SAVING_MESSAGE
Hack me
The aim of this page is to test the robustness of our HTML sanitization procedure; we filter and allow a limited set of HTML tags, those listed
here
. You win if you manage to show a JavaScript alert on this page: you can write any contents whatever in the text area to test the procedure. Good luck!
The sources of the sanitization procedure are in Java and are available
here
under MIT license (i.e. completely free, just keep the attribution). There is also a
blog post
by Roberto Bicchierai (the main author of the code) detailing the ideas behind this sanitizer.
There is also a C# porting available
here
written by Beyers Cronje under the same license.
Write your test here.
test
Your input sanitized:
C'mon.... try harder!
sanitizer
html output
source
.html
Write your test here.
Write your test here.
.text
Write your test here.
Write your test here.
.val
It is not SAFE to print "sanitizer.val"
Write your test here.
N.B. Note that if your script simply gets printed, you are not winning. For
suggestion write us
.
