // Assert string expected = "<Div style=\"background-color: http://www.codeplex.com?url=&lt;&lt;&gt;alert(\"></Div>\">"; StringAssert.AreEqualIgnoringCase(expected, actual); }
public void PWithUrlInStyleXSSTest() { // Arrange HtmlAgilityPackSanitizerProvider target = new HtmlAgilityPackSanitizerProvider(); Dictionary<string, string[]> elementWhiteList = CreateElementWhiteList(); Dictionary<string, string[]> attributeWhiteList = CreateAttributeWhiteList(); // Act string htmlFragment = "<p STYLE=\"behavior: url(www.ha.ckers.org);\">"; string actual = target.GetSafeHtmlFragment(htmlFragment, elementWhiteList); // Assert // intentionally keep it failing to get notice when reviewing unit tests so can disucss string expected = "<p STYLE=\": url(www.ha.ckers.org);\">"; StringAssert.AreEqualIgnoringCase(expected, actual); }
public void DivBackgroundImageXSSTest() { // Arrange HtmlAgilityPackSanitizerProvider target = new HtmlAgilityPackSanitizerProvider(); Dictionary<string, string[]> elementWhiteList = CreateElementWhiteList(); Dictionary<string, string[]> attributeWhiteList = CreateAttributeWhiteList(); // Act string htmlFragment = "<DIV STYLE=\"background-image: url(javascript:alert('XSS'))\">"; string actual = target.GetSafeHtmlFragment(htmlFragment, elementWhiteList); // Assert string expected = "<DIV STYLE=\"background-image: url(:alert(&#39;XSS&#39;))\"></div>"; StringAssert.AreEqualIgnoringCase(expected, actual); }
public void XmlWithEmbeddedScriptXSSTest() { // Arrange HtmlAgilityPackSanitizerProvider target = new HtmlAgilityPackSanitizerProvider(); Dictionary<string, string[]> elementWhiteList = CreateElementWhiteList(); Dictionary<string, string[]> attributeWhiteList = CreateAttributeWhiteList(); // Act string htmlFragment = "<XML SRC=\"xsstest.xml\" ID=I></XML><SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML></SPAN>"; string actual = target.GetSafeHtmlFragment(htmlFragment, elementWhiteList); // Assert string expected = "<SPAN></SPAN>"; StringAssert.AreEqualIgnoringCase(expected, actual); }
public void AnchorTagStyleExpressionXSSTest() { // Arrange HtmlAgilityPackSanitizerProvider target = new HtmlAgilityPackSanitizerProvider(); Dictionary<string, string[]> elementWhiteList = CreateElementWhiteList(); Dictionary<string, string[]> attributeWhiteList = CreateAttributeWhiteList(); // Act string htmlFragment = "exp/*<A STYLE='no\\xss:noxss(\"*//*\");xss:ex/*XSS*//*/*/pression(alert(\"XSS\"))'>"; string actual = target.GetSafeHtmlFragment(htmlFragment, elementWhiteList); // Assert string expected = "exp/*<a></a>"; StringAssert.AreEqualIgnoringCase(expected, actual); }
public void XmlWithCDataXSSTest() { // Arrange HtmlAgilityPackSanitizerProvider target = new HtmlAgilityPackSanitizerProvider(); Dictionary<string, string[]> elementWhiteList = CreateElementWhiteList(); Dictionary<string, string[]> attributeWhiteList = CreateAttributeWhiteList(); // Act string htmlFragment = "<XML ID=I><X><C><![CDATA[<IMG SRC=\"javas]]><![CDATA[cript:alert('XSS');\">]]></C></X></xml><SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML></SPAN>"; string actual = target.GetSafeHtmlFragment(htmlFragment, elementWhiteList); // Assert string expected = "<SPAN></SPAN>"; StringAssert.AreEqualIgnoringCase(expected, actual); }
public void XmlWithCommentObfuscationXSSTest() { // Arrange HtmlAgilityPackSanitizerProvider target = new HtmlAgilityPackSanitizerProvider(); Dictionary<string, string[]> elementWhiteList = CreateElementWhiteList(); Dictionary<string, string[]> attributeWhiteList = CreateAttributeWhiteList(); // Act string htmlFragment = "<XML ID=\"xss\"><I><B><IMG SRC=\"javas<!-- -->cript:alert('XSS')\"></B></I></XML><SPAN DATASRC=\"#xss\" DATAFLD=\"B\" DATAFORMATAS=\"HTML\"></SPAN>"; string actual = target.GetSafeHtmlFragment(htmlFragment, elementWhiteList); // Assert string expected = "<SPAN></SPAN>"; StringAssert.AreEqualIgnoringCase(expected, actual); }
public void XmlNamespaceXSSTest() { // Arrange HtmlAgilityPackSanitizerProvider target = new HtmlAgilityPackSanitizerProvider(); Dictionary<string, string[]> elementWhiteList = CreateElementWhiteList(); Dictionary<string, string[]> attributeWhiteList = CreateAttributeWhiteList(); // Act string htmlFragment = "<HTML xmlns:xss> <?import namespace=\"xss\" implementation=\"http://ha.ckers.org/xss.htc\"> <xss:xss>XSS</xss:xss></HTML>"; string actual = target.GetSafeHtmlFragment(htmlFragment, elementWhiteList); // Assert string expected = ""; StringAssert.AreEqualIgnoringCase(expected, actual); }
public void TDXSSTest() { // Arrange HtmlAgilityPackSanitizerProvider target = new HtmlAgilityPackSanitizerProvider(); Dictionary<string, string[]> elementWhiteList = CreateElementWhiteList(); Dictionary<string, string[]> attributeWhiteList = CreateAttributeWhiteList(); // Act string htmlFragment = "<TABLE><TD BACKGROUND=\"javascript:alert('XSS')\">"; string actual = target.GetSafeHtmlFragment(htmlFragment, elementWhiteList); // Assert string expected = ""; StringAssert.AreEqualIgnoringCase(expected, actual); }
public void PWithWapExtension() { // Arrange HtmlAgilityPackSanitizerProvider target = new HtmlAgilityPackSanitizerProvider(); Dictionary<string, string[]> elementWhiteList = CreateElementWhiteList(); Dictionary<string, string[]> attributeWhiteList = CreateAttributeWhiteList(); // Act string htmlFragment = "<p style=\"display: -wap-marquee; -wap-marquee-dir: ltr\">Hello, welcome to our WCSS Tutorial.</p>"; string actual = target.GetSafeHtmlFragment(htmlFragment, elementWhiteList); // Assert string expected = "<p style=\"display: marquee; marquee-dir: ltr\">Hello, welcome to our WCSS Tutorial.</p>"; StringAssert.AreEqualIgnoringCase(expected, actual); }
public void AnchorTagOctalEncodingXSSTest() { // Arrange HtmlAgilityPackSanitizerProvider target = new HtmlAgilityPackSanitizerProvider(); Dictionary<string, string[]> elementWhiteList = CreateElementWhiteList(); Dictionary<string, string[]> attributeWhiteList = CreateAttributeWhiteList(); // Act string htmlFragment = "<A HREF=\"http://0102.0146.0007.00000223/\">XSS</A>"; string actual = target.GetSafeHtmlFragment(htmlFragment, elementWhiteList); // Assert string expected = "<A HREF=\"http://0102.0146.0007.00000223/\">XSS</A>"; StringAssert.AreEqualIgnoringCase(expected, actual); }
public void AnchorTagUrlEncodingXSSTest() { // Arrange HtmlAgilityPackSanitizerProvider target = new HtmlAgilityPackSanitizerProvider(); Dictionary<string, string[]> elementWhiteList = CreateElementWhiteList(); Dictionary<string, string[]> attributeWhiteList = CreateAttributeWhiteList(); // Act string htmlFragment = "<A HREF=\"http://%77%77%77%2E%67%6F%6F%67%6C%65%2E%63%6F%6D\">XSS</A>"; string actual = target.GetSafeHtmlFragment(htmlFragment, elementWhiteList); // Assert string expected = "<A HREF=\"http://%77%77%77%2E%67%6F%6F%67%6C%65%2E%63%6F%6D\">XSS</A>"; StringAssert.AreEqualIgnoringCase(expected, actual); }
public void AnchorTagProtocolResolutionScriptXSSTest() { // Arrange HtmlAgilityPackSanitizerProvider target = new HtmlAgilityPackSanitizerProvider(); Dictionary<string, string[]> elementWhiteList = CreateElementWhiteList(); Dictionary<string, string[]> attributeWhiteList = CreateAttributeWhiteList(); // Act string htmlFragment = "<A HREF=\"http://www.codeplex.com?url=<SCRIPT SRC=//ha.ckers.org/.j>\">XSS</A>"; string actual = target.GetSafeHtmlFragment(htmlFragment, elementWhiteList); // Assert string expected = "<A HREF=\"http://www.codeplex.com?url=&lt;SRC=//ha.ckers.org/.j&gt;\">XSS</A>"; StringAssert.AreEqualIgnoringCase(expected, actual); }
public void BRJavascriptIncludeXSSTest() { // Arrange HtmlAgilityPackSanitizerProvider target = new HtmlAgilityPackSanitizerProvider(); Dictionary<string, string[]> elementWhiteList = CreateElementWhiteList(); Dictionary<string, string[]> attributeWhiteList = CreateAttributeWhiteList(); // Act string htmlFragment = "<BR SIZE=\"&{alert('XSS')}\">"; string actual = target.GetSafeHtmlFragment(htmlFragment, elementWhiteList); // Assert string expected = "<BR>"; StringAssert.AreEqualIgnoringCase(expected, actual); }
public void XSSLocatorTest() { // Arrange HtmlAgilityPackSanitizerProvider target = new HtmlAgilityPackSanitizerProvider(); Dictionary<string, string[]> elementWhiteList = CreateElementWhiteList(); Dictionary<string, string[]> attributeWhiteList = CreateAttributeWhiteList(); // Act string htmlFragment = "<a href=\"'';!--\"<XSS>=&{()}\">"; string actual = target.GetSafeHtmlFragment(htmlFragment, elementWhiteList); // Assert string expected = "<a href=\"&#39;&#39;;!--\"></a>"; Assert.AreEqual(expected, actual); }
public void LinkWithWebKitCSS() { // Arrange HtmlAgilityPackSanitizerProvider target = new HtmlAgilityPackSanitizerProvider(); Dictionary<string, string[]> elementWhiteList = CreateElementWhiteList(); Dictionary<string, string[]> attributeWhiteList = CreateAttributeWhiteList(); // Act string htmlFragment = "<link rel=\"stylesheet\" media=\"screen and -webkit-min-device-pixel-ratio: 0\" href=\"webkit.css\">"; string actual = target.GetSafeHtmlFragment(htmlFragment, elementWhiteList); // Assert string expected = "<link rel=\"stylesheet\" media=\"screen and minpixel-ratio: 0\" href=\"webkit.css\">"; StringAssert.AreEqualIgnoringCase(expected, actual); }
public void AnchorTagUSASCIIEncodingXSSTest() { // Arrange HtmlAgilityPackSanitizerProvider target = new HtmlAgilityPackSanitizerProvider(); Dictionary<string, string[]> elementWhiteList = CreateElementWhiteList(); Dictionary<string, string[]> attributeWhiteList = CreateAttributeWhiteList(); // Act string htmlFragment = "<A HREF=\"http://www.codeplex.com?url=¼script¾alert(¢XSS¢)¼/script¾\">XSS</A>"; string actual = target.GetSafeHtmlFragment(htmlFragment, elementWhiteList); // Assert string expected = "<A HREF=\"http://www.codeplex.com?url=&#188;&#190;alert(&#162;XSS&#162;)&#188;/&#190;\">XSS</A>"; StringAssert.AreEqualIgnoringCase(expected, actual); }
public void AnchorTagHtmlQuotesEncapsulation7XSSTest() { // Arrange HtmlAgilityPackSanitizerProvider target = new HtmlAgilityPackSanitizerProvider(); Dictionary<string, string[]> elementWhiteList = CreateElementWhiteList(); Dictionary<string, string[]> attributeWhiteList = CreateAttributeWhiteList(); // Act string htmlFragment = "<A HREF=\"http://www.codeplex.com?url=<SCRIPT>document.write(\"<SCRI\");</SCRIPT>PT SRC=\"http://ha.ckers.org/xss.js\"></SCRIPT>\">XSS</A>"; string actual = target.GetSafeHtmlFragment(htmlFragment, elementWhiteList); // Assert string expected = "<A HREF=\"http://www.codeplex.com?url=&lt;&gt;document.write(\"></a>PT SRC=\"http://ha.ckers.org/xss.js\">\">XSS"; StringAssert.AreEqualIgnoringCase(expected, actual); }
public void DivBackgroundImageWithUnicodedXSSTest() { // Arrange HtmlAgilityPackSanitizerProvider target = new HtmlAgilityPackSanitizerProvider(); Dictionary<string, string[]> elementWhiteList = CreateElementWhiteList(); Dictionary<string, string[]> attributeWhiteList = CreateAttributeWhiteList(); // Act string htmlFragment = "<DIV STYLE=\"background-image:\0075\0072\006C\0028'\006a\0061\0076\0061\0073\0063\0072\0069\0070\0074\003a\0061\006c\0065\0072\0074\0028.1027\0058.1053\0053\0027\0029'\0029\">"; string actual = target.GetSafeHtmlFragment(htmlFragment, elementWhiteList); // Assert string expected = "<DIV STYLE=\"background-image:�075�072�06C�028&#39;�06a�061�076�061�073�063�072�069�070�074�03a�061�06c�065�072�074�028.1027�058.1053�053�027�029&#39;�029\"></div>"; StringAssert.AreEqualIgnoringCase(expected, actual); }
public void AnchorTagIPVersesHostnameXSSTest() { // Arrange HtmlAgilityPackSanitizerProvider target = new HtmlAgilityPackSanitizerProvider(); Dictionary<string, string[]> elementWhiteList = CreateElementWhiteList(); Dictionary<string, string[]> attributeWhiteList = CreateAttributeWhiteList(); // Act string htmlFragment = "<A HREF=\"http://66.102.7.147/\">XSS</A>"; string actual = target.GetSafeHtmlFragment(htmlFragment, elementWhiteList); // Assert string expected = "<A HREF=\"http://66.102.7.147/\">XSS</A>"; StringAssert.AreEqualIgnoringCase(expected, actual); }
public void DivDoubleSuspiciousWordHtmlQuotesEncapsulation7XSSTest() { // Arrange HtmlAgilityPackSanitizerProvider target = new HtmlAgilityPackSanitizerProvider(); Dictionary<string, string[]> elementWhiteList = CreateElementWhiteList(); Dictionary<string, string[]> attributeWhiteList = CreateAttributeWhiteList(); // Act string htmlFragment = "<Div style=\"background-color: expexpressionression(<SCRIPT>document.write(\"<SCRI\");</SCRIPT>PT SRC=\"http://ha.ckers.org/xss.js\"></SCRIPT>)\">"; string actual = target.GetSafeHtmlFragment(htmlFragment, elementWhiteList); // Assert string expected = "<Div style=\"background-color:(&lt;&gt;document.write(\"></div>PT SRC=\"http://ha.ckers.org/xss.js\">)\">"; StringAssert.AreEqualIgnoringCase(expected, actual); }
public void AnchorTagJavascriptLinkLocationXSSTest() { // Arrange HtmlAgilityPackSanitizerProvider target = new HtmlAgilityPackSanitizerProvider(); Dictionary<string, string[]> elementWhiteList = CreateElementWhiteList(); Dictionary<string, string[]> attributeWhiteList = CreateAttributeWhiteList(); // Act string htmlFragment = "<A HREF=\"javascript:document.location='http://www.google.com/'\">XSS</A>"; string actual = target.GetSafeHtmlFragment(htmlFragment, elementWhiteList); // Assert string expected = "<A HREF=\":document.location=&#39;http://www.google.com/&#39;\">XSS</A>"; StringAssert.AreEqualIgnoringCase(expected, actual); }
public void DivExpressionXSSTest() { // Arrange HtmlAgilityPackSanitizerProvider target = new HtmlAgilityPackSanitizerProvider(); Dictionary<string, string[]> elementWhiteList = CreateElementWhiteList(); Dictionary<string, string[]> attributeWhiteList = CreateAttributeWhiteList(); // Act string htmlFragment = "<DIV STYLE=\"width: expression(alert('XSS'));\">"; string actual = target.GetSafeHtmlFragment(htmlFragment, elementWhiteList); // Assert string expected = "<DIV STYLE=\"width:(alert(&#39;XSS&#39;));\"></Div>"; StringAssert.AreEqualIgnoringCase(expected, actual); }
public void AnchorTagMixedEncodingXSSTest() { // Arrange HtmlAgilityPackSanitizerProvider target = new HtmlAgilityPackSanitizerProvider(); Dictionary<string, string[]> elementWhiteList = CreateElementWhiteList(); Dictionary<string, string[]> attributeWhiteList = CreateAttributeWhiteList(); // Act string htmlFragment = @"<A HREF=""h tt p://6	6.000146.0x7.147/"">XSS</A>"; string actual = target.GetSafeHtmlFragment(htmlFragment, elementWhiteList); // Assert string expected = "<A HREF=\"h
tt	p://6&amp;#9;6.000146.0x7.147/\">XSS</A>"; StringAssert.AreEqualIgnoringCase(expected, actual); }
public void DivHtmlQuotesEncapsulation5XSSTest() { // Arrange HtmlAgilityPackSanitizerProvider target = new HtmlAgilityPackSanitizerProvider(); Dictionary<string, string[]> elementWhiteList = CreateElementWhiteList(); Dictionary<string, string[]> attributeWhiteList = CreateAttributeWhiteList(); // Act string htmlFragment = "<Div style=\"background-color: http://www.codeplex.com?url=<SCRIPT a=`>` SRC=\"http://ha.ckers.org/xss.js\"></SCRIPT>\">"; string actual = target.GetSafeHtmlFragment(htmlFragment, elementWhiteList); // Assert string expected = "<Div style=\"background-color: http://www.codeplex.com?url=&lt;a=`&gt;` SRC=\">\"></Div>"; StringAssert.AreEqualIgnoringCase(expected, actual); }
public void AnchorTagNonAlphaNonDigitXSSTest() { // Arrange HtmlAgilityPackSanitizerProvider target = new HtmlAgilityPackSanitizerProvider(); Dictionary<string, string[]> elementWhiteList = CreateElementWhiteList(); Dictionary<string, string[]> attributeWhiteList = CreateAttributeWhiteList(); // Act string htmlFragment = "<A HREF=\"http://www.codeplex.com?url=<SCRIPT/XSS SRC=\"http://ha.ckers.org/xss.js\"></SCRIPT>\">XSS</A>"; string actual = target.GetSafeHtmlFragment(htmlFragment, elementWhiteList); // Assert string expected = "<A HREF=\"http://www.codeplex.com?url=&lt;/XSS SRC=\">\">XSS</A>"; StringAssert.AreEqualIgnoringCase(expected, actual); }