From cf6bfc9d6d9f0d0279ff7660e0095b21b7df8c86 Mon Sep 17 00:00:00 2001 From: Vytautas Saltenis Date: Fri, 19 Sep 2014 20:30:00 +0300 Subject: [PATCH] Rip off all blackfriday's html sanitization effort As per discussion in issue #90. --- html.go | 1 - inline_test.go | 9 +-- markdown.go | 6 -- sanitize.go | 154 ------------------------------------ sanitize_test.go | 199 ----------------------------------------------- 5 files changed, 3 insertions(+), 366 deletions(-) delete mode 100644 sanitize.go delete mode 100644 sanitize_test.go diff --git a/html.go b/html.go index 666c9e2..3d20866 100644 --- a/html.go +++ b/html.go @@ -29,7 +29,6 @@ const ( HTML_SKIP_STYLE // skip embedded \n", - "

zz <style>p {}</style>

\n", - - "zz \n", - "

zz <style>p {}</style>

\n", - - "\n", - "

<script>alert()</script>

\n", - - "zz \n", - "

zz <script>alert()</script>

\n", - - "zz \n", - "

zz <script>alert()</script>

\n", - - " \n", - "

<script>alert()</script>

\n", - - "\n", - "<script>alert()</script>\n", - - "\n", - "<script src='foo'></script>\n", - - "\n", - "<script src='a>b'></script>\n", - - "zz \n", - "

zz <script src='foo'></script>

\n", - - "zz \n", - "

zz <script src=foo></script>

\n", - - ``, - "<script><script src="http://example.com/exploit.js"></script></script>\n", - - `'';!--"=&{()}`, - "

'';!--"<xss>=&{()}

\n", - - "", - "

<script SRC=http://ha.ckers.org/xss.js></script>

\n", - - "", - "

<script \nSRC=http://ha.ckers.org/xss.js></script>

\n", - - ``, - "

\n", - - "", - "

\n", - - "", - "

\n", - - "", - "

\n", - - `xss link`, - "

xss link

\n", - - "xss link", - "

xss link

\n", - - `">`, - "

<script>alert("XSS")</script>">

\n", - - "", - "

\n", - - ``, - "

\n", - - ``, - "

\n", - - ``, - "

\n", - - "", - "

\n", - - "", - "

\n", - - "", - "

\n", - - ``, - "

\n", - - ``, - "

\n", - - ``, - "

\n", - - ``, - "

\n", - - ``, - "

\n", - - ``, - "

<script/XSS SRC="http://ha.ckers.org/xss.js"></script>

\n", - - "", - "

<body onload!#$%&()*~+-_.,:;?@[/|\\]^`=alert("XSS")>

\n", - - ``, - "

<script/SRC="http://ha.ckers.org/xss.js"></script>

\n", - - `<`, - "

<<script>alert("XSS");//<</script>

\n", - - "