org.eclipse.ua.tests/data/help/jsp/xssremote.html - platform/eclipse.platform.ua - Git at Google

 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">

 <html>
 <head>
 	<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
 	<title>XSS bugs</title>
 	<script type="text/javascript" src="server.js"></script>
 	<script type="text/javascript">
 	    function loadhandler() {
             showHelpPath();
             patchAnchors();
         }

 	</script>
 </head>

 <body onload = "loadhandler()">
 <h1>Other JSP bugs</h1>

 <h3 id="path"></h3>

 This bug can be tested on an infocenter or in Workbench mode.
 <br>
 Click on each of the links in turn, if any cause a message dialog or new window or tab to open that is a symptom of an xss bug.
 If you see an warning in the browser that it has modified the site to prevent cross site scripting
 that is also a problem.
 <br>
 <a href = "../../../../../advanced/search.jsp?searchWord=&maxHits=500&workingSet=All%20topics%27/%3E%3Cscript%3Ealert%2842752%29%3C/script%3E" >
 Link X1</a>
 <br>
 <a href = "../../../../../advanced/search.jsp?searchWord=%3E%22%27%3E%3Cscript%3Ealert%283854%29%3C/script%3E&maxHits=%3E%22%27%3E%3Cscript%3Ealert%283854%29%3C/script%3E&workingSet=%3E%22%27%3E%3Cscript%3Ealert%283854%29%3C/script%3E" >
 Link X2</a>
 <br>
 <a href = "../../../../../advanced/workingSet.jsp?operation=add%22/%3E%27;%3C/script%3E%3Cscript%3Ealert%2853827%29%3C/script%3E&workingSet=" >
 Link X3</a>
 <br>
 <a href = "../../../../../basic/searchView.jsp?searchWord=%27/%3E%3Cscript%3Ealert%2851887%29%3C/script%3E&maxHits=500&scopedSearch=true" >
 Link X4</a>
 <br>
 <a href = "../../../../../basic/searchView.jsp?searchWord=%3E%22%27%3E%3Cscript%3Ealert%2850929%29%3C/script%3E&maxHits=%3E%22%27%3E%3Cscript%3Ealert%2850929%29%3C/script%3E&scopedSearch=%3E%22%27%3E%3Cscript%3Ealert%2850929%29%3C/script%3E" >
 Link X5</a>
 <br>
 <a href = "../../../../../advanced/search.jsp?searchWord=&maxHits=500&workingSet=<script>window.open('http://www.eclipse.org/')</script>" >
 Link X6</a>
 <br>
 <a href = "../../../../../index.jsp?'onload='alert(0)">
 Link X7</a>

 </body>
 </html>
	<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">

	<html>
	<head>
	<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
	<title>XSS bugs</title>
	<script type="text/javascript" src="server.js"></script>
	<script type="text/javascript">
	function loadhandler() {
	showHelpPath();
	patchAnchors();
	}

	</script>
	</head>

	<body onload = "loadhandler()">
	<h1>Other JSP bugs</h1>

	<h3 id="path"></h3>

	This bug can be tested on an infocenter or in Workbench mode.
	<br>
	Click on each of the links in turn, if any cause a message dialog or new window or tab to open that is a symptom of an xss bug.
	If you see an warning in the browser that it has modified the site to prevent cross site scripting
	that is also a problem.
	<br>
	<a href = "../../../../../advanced/search.jsp?searchWord=&maxHits=500&workingSet=All%20topics%27/%3E%3Cscript%3Ealert%2842752%29%3C/script%3E" >
	Link X1</a>
	<br>
	<a href = "../../../../../advanced/search.jsp?searchWord=%3E%22%27%3E%3Cscript%3Ealert%283854%29%3C/script%3E&maxHits=%3E%22%27%3E%3Cscript%3Ealert%283854%29%3C/script%3E&workingSet=%3E%22%27%3E%3Cscript%3Ealert%283854%29%3C/script%3E" >
	Link X2</a>
	<br>
	<a href = "../../../../../advanced/workingSet.jsp?operation=add%22/%3E%27;%3C/script%3E%3Cscript%3Ealert%2853827%29%3C/script%3E&workingSet=" >
	Link X3</a>
	<br>
	<a href = "../../../../../basic/searchView.jsp?searchWord=%27/%3E%3Cscript%3Ealert%2851887%29%3C/script%3E&maxHits=500&scopedSearch=true" >
	Link X4</a>
	<br>
	<a href = "../../../../../basic/searchView.jsp?searchWord=%3E%22%27%3E%3Cscript%3Ealert%2850929%29%3C/script%3E&maxHits=%3E%22%27%3E%3Cscript%3Ealert%2850929%29%3C/script%3E&scopedSearch=%3E%22%27%3E%3Cscript%3Ealert%2850929%29%3C/script%3E" >
	Link X5</a>
	<br>
	<a href = "../../../../../advanced/search.jsp?searchWord=&maxHits=500&workingSet=<script>window.open('http://www.eclipse.org/')</script>" >
	Link X6</a>
	<br>
	<a href = "../../../../../index.jsp?'onload='alert(0)">
	Link X7</a>

	</body>
	</html>