blob: a0bbcbe4eb040722d78c5e410e8045ecf7d8e3ef (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
|
<!DOCTYPE html>
<meta charset=utf-8>
<title>valid src</title>
<iframe src="file:///"></iframe><!-- scheme-file-slash-slash-slash-only -->
<iframe src="http://a:@www.example.com"></iframe><!-- userinfo-password-empty -->
<iframe src="foo://///////"></iframe><!-- scheme-private-path-leading-slashes-only -->
<iframe src="file://abc|/foo/bar"></iframe><!-- scheme-file-slash-slash-abc-bar -->
<iframe src="/a/b/c"></iframe><!-- path-simple-relative -->
<iframe src="http://example.com/你好你好"></iframe><!-- path-unicode-han -->
<iframe src="/a/%2f/c"></iframe><!-- path-percent-encoded-slash-plus-slashes-relative -->
<iframe src="http://f:/c"></iframe><!-- port-none-but-colon -->
<iframe src="http://example.com/foo%41%7a"></iframe><!-- path-percent-encoded-multiple -->
<iframe src="http://192.168.0.257/"></iframe><!-- host-IP-address-broken -->
<iframe src="madeupscheme:example.com/"></iframe><!-- scheme-private-no-slash -->
<iframe src="?"></iframe><!-- query-empty-no-path-relative -->
<iframe src="http://example.com/%20foo"></iframe><!-- path-percent-encoded-space -->
<iframe src="mailto:/example.com/"></iframe><!-- scheme-mailto-single-slash -->
<iframe src="::"></iframe><!-- path-leading-colon-colon-relative -->
<iframe src="http://example.com/%3A%3a%3C%3c"></iframe><!-- path-percent-encoded-mixed-case -->
<iframe src="http://user:pass@foo:21/bar;par?b#c"></iframe><!-- userinfo -->
<iframe src="ws:/example.com/"></iframe><!-- scheme-ws-single-slash -->
<iframe src="foo://"></iframe><!-- scheme-private-slash-slash -->
<iframe src="#"></iframe><!-- fragment-empty-hash-only-no-path-relative -->
<iframe src="http://f:00000000000000/c"></iframe><!-- port-00000000000000 -->
<iframe src="foo:////://///"></iframe><!-- scheme-private-path-leading-slashes-colon-slashes -->
<iframe src=":23"></iframe><!-- path-leading-colon-number-relative -->
<iframe src="foo:/"></iframe><!-- scheme-private-slash -->
<iframe src="http://💩"></iframe><!-- host-is-pile-of-poo -->
<iframe src="file:test"></iframe><!-- scheme-file-no-slash -->
<iframe src="file://C|/foo/bar"></iframe><!-- scheme-file-slash-slash-c-bar -->
<iframe src="#/"></iframe><!-- fragment-slash-relative -->
<iframe src="http://192.0x00A80001"></iframe><!-- host-192.0x00A80001 -->
<iframe src="foo.com"></iframe><!-- scheme-none-relative -->
<iframe src="http💩//:foo"></iframe><!-- path-contains-pile-of-poo -->
<iframe src="File://foo/bar.html"></iframe><!-- scheme-file-uppercase -->
<iframe src=":/"></iframe><!-- path-leading-colon-slash-relative -->
<iframe src="http://www.foo。bar.com"></iframe><!-- host-exotic-dot -->
<iframe src="http://GOOgoo.com"></iframe><!-- host-exotic-whitespace -->
<iframe src="file:///foo/bar.txt"></iframe><!-- scheme-file-host-empty -->
<iframe src="javascript:/example.com/"></iframe><!-- scheme-javascript-single-slash -->
<iframe src="gopher:/example.com/"></iframe><!-- scheme-gopher-single-slash -->
<iframe src="ftps:example.com/"></iframe><!-- scheme-ftps-no-slash -->
<iframe src="file://server/foo/bar"></iframe><!-- scheme-file-host-included -->
<iframe src="http://example.com/foo%00"></iframe><!-- path-percent-encoded-u0000 -->
<iframe src="a:foo.com"></iframe><!-- scheme-private -->
<iframe src=":"></iframe><!-- path-colon-relative -->
<iframe src="http://:b@www.example.com"></iframe><!-- userinfo-user-empty -->
<iframe src="file:/"></iframe><!-- scheme-file-slash-only -->
<iframe src="wss:example.com/"></iframe><!-- scheme-wss-no-slash -->
<iframe src="::23"></iframe><!-- path-colon-colon-number-relative -->
<iframe src="/a%2fc"></iframe><!-- path-percent-encoded-slash-relative -->
<iframe src="http://a:b@c:29/d"></iframe><!-- userinfo-host-port-path -->
<iframe src="gopher:example.com/"></iframe><!-- scheme-gopher-no-slash -->
<iframe src="madeupscheme:/example.com/"></iframe><!-- scheme-private-single-slash -->
<iframe src="mailto:example.com/"></iframe><!-- scheme-mailto-no-slash -->
<iframe src="http://%25DOMAIN:foobar@foodomain.com"></iframe><!-- userinfo-username-contains-percent-encoded -->
<iframe src="/:23"></iframe><!-- path-slash-colon-number-relative -->
<iframe src="foo://///////bar.com/"></iframe><!-- scheme-private-path-leading-slashes-chars -->
<iframe src="http://[2001::1]:80"></iframe><!-- host-ipv6-port -->
<iframe src="data:text/plain,foo"></iframe><!-- scheme-data-no-slash -->
<iframe src="http://example.com/foo/%2e"></iframe><!-- path-percent-encoded-dot -->
<iframe src="file:/example.com/"></iframe><!-- scheme-file-single-slash -->
<iframe src="http://example.com/©zbar"></iframe><!-- path-non-ascii -->
<iframe src="http://example.com//foo"></iframe><!-- path-uFEFF -->
<iframe src="wss:/example.com/"></iframe><!-- scheme-wss-single-slash -->
<iframe src="http://foo/abcd#foo?bar"></iframe><!-- fragment-contains-question-mark -->
<iframe src=":#"></iframe><!-- path-leading-colon-hash-relative -->
<iframe src="http://example.com/foo%91"></iframe><!-- path-percent-encoded-u0091 -->
<iframe src="c:/foo"></iframe><!-- scheme-private-single-letter -->
<iframe src=":foo.com"></iframe><!-- path-leading-colon-chars-relative -->
<iframe src="http://你好你好"></iframe><!-- host-idn-unicode-han -->
<iframe src="http://example.com/foo#💩"></iframe><!-- fragment-contains-pile-of-poo -->
<iframe src="file:"></iframe><!-- scheme-file-scheme-only -->
<iframe src="#β"></iframe><!-- fragment-non-ascii-relative -->
<iframe src="foo:/bar.com/"></iframe><!-- scheme-private-path -->
<iframe src="http://f:0/c"></iframe><!-- port-0 -->
<iframe src="#;?"></iframe><!-- fragment-semicolon-question-mark-relative -->
<iframe src="http://Go.com"></iframe><!-- host-fullwidth -->
<iframe src="http://@www.example.com"></iframe><!-- userinfo-empty -->
<iframe src="http://example.com//foo//bar"></iframe><!-- path-u202E-u202D -->
<iframe src="http://[2001::1]"></iframe><!-- host-ipv6 -->
<iframe src="💩http://foo"></iframe><!-- path-starts-with-pile-of-poo -->
<iframe src="http://foo/abcd?efgh?ijkl"></iframe><!-- query-contains-question-mark -->
<iframe src="//foo/bar"></iframe><!-- scheme-schemeless-relative -->
<iframe src="ftps:/example.com/"></iframe><!-- scheme-ftps-single-slash -->
<iframe src="http://foo.com:b@d/"></iframe><!-- userinfo-username-non-alpha -->
<iframe src=":a"></iframe><!-- path-leading-colon-letter-relative -->
<iframe src="/"></iframe><!-- path-slash-only-relative -->
<iframe src="http://example.com/foo?💩"></iframe><!-- query-contains-pile-of-poo -->
<iframe src="http://f:00000000000000000000080/c"></iframe><!-- port-00000000000000000000080 -->
<iframe src="file://"></iframe><!-- scheme-file-slash-slash-only -->
|