blob: 7bfd81dc3ab225f91a8a95e7d25fa417a8db8e72 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
|
These links should be unsafe and not allowed in safe_mode
[link](javascript:alert%28'Hello%20world!'%29)
[link](vbscript:msgbox%28%22Hello%20world!%22%29)
[link](livescript:alert%28'Hello%20world!'%29)
[link](mocha:[code])
[link](jAvAsCrIpT:alert%28'Hello%20world!'%29)
[link](ja vas cr ipt:alert%28'Hello%20world!'%29)
[link](ja vas cr ipt:alert%28'Hello%20world!'%29)
[link](ja vas cr ipt:alert%28'Hello%20world!'%29)
[link](ja%09 %0Avas cr
ipt:alert%28'Hello%20world!'%29)
[link](ja%20vas%20cr%20ipt:alert%28'Hello%20world!'%29)
[link](live%20script:alert%28'Hello%20world!'%29)
[ref][]
![imgref][]
[ref]: javascript:alert%29'XSS'%29
[imgref]: javascript:alert%29'XSS'%29
These should work regardless:
[relative](relative/url.html)
[email](mailto:foo@bar.com)
[news scheme](news:some.news.group.com)
[http link](http://example.com)
|
