-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathindex.html
64 lines (57 loc) · 1.66 KB
/
index.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>jQuery escapeHtml Plugin testing Page</title>
<script type="text/javascript" src="http://code.jquery.com/jquery-latest.min.js"></script>
<script type="text/javascript">
/* Start */
(function($) {
$.fn.escapeHtml = function() {
var ua = navigator.userAgent;
var re = new RegExp("MSIE ([0-9]{1,}[\.0-9]{0,})");
var e = document.createElement("div"),
s = '';
$(e).text($(this).val() || $(this).html() || $(this).text());
s = $(e).text();
if (re.exec(ua) != null) {
$(e).remove();
} else {
e.remove();
}
return s.replace(/<\/?([a-z][a-z0-9]*)\b[^>]*>?/gi, '');
};
})(jQuery);
/* End */
/**
* using escapeHtml to clean xss data
* @return {[type]} [description]
*/
$(function () {
$('#run-xssSafe').click(function () {
var s = $('#xssSafe').escapeHtml();
$('#output-xssSafe').html(s);
});
});
/**
* without escapeHtml getting xss data
* @return {[type]} [description]
*/
$(function () {
$('#run-noXssSafe').click(function () {
var s = $('#noXssSafe').val();
$('#output-noXssSafe').html(s);
});
});
</script>
</head>
<body>
<input type="text" name="xssSafe" id="xssSafe" value='<script>document.body.style.backgroundColor="red"; </script>' />
<span id="output-xssSafe"></span>
<button id="run-xssSafe">Kill the XSS Data :)</button>
<br><br><br>
<input type="text" name="noXssSafe" id="noXssSafe" value='<script>document.body.style.backgroundColor="red"; </script>' />
<span id="output-noXssSafe"></span>
<button id="run-noXssSafe">XSS Killed me :(</button>
</body>
</html>