HTMLPurifier XSS Attacks Smoketest

XSS attacks are from http://ha.ckers.org/xss.html.

The last segment of tests regarding blacklisted websites is not applicable at the moment, but when we add that functionality they'll be relevant.

Requires PHP 5.

'); set_include_path('../library' . PATH_SEPARATOR . get_include_path()); require_once 'HTMLPurifier.php'; $xml = simplexml_load_file('xssAttacks.xml'); $purifier = new HTMLPurifier(); ?>

attack as $attack) { $code = $attack->code; // custom code for US-ASCII, which couldn't be expressed in XML without encoding if ($attack->name == 'US-ASCII encoding') $code = urldecode($code); ?> purify($code); ?>

Name	Raw	Output	Render
name); ?>	<?php echo htmlspecialchars($code); ?>	<?php echo htmlspecialchars($pure_html); ?>