' . join('', $err) . ''); } echo "OK"; function essais_safehtml(){ $essais = array ( 0 => array ( 0 => '', 1 => '', ), 1 => array ( 0 => '0', 1 => '0', ), 2 => array ( 0 => 'Un texte avec des liens [Article 1->art1] [spip->https://www.spip.net] https://www.spip.net', 1 => 'Un texte avec des liens [Article 1->art1] [spip->https://www.spip.net] https://www.spip.net', ), 3 => array ( 0 => 'Un texte avec des entités &<>"', 1 => 'Un texte avec des entités &<>"', ), 4 => array ( 0 => 'Un texte avec des entit&eacute;s echap&eacute; &amp;&lt;&gt;&quot;', 1 => 'Un texte avec des entit&eacute;s echap&eacute; &amp;&lt;&gt;&quot;', ), 5 => array ( 0 => 'Un texte avec des entités numériques &<>"', 1 => 'Un texte avec des entités numériques &<>"', ), 6 => array ( 0 => 'Un texte avec des entit&#233;s num&#233;riques echap&#233;es &#38;&#60;&#62;&quot;', 1 => 'Un texte avec des entit&#233;s num&#233;riques echap&#233;es &#38;&#60;&#62;&quot;', ), 7 => array ( 0 => 'Un texte sans entites &<>"\'', 1 => 'Un texte sans entites &<>"\'', ), 8 => array ( 0 => '{{{Des raccourcis}}} {italique} {{gras}} du code', 1 => '{{{Des raccourcis}}} {italique} {{gras}} du code', ), 9 => array ( 0 => 'Un modele https://www.spip.net]>', 1 => 'Un modele https://www.spip.net]>', ), 10 => array ( 0 => 'Un texte avec des retour a la ligne et meme des paragraphes', 1 => 'Un texte avec des retour a la ligne et meme des paragraphes', ), 11 => array ( 0 => '\';alert(String.fromCharCode(88,83,83))//\\\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//\\";alert(String.fromCharCode(88,83,83))//-->">\'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>=&{}', 1 => '\';alert(String.fromCharCode(88,83,83))//\\\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//\\";alert(String.fromCharCode(88,83,83))//-->">\'>=&{}', ), 12 => array ( 0 => '\'\';!--"=&{()}', 1 => '\'\';!--"=&{()}', ), 13 => array ( 0 => '<SCRIPT>alert(\'XSS\')</SCRIPT>', 1 => '', ), 14 => array ( 0 => '<SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT>', 1 => '', ), 15 => array ( 0 => '<SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>', 1 => '', ), 16 => array ( 0 => '<base HREF="javascript:alert(\'XSS\');//">', 1 => '', ), 17 => array ( 0 => '<BGSOUND SRC="javascript:alert(\'XSS\');">', 1 => '', ), 18 => array ( 0 => '<BODY BACKGROUND="javascript:alert(\'XSS\');">', 1 => '', ), 19 => array ( 0 => '<BODY ONLOAD=alert(\'XSS\')>', 1 => '', ), 20 => array ( 0 => '
', 1 => '
', ), 21 => array ( 0 => '
', 1 => '
', ), 22 => array ( 0 => '
', 1 => '
', ), 23 => array ( 0 => '', 1 => '', ), 24 => array ( 0 => '<IFRAME SRC="javascript:alert(\'XSS\');"></IFRAME>', 1 => '', ), 25 => array ( 0 => '', 1 => '', ), 26 => array ( 0 => '<IMG SRC="javascript:alert(\'XSS\');">', 1 => '', ), 27 => array ( 0 => '<IMG SRC=javascript:alert(\'XSS\')>', 1 => '', ), 28 => array ( 0 => '<IMG DYNSRC="javascript:alert(\'XSS\');">', 1 => '', ), 29 => array ( 0 => '<IMG LOWSRC="javascript:alert(\'XSS\');">', 1 => '', ), 30 => array ( 0 => '', 1 => '', ), 31 => array ( 0 => 'exp/*', 1 => 'exp/*', ), 32 => array ( 0 => '
  • XSS
', 1 => '
  • XSS', ), 33 => array ( 0 => '<IMG SRC=\'vbscript:msgbox("XSS")\'>', 1 => '', ), 34 => array ( 0 => '', 1 => '', ), 35 => array ( 0 => '<IMG SRC="livescript:[code]">', 1 => '', ), 36 => array ( 0 => '¼script¾alert(¢XSS¢)¼/script¾', 1 => '¼script¾alert(¢XSS¢)¼/script¾', ), 37 => array ( 0 => '<META HTTP-EQUIV="refresh" CONTENT="0;url=javascript:alert(\'XSS\');">', 1 => '', ), 38 => array ( 0 => '<META HTTP-EQUIV="refresh" CONTENT="0;url=data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K">', 1 => '', ), 39 => array ( 0 => '<META HTTP-EQUIV="refresh" CONTENT="0; URL=http://;URL=javascript:alert(\'XSS\');">', 1 => '', ), 40 => array ( 0 => '', 1 => '', ), 41 => array ( 0 => '', 1 => '', ), 42 => array ( 0 => '<OBJECT classid=clsid:ae24fdae-03c6-11d1-8b76-0080c744f389><param name=url value=javascript:alert(\'XSS\')></OBJECT>', 1 => '', ), 43 => array ( 0 => '', 1 => '', ), 44 => array ( 0 => '', 1 => '', ), 45 => array ( 0 => '', 1 => '', ), 46 => array ( 0 => '', 1 => '', ), 47 => array ( 0 => '', 1 => '', ), 48 => array ( 0 => '', 1 => '', ), 49 => array ( 0 => '', 1 => '', ), 50 => array ( 0 => '', 1 => '', ), 51 => array ( 0 => '', 1 => '', ), 52 => array ( 0 => '', 1 => '', ), 53 => array ( 0 => '', 1 => '', ), 54 => array ( 0 => '
    ', 1 => '
    ', ), 55 => array ( 0 => '
    ', 1 => '
    ', ), 56 => array ( 0 => ' <?import namespace="xss" implementation="http://ha.ckers.org/xss.htc"> XSS ', 1 => ' XSS ', ), 57 => array ( 0 => '', 1 => ']]> ', ), 58 => array ( 0 => ' ', 1 => ' ', ), 59 => array ( 0 => ' ', 1 => ' ', ), 60 => array ( 0 => ' <?xml:namespace prefix="t" ns="urn:schemas-microsoft-com:time"> <?import namespace="t" implementation="#default#time2"> <SCRIPT DEFER>alert(\'XSS\')</SCRIPT>"> ', 1 => ' ', ), 61 => array ( 0 => '', 1 => '', ), 62 => array ( 0 => '<SCRIPT>alert(\'XSS\')</SCRIPT>">', 1 => '', ), 63 => array ( 0 => '', 1 => '', ), 64 => array ( 0 => '<SCRIPT SRC="http://ha.ckers.org/xss.jpg"></SCRIPT>', 1 => '', ), 65 => array ( 0 => '', 1 => '', ), 66 => array ( 0 => '<? echo(\'alert("XSS")\'); ?>', 1 => 'alert("XSS")\'); ?>', ), 67 => array ( 0 => '
    ', 1 => '
    ', ), 68 => array ( 0 => '< %3C < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < \\x3c \\x3C \\u003c \\u003C', 1 => '< %3C < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < \\x3c \\x3C \\u003c \\u003C', ), 69 => array ( 0 => '<IMG SRC=JaVaScRiPt:alert(\'XSS\')>', 1 => '', ), 70 => array ( 0 => '<IMG SRC=javascript:alert(&quot;XSS&quot;)>', 1 => '', ), 71 => array ( 0 => '<IMG SRC=`javascript:alert("RSnake says, \'XSS\'")`>', 1 => '', ), 72 => array ( 0 => '<IMG SRC=javascript:alert(String.fromCharCode(88,83,83))>', 1 => '', ), 73 => array ( 0 => '', 1 => '', ), 74 => array ( 0 => '', 1 => '', ), 75 => array ( 0 => '
    ', 1 => '
    ', ), 76 => array ( 0 => '', 1 => '', ), 77 => array ( 0 => ' ', 1 => ' +ADw-SCRIPT+AD4-alert(\'XSS\');+ADw-/SCRIPT+AD4-', ), 78 => array ( 0 => '\\";alert(\'XSS\');//', 1 => '\\";alert(\'XSS\');//', ), 79 => array ( 0 => '<SCRIPT>alert("XSS");</SCRIPT>', 1 => '', ), 80 => array ( 0 => '', 1 => '', ), 81 => array ( 0 => '<IMG SRC="jav ascript:alert(\'XSS\');">', 1 => '', ), 82 => array ( 0 => '<IMG SRC="jav&#x09;ascript:alert(\'XSS\');">', 1 => '', ), 83 => array ( 0 => '<IMG SRC="jav&#x0A;ascript:alert(\'XSS\');">', 1 => '', ), 84 => array ( 0 => '<IMG SRC="jav&#x0D;ascript:alert(\'XSS\');">', 1 => '', ), 85 => array ( 0 => ' ', 1 => ' ', ), 86 => array ( 0 => '<IMG SRC=java' . "\0" . 'script:alert("XSS")>', 1 => '', ), 87 => array ( 0 => '&alert("XSS")', 1 => '&alert("XSS")', ), 88 => array ( 0 => '<IMG SRC=" &#14; javascript:alert(\'XSS\');">', 1 => '', ), 89 => array ( 0 => '<SCRIPT/XSS SRC="http://ha.ckers.org/xss.js"></SCRIPT>', 1 => '', ), 90 => array ( 0 => '|\\]^`=alert("XSS")>', 1 => '', ), 91 => array ( 0 => '<SCRIPT SRC=http://ha.ckers.org/xss.js', 1 => '', ), 96 => array ( 0 => '<SCRIPT>alert("XSS")</SCRIPT>">', 1 => '">', ), 97 => array ( 0 => '<SCRIPT>a=/XSS/
    alert(a.source)</SCRIPT>    ', 1 => '', ), 98 => array ( 0 => '<SCRIPT a=">" SRC="http://ha.ckers.org/xss.js"></SCRIPT>', 1 => '', ), 99 => array ( 0 => '<SCRIPT ="blah" SRC="http://ha.ckers.org/xss.js"></SCRIPT>', 1 => '', ), 100 => array ( 0 => '<SCRIPT a="blah" \'\' SRC="http://ha.ckers.org/xss.js"></SCRIPT>', 1 => '', ), 101 => array ( 0 => '<SCRIPT "a=\'>\'" SRC="http://ha.ckers.org/xss.js"></SCRIPT>', 1 => '', ), 102 => array ( 0 => '<SCRIPT a=`>` SRC="http://ha.ckers.org/xss.js"></SCRIPT>', 1 => '', ), 103 => array ( 0 => '<SCRIPT>document.write("<SCRI");</SCRIPT>PT SRC="http://ha.ckers.org/xss.js">', 1 => 'PT SRC="http://ha.ckers.org/xss.js">', ), 104 => array ( 0 => '<SCRIPT a=">\'>" SRC="http://ha.ckers.org/xss.js"></SCRIPT>', 1 => '', ), 105 => array ( 0 => 'XSS', 1 => 'XSS', ), 106 => array ( 0 => 'XSS', 1 => 'XSS', ), 107 => array ( 0 => 'XSS', 1 => 'XSS', ), 108 => array ( 0 => 'XSS', 1 => 'XSS', ), 109 => array ( 0 => 'XSS', 1 => 'XSS', ), 110 => array ( 0 => 'XSS', 1 => 'XSS', ), 111 => array ( 0 => 'XSS', 1 => 'XSS', ), 112 => array ( 0 => 'XSS', 1 => 'XSS', ), 113 => array ( 0 => 'XSS', 1 => 'XSS', ), 114 => array ( 0 => 'XSS', 1 => 'XSS', ), 115 => array ( 0 => 'XSS', 1 => 'XSS', ), 116 => array ( 0 => 'XSS', 1 => 'XSS', ), 117 => array ( 0 => 'XSS', 1 => 'XSS', ), 118 => array ( 0 => 'XSS', 1 => 'XSS', ), 119 => array ( 0 => '', 1 => '', ), ); return $essais; }