'; ?> HTML Purifier Variable Width Attack Smoketest

HTML Purifier Variable Width Attack Smoketest

For more information, see Cheng Peng Su's original advisory. This particular exploit code appears only to work in Internet Explorer, if it works at all.

Test

A"'; // in our out the attribute? ;-) $html .= "onerror=alert('$i')>O"; $pure_html = $purifier->purify($html); ?>
ASCIIRawOutputRender

Analysis

By making sure that UTF-8 is well formed and non-SGML codepoints are removed, as well as escaping quotes outside of tags, this is a non-threat.