File: unsafe_urls.txt

package info (click to toggle)
python-markdown 2.5.1-2
  • links: PTS, VCS
  • area: main
  • in suites: jessie, jessie-kfreebsd
  • size: 2,804 kB
  • ctags: 839
  • sloc: python: 4,668; makefile: 54; sh: 12
file content (27 lines) | stat: -rw-r--r-- 933 bytes parent folder | download | duplicates (3) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
 
These links should be unsafe and not allowed in safe_mode

[link](javascript:alert%28'Hello%20world!'%29)
[link](vbscript:msgbox%28%22Hello%20world!%22%29)
[link](livescript:alert%28'Hello%20world!'%29)
[link](mocha:[code])
[link](jAvAsCrIpT:alert%28'Hello%20world!'%29)
[link](ja vas cr ipt:alert%28'Hello%20world!'%29)
[link](ja vas cr ipt:alert%28'Hello%20world!'%29)
[link](ja vas cr ipt:alert%28'Hello%20world!'%29)
[link](ja%09 %0Avas cr
ipt:alert%28'Hello%20world!'%29)
[link](ja%20vas%20cr%20ipt:alert%28'Hello%20world!'%29)
[link](live%20script:alert%28'Hello%20world!'%29)

![img](javascript:alert%29'XSS'%29)
[ref][]
![imgref][]

[ref]: javascript:alert%29'XSS'%29
[imgref]: javascript:alert%29'XSS'%29

These should work regardless:

[relative](relative/url.html)
[email](mailto:foo@bar.com)
[news scheme](news:some.news.group.com)
[http link](http://example.com)