Fix XSS htmls

2025-09-24 17:59:39 +02:00 · 2022-09-05 00:57:34 +05:30
parent 91478caf5b
commit 41dec4d159
18 changed files with 544 additions and 437 deletions
--- a/cypress/platform/xss14.html
+++ b/cypress/platform/xss14.html
@@ -1,20 +1,25 @@
 <html>
  <head>
+    <link href="https://fonts.googleapis.com/css?family=Montserrat&display=swap" rel="stylesheet" />
+    <link href="https://unpkg.com/tailwindcss@^1.0/dist/tailwind.min.css" rel="stylesheet" />
    <link
-      href="https://fonts.googleapis.com/css?family=Montserrat&display=swap"
+      rel="stylesheet"
+      href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css"
+    />
+    <link
+      href="https://fonts.googleapis.com/css?family=Noto+Sans+SC&display=swap"
      rel="stylesheet"
    />
-    <link href="https://unpkg.com/tailwindcss@^1.0/dist/tailwind.min.css" rel="stylesheet">
-    <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css">
-    <link href="https://fonts.googleapis.com/css?family=Noto+Sans+SC&display=swap" rel="stylesheet">
    <style>
      body {
        /* background: rgb(221, 208, 208); */
        /* background:#333; */
        font-family: 'Arial';
        /* font-size: 18px !important; */
-        }
-      h1 { color: grey;}
+      }
+      h1 {
+        color: grey;
+      }
      .mermaid2 {
        display: none;
      }
@@ -23,9 +28,9 @@
      }
      .malware {
        position: fixed;
-        bottom:0;
-        left:0;
-        right:0;
+        bottom: 0;
+        left: 0;
+        right: 0;
        height: 150px;
        background: red;
        color: black;
@@ -43,7 +48,8 @@
    <div class="flex">
      <div id="diagram" class="mermaid"></div>
      <div id="res" class=""></div>
-  <script src="./mermaid.js"></script>
+    </div>
+    <script src="./mermaid.js"></script>
    <script>
      mermaid.parseError = function (err, hash) {
        // console.error('Mermaid error: ', err);
@@ -59,8 +65,8 @@
        flowchart: {
          // defaultRenderer: 'dagre-wrapper',
          nodeSpacing: 10,
-    curve: 'cardinal',
-    htmlLabels: true,
+          curve: 'cardinal',
+          htmlLabels: true,
        },
        htmlLabels: true,
        // gantt: { axisFormat: '%m/%d/%Y' },
@@ -76,8 +82,8 @@
        // themeVariables: {relationLabelColor: 'red'}
      });
      function callback() {
-  alert('It worked');
-}
+        alert('It worked');
+      }
      function xssAttack() {
        const div = document.createElement('div');
        div.id = 'the-malware';
@@ -88,20 +94,20 @@
      }

      var diagram = 'classDiagram\n';
-diagram += 'classA <-- classB : <ifr';
-diagram += "ame/srcdoc='<scr";
-diagram += 'ipt>parent.xssAttack(`XSS`)</';
-diagram += "script>'>";
+      diagram += 'classA <-- classB : <ifr';
+      diagram += "ame/srcdoc='<scr";
+      diagram += 'ipt>parent.xssAttack(`XSS`)</';
+      diagram += "script>'>";

-//   var diagram = "stateDiagram-v2\n";
-//  diagram += "<img/src='1'/onerror"
-//  diagram += "=xssAttack()> --> B";
-console.log(diagram);
-// document.querySelector('#diagram').innerHTML = diagram;
-mermaid.render('diagram', diagram, (res) => {
-  console.log(res);
-  document.querySelector('#res').innerHTML = res;
-});
+      //   var diagram = "stateDiagram-v2\n";
+      //  diagram += "<img/src='1'/onerror"
+      //  diagram += "=xssAttack()> --> B";
+      console.log(diagram);
+      // document.querySelector('#diagram').innerHTML = diagram;
+      mermaid.render('diagram', diagram, (res) => {
+        console.log(res);
+        document.querySelector('#res').innerHTML = res;
+      });
    </script>
  </body>
 </html>