aboutsummaryrefslogtreecommitdiffstats
path: root/tests/safe_mode/unsafe_urls.txt
diff options
context:
space:
mode:
Diffstat (limited to 'tests/safe_mode/unsafe_urls.txt')
-rw-r--r--tests/safe_mode/unsafe_urls.txt27
1 files changed, 27 insertions, 0 deletions
diff --git a/tests/safe_mode/unsafe_urls.txt b/tests/safe_mode/unsafe_urls.txt
new file mode 100644
index 0000000..7bfd81d
--- /dev/null
+++ b/tests/safe_mode/unsafe_urls.txt
@@ -0,0 +1,27 @@
+These links should be unsafe and not allowed in safe_mode
+
+[link](javascript:alert%28'Hello%20world!'%29)
+[link](vbscript:msgbox%28%22Hello%20world!%22%29)
+[link](livescript:alert%28'Hello%20world!'%29)
+[link](mocha:[code])
+[link](jAvAsCrIpT:alert%28'Hello%20world!'%29)
+[link](ja vas cr ipt:alert%28'Hello%20world!'%29)
+[link](ja vas cr ipt:alert%28'Hello%20world!'%29)
+[link](ja vas cr ipt:alert%28'Hello%20world!'%29)
+[link](ja%09 %0Avas cr
ipt:alert%28'Hello%20world!'%29)
+[link](ja%20vas%20cr%20ipt:alert%28'Hello%20world!'%29)
+[link](live%20script:alert%28'Hello%20world!'%29)
+
+![img](javascript:alert%29'XSS'%29)
+[ref][]
+![imgref][]
+
+[ref]: javascript:alert%29'XSS'%29
+[imgref]: javascript:alert%29'XSS'%29
+
+These should work regardless:
+
+[relative](relative/url.html)
+[email](mailto:foo@bar.com)
+[news scheme](news:some.news.group.com)
+[http link](http://example.com)
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-23 11:09:10 +0000