Cqm (Message Wall | contribs) m (→select) |
Cqm (Message Wall | contribs) m (→select values) |
||
(4 intermediate revisions by the same user not shown) | |||
Line 152: | Line 152: | ||
|} |
|} |
||
− | == |
+ | == XSS tests == |
+ | === label html (tag) === |
||
− | This tests label sanitisation using {{t|FormCalcTests/label}} |
+ | This tests label sanitisation using {{t|FormCalcTests/label}}. |
<pre class="jcConfig"> |
<pre class="jcConfig"> |
||
template = Template:FormCalcTests/label |
template = Template:FormCalcTests/label |
||
Line 168: | Line 169: | ||
| valign="top" width="350" | <div id="fct-label2">This text will disappear if the form is loaded properly.</div> |
| valign="top" width="350" | <div id="fct-label2">This text will disappear if the form is loaded properly.</div> |
||
| valign="top" | <div id="fct-label2-res">This text will disappear if the form is submitted.</div> |
| valign="top" | <div id="fct-label2-res">This text will disappear if the form is submitted.</div> |
||
+ | |} |
||
+ | |||
+ | === select values === |
||
+ | This tests the sanitisation of option values and text in a select using {{t|FormCalcTests/select xss}}. |
||
+ | <pre class="jcConfig"> |
||
+ | template = Template:FormCalcTests/select xss |
||
+ | form = fct-select2 |
||
+ | result = fct-select2-res |
||
+ | param = select|Select (onload attribute)||select|hello" onload="alert('select XSS found');" |
||
+ | param = select2|Select (script tag)||select|<script>alert('select XSS found');</script> |
||
+ | </pre> |
||
+ | |||
+ | {| cellspacing="15" cellpadding="0" width="100%" |
||
+ | | valign="top" width="350" | <div id="fct-select2">This text will disappear if the form is loaded properly.</div> |
||
+ | | valign="top" | <div id="fct-select2-res">This text will disappear if the form is submitted.</div> |
||
|} |
|} |
Latest revision as of 07:49, 22 May 2018
- This is a page for testing MediaWiki:Common.js/calc.js.
Parameter tests
article
This tests that search suggestions are enabled on article fields using {{FormCalcTests/article}}
.
template = Template:FormCalcTests/article form = fct-article result = fct-article-res suggestns = 0 param = page|article (autocomplete)||article param = page2|string (no autocomplete)||string
This text will disappear if the form is loaded properly.
|
This text will disappear if the form is submitted.
|
number
This tests that numbers outside a specific range are recorded as errors using {{FormCalcTests/number}}
template = Template:FormCalcTests/number form = fct-number result = fct-number-res param = num|Number (out of range)|10|number|0-5.5 param = num2|Number (within range)|3|number|0-5.4
This text will disappear if the form is loaded properly.
|
This text will disappear if the form is submitted.
|
int
This tests that integers outside a specific range and decimals are recorded as errors using {{FormCalcTests/int}}
template = Template:FormCalcTests/int form = fct-int result = fct-int-res param = int|Int (out of range)|10|int|0-5 param = int2|Int (within range)|3|int|0-5 param = int3|Int (decimal)|4.2|int
This text will disappear if the form is loaded properly.
|
This text will disappear if the form is submitted.
|
select
This tests the select input with and without a default value using {{FormCalcTests/select}}
template = Template:FormCalcTests/select form = fct-select result = fct-select-res param = select|Select (a-z)|f|select|a,b,c,d,e,f,g,h,i,j,k,l,m,n,o,p,q,r,s,t,u,v,w,x,y,z param = select2|Select (a-z) (no default)||select|a,b,c,d,e,f,g,h,i,j,k,l,m,n,o,p,q,r,s,t,u,v,w,x,y,z param = select3|Select (with html entities)||select|don't,fish & chips,"quoted",what?,5 <= 6
This text will disappear if the form is loaded properly.
|
This text will disappear if the form is submitted.
|
check
This tests the checkbox input for default and custom true-false values using {{FormCalcTests/check}}
template = Template:FormCalcTests/check form = fct-check result = fct-check-res param = check|Check (true/false)||check param = check2|Check (zero/one)||check|1,0
This text will disappear if the form is loaded properly.
|
This text will disappear if the form is submitted.
|
hs
This tests the hs parameter type using {{FormCalcTests/hs}}
template = Template:FormCalcTests/hs form = fct-hs result = fct-hs-res suggestns = 0 param = hs|Player name||hs|attack,1,1;defence,2,1; param = attack|Attack level|1|int param = defence|Defence level|1|int
This text will disappear if the form is loaded properly.
|
This text will disappear if the form is submitted.
|
fixed
This tests the fixed parameter type using {{FormCalcTests/fixed}}
template = Template:FormCalcTests/fixed form = fct-fixed result = fct-fixed-res suggestns = 0 param = fixed|Fixed|fixed|fixed param = string|String|changeable|string
This text will disappear if the form is loaded properly.
|
This text will disappear if the form is submitted.
|
This tests the semihidden input and custom true-false values using {{FormCalcTests/semihidden}}
template = Template:FormCalcTests/semihidden form = fct-semihidden result = fct-semihidden-res param = semi|Semihidden (hidden)|hidden|semihidden param = string|String (shown)|shown|string
To fully test this input:
- Submit once to see the output as "hidden"
- Paste the following js into your console:
$('#fct-semihidden-fct-semihidden-res-semi').val('changed');
- Submit again and see the output as "changed
label html (div tag)
This tests label sanitisation using {{FormCalcTests/label}}
template = Template:FormCalcTests/label form = fct-label result = fct-label-res param = label|Random|A tag with href (wikitext)|fixed param = label2|<a href="javascript:alert('xss weakness');">XSS</a>|A tag with script URL (escaped)|fixed param = label3|<script>alert('xss weakness 2')</script>|Script tag (escaped)|fixed param = label4|testing?|Text with additional span tag|fixed param = label5|Font|Font tag (removed)|fixed
This text will disappear if the form is loaded properly.
|
This text will disappear if the form is submitted.
|
XSS tests
label html (tag)
This tests label sanitisation using {{FormCalcTests/label}}
.
template = Template:FormCalcTests/label form = fct-label2 result = fct-label2-res param = label|<a href="/wiki/Special:Random">Random</a>|A tag with href|fixed param = label2|<a href="javascript:alert('xss weakness');">XSS</a>|A tag with script URL|fixed param = label3|<script>alert('xss weakness 2')</script>|Script tag (removed)|fixed param = label4|testing<span title="help">?</span>|Text with additional span tag|fixed param = label5|<font>Font</font>|Font tag (removed)|fixed
This text will disappear if the form is loaded properly.
|
This text will disappear if the form is submitted.
|
select values
This tests the sanitisation of option values and text in a select using {{FormCalcTests/select xss}}
.
template = Template:FormCalcTests/select xss form = fct-select2 result = fct-select2-res param = select|Select (onload attribute)||select|hello" onload="alert('select XSS found');" param = select2|Select (script tag)||select|<script>alert('select XSS found');</script>
This text will disappear if the form is loaded properly.
|
This text will disappear if the form is submitted.
|