blob: 7eea906197bf022def191dcffcb63499a2441157 (
about) (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
|
<?xml version="1.0" encoding="UTF-8"?>
<!--
SPDX-License-Identifier: CC0-1.0
A testing XML document with various scripts that need to get blocked.
This file is part of Haketilo.
Copyright (C) 2021, 2022 Wojtek Kosior <koszko@koszko.org>
This program is free software: you can redistribute it and/or modify
it under the terms of the CC0 1.0 Universal License as published by
the Creative Commons Corporation.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
CC0 1.0 Universal License for more details.
-->
<fruits>
<!--
The following will not execute since it is not recognized as either HTML
or SVG script.
-->
<script>
window.__run = [...(window.__run || []), 'banana'];
</script>
<html:img xmlns:html="http://www.w3.org/1999/xhtml"
src="data:image/svg+xml;base64,PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciPjwvc3ZnPg=="
onload="window.__run = [...(window.__run || []), 'melon'];">
</html:img>
<!-- Will execute -->
<html:script xmlns:html="http://www.w3.org/1999/xhtml">
window.__run = [...(window.__run || []), 'grape'];
</html:script>
<!-- Will also execute -->
<vector-graphics:script xmlns:vector-graphics="http://www.w3.org/2000/svg">
window.__run = [...(window.__run || []), 'raspberry'];
</vector-graphics:script>
<apple>
<svg viewBox="0 0 10 14" xmlns="http://www.w3.org/2000/svg">
<!-- Will run when clicked -->
<circle id="idaret_circle" cx="5" cy="5" r="4"
onclick="window.__run = [...(window.__run || []), 'idaret'];" />
<!-- Will *NOT* run when clicked -->
<circle id="nowamak_circle" cx="5" cy="13" r="4"
some-unknown:onclick="window.__run = [...(window.__run || []), 'nowamak'];"
xmlns:some-unknown="https://example.org/blah/blah" />
</svg>
</apple>
<!--
In case of wrong namespace URI (or lack thereof), svg subtree will not
be recognized as SVG at all
-->
<svg>
<!-- Will neither run nor be drawn by the browser -->
<circle id="mango_circle" cx="5" cy="5" r="4"
onclick="window.__run = [...(window.__run || []), 'mango'];" />
</svg>
<svg viewBox="0 0 10" xmlns="http://www.w3.org/2000/sv">
<!-- Will neither run nor be drawn by the browser -->
<circle id="annoying_circle" cx="5" cy="5" r="4"
onclick="window.__run = [...(window.__run || []), 'orange'];" />
</svg>
</fruits>
|